It's all about the answers!

Ask a question

LDAP Password Authentication And Tomcat User Management


Timo Wolf (61165) | asked Nov 03 '08, 10:55 a.m.
Hi All,

We have a fairly large amount of user in our active directory, so that I do not want to import all users into Jazz.

I want to manage the users manually as in the default configuration and just authenticate the passwords against an LDAP / Active Directory.

Is that possible?

Thanks,

Timo

4 answers



permanent link
Balaji Krish (1.8k12) | answered Nov 03 '08, 11:22 a.m.
JAZZ DEVELOPER
You can disable the "LDAP nightly sync" functionality using "Enable LDAP nightly sync" property using https://serverName:9443/jazz/admin#action=com.ibm.team.repository.admin.configureAdvanced

To create individual users, you can either
-> import individual users from Active directory or
-> create a new user in Jazz database with matching user id (user id must match the record in Active directory)

---- Balaji
Jazz Server Team

Hi All,

We have a fairly large amount of user in our active directory, so that I do not want to import all users into Jazz.

I want to manage the users manually as in the default configuration and just authenticate the passwords against an LDAP / Active Directory.

Is that possible?

Thanks,

Timo

permanent link
Timo Wolf (61165) | answered Nov 07 '08, 8:45 a.m.
Thanks so far, but I think my problem is not solved.

We cannot change any entries in the Active Directory and thus, I cannot map any RTC groups to LDAP groups.

I need a mix between local user management and LDAP authentication. For those users that are created manually and from which the username map to a username in the LDAP directory, I want to authenticate their passwords against the LDAP directory.

Other users, especially the conceptual users like build users are not existent in LDAP and their passwords should be stored in the local tomcat-users.xml file.

The goal is - for the real users / persons - to manage and reuse their passwords in one place, the LDAP directory.

Is such a setup possible, and how do I configure it?

Thanks a lot,

Timo

You can disable the "LDAP nightly sync" functionality using "Enable LDAP nightly sync" property using https://serverName:9443/jazz/admin#action=com.ibm.team.repository.admin.configureAdvanced

To create individual users, you can either
-> import individual users from Active directory or
-> create a new user in Jazz database with matching user id (user id must match the record in Active directory)

---- Balaji
Jazz Server Team

Hi All,

We have a fairly large amount of user in our active directory, so that I do not want to import all users into Jazz.

I want to manage the users manually as in the default configuration and just authenticate the passwords against an LDAP / Active Directory.

Is that possible?

Thanks,

Timo

permanent link
Balaji Krish (1.8k12) | answered Nov 10 '08, 8:27 a.m.
JAZZ DEVELOPER
we don't currently support this feature. You have to either use active directory or Tomcat User database.

We are looking at a possibility of introducing a front-end LDAP server for the 2.0 release. Using this mechanism, user authentication is done via corporate LDAP, but the front end LDAP server is responsible for maintaining groups, adding functional users etc.

--- Balaji
Jazz Server Team

Thanks so far, but I think my problem is not solved.

We cannot change any entries in the Active Directory and thus, I cannot map any RTC groups to LDAP groups.

I need a mix between local user management and LDAP authentication. For those users that are created manually and from which the username map to a username in the LDAP directory, I want to authenticate their passwords against the LDAP directory.

Other users, especially the conceptual users like build users are not existent in LDAP and their passwords should be stored in the local tomcat-users.xml file.

The goal is - for the real users / persons - to manage and reuse their passwords in one place, the LDAP directory.

Is such a setup possible, and how do I configure it?

Thanks a lot,

Timo

You can disable the "LDAP nightly sync" functionality using "Enable LDAP nightly sync" property using https://serverName:9443/jazz/admin#action=com.ibm.team.repository.admin.configureAdvanced

To create individual users, you can either
-> import individual users from Active directory or
-> create a new user in Jazz database with matching user id (user id must match the record in Active directory)

---- Balaji
Jazz Server Team

Hi All,

We have a fairly large amount of user in our active directory, so that I do not want to import all users into Jazz.

I want to manage the users manually as in the default configuration and just authenticate the passwords against an LDAP / Active Directory.

Is that possible?

Thanks,

Timo

permanent link
Don Rota (14932221) | answered Jan 30 '09, 12:23 p.m.
FORUM ADMINISTRATOR / JAZZ DEVELOPER
You don't have to import all the users.
If you're able to do groups on your server.
You can specify the ldap query in server.xml and specify
the bluegroups in the web.xml file (security roles).

I don't think you can have it both ways though. - that is
managing two sets of users - one in the repository and one
to authenticate and login over the web.

....Don...

timowolf wrote:
Hi All,

We have a fairly large amount of user in our active directory, so that
I do not want to import all users into
Jazz.

I want to manage the users manually as in the default configuration
and just authenticate the passwords against an LDAP / Active
Directory.

Is that possible?

Thanks,

Timo

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.