Login problems with LDAP
Hello, I have browsed through the questions in the forum, but I could not find an answer to my problem.
I shall try to describe it and maybe somebody can point me to the right discussion.
Very simply said we are using RTC 4.0.1 on a VmWare server which uses Windows Server 2008 R2.
The database we are using is MS SQLserver express 2008, as it should be enough for our purposes, for the time being.
We have tried to connect our server to our domain LDAP server, but we currently cannot login in RTC by using the imported users. We always get the message "Invalid User ID or password". We are not using WebSphere.
I am enclosing a portion of the teamserver.properties, in the hope it can help others understand if we are doing something seriuosly wrong. I see other people having no problems in logging in using LDAP, so we would like to do it as well.
------------------------------------------------------------------------------------------------------------------------------------
com.ibm.team.datawarehouse.auth.type=JTS
com.ibm.team.repository.ldap.membersOfGroup=member
com.ibm.team.repository.db.jdbc.location=//ceres\:1433;databaseName\=jts;user\=jtsDBuser;password\={password}
com.ibm.team.datawarehouse.auth.userId=028388bc6fd94b7db921f8187ded60d0
com.ibm.team.repository.changeEvent.expirationByCategory=SystemLog\:259200
com.ibm.team.repository.RLSTokenService.tokenLicensePath=19353@bianca
com.ibm.team.repository.ldap.baseUserDN=ou\=UserTSMT,dc\=tsmt,dc\=net
com.ibm.team.datawarehouse.db.jdbc.location=//ceres\:1433;databaseName\=dw;user\=dwDBuser;password\={password}
com.ibm.team.repository.notification.mail.smtp.server=tsmtmail.tsmt.net
com.ibm.team.fulltext.indexLocation=conf/jts/indices/workitemindex
com.ibm.team.repository.web.helpuri=/clmhelp/index.jsp
com.ibm.team.repository.diagnostic.dnsResolutionDiagnostic.externalHostname=tsmt.net
com.ibm.team.repository.db.jdbc.password=[k0Hdl4yYF5/VhPT0IKeV3w\=\=]
com.ibm.team.repository.ldap.userAttributesMapping=userId\=cn,name\=displayName,emailAddress\=mail
com.ibm.team.repository.notification.mail.from_name=jazz
com.ibm.team.repository.notification.mail.from=Jazz@tsmt.net
com.ibm.team.repository.notification.mail.enabled=false
com.ibm.team.datawarehouse.db.jdbc.password=[z30UFj2BBvaqhIZHiC9JRg\=\=]
com.ibm.team.repository.db.repoLockId=_ZD2KUDk5EeKYmfO0PQ739A
com.ibm.team.repository.user.registry.type=LDAP
com.ibm.team.repository.ws.allow.identity.assertion=false
com.ibm.team.repository.ldap.registryLocation=ldap\://tsmtdom1.tsmt.net\:389
com.ibm.team.datawarehouse.auth.password=[nVljcwAbVUnJFFJU47Aq0MYvATN3hVdYbnuMeSS9eIluZ4R66KIsDqOD47eGgist]
com.ibm.team.repository.ldap.baseGroupDN=ou\=JazzGroup,dc\=tsmt,dc\=net
com.ibm.team.repository.notification.mail.reply=fontana@tsmt.net;viano@tsmt.net;digiandomenico@tsmt.net
com.ibm.team.repository.changeEvent.expirationDefault=1209600
com.ibm.team.repository.licenseService.floatingLicenseServerURI=https\://ceres\:9443/jts/
com.ibm.team.repository.tokenProviderService=com.ibm.rational.common.token.licensing.RLSTokenService
com.ibm.team.repository.ldap.findUsersByNameQuery=displayName\=?1*
com.ibm.team.repository.ldap.registryUserName=jazz_admin@tsmt.net
com.ibm.team.repository.web.suppressedPages={"com.ibm.team.repository.web.admin"\: ["com.ibm.team.repository.provision"]}
com.ibm.team.datawarehouse.datawarehouse.jobs.enabled=true
com.ibm.team.repository.setup.completed.setup=true
com.ibm.team.repository.ldap.registryPassword=administrator
com.ibm.team.repository.server.webapp.url=https\://ceres\:9443/jts
com.ibm.team.datawarehouse.db.automatic.setup=true
com.ibm.team.repository.db.vendor=sqlserver
com.ibm.team.repository.ldap.findUsersByUserIdQuery=cn\=?1
com.ibm.team.jfs.index.root.directory=indices
com.ibm.team.datawarehouse.db.net.port=1527
com.ibm.team.repository.ws.allow.admin.access=false
com.ibm.team.repository.ldap.findUsersByAnyNameQuery=(| (displayName\=* ?1*) (displayName\=*_?1*))
com.ibm.team.datawarehouse.db.vendor=sqlserver
com.ibm.team.datawarehouse.datawarehouse.provider=Remote
com.ibm.team.datawarehouse.db.base.folder=C\:\\RTC
-------------------------------------------------------------------------------------------------------------------------
Thanks in advance for any help.
Bruno
I shall try to describe it and maybe somebody can point me to the right discussion.
Very simply said we are using RTC 4.0.1 on a VmWare server which uses Windows Server 2008 R2.
The database we are using is MS SQLserver express 2008, as it should be enough for our purposes, for the time being.
We have tried to connect our server to our domain LDAP server, but we currently cannot login in RTC by using the imported users. We always get the message "Invalid User ID or password". We are not using WebSphere.
I am enclosing a portion of the teamserver.properties, in the hope it can help others understand if we are doing something seriuosly wrong. I see other people having no problems in logging in using LDAP, so we would like to do it as well.
------------------------------------------------------------------------------------------------------------------------------------
com.ibm.team.datawarehouse.auth.type=JTS
com.ibm.team.repository.ldap.membersOfGroup=member
com.ibm.team.repository.db.jdbc.location=//ceres\:1433;databaseName\=jts;user\=jtsDBuser;password\={password}
com.ibm.team.datawarehouse.auth.userId=028388bc6fd94b7db921f8187ded60d0
com.ibm.team.repository.changeEvent.expirationByCategory=SystemLog\:259200
com.ibm.team.repository.RLSTokenService.tokenLicensePath=19353@bianca
com.ibm.team.repository.ldap.baseUserDN=ou\=UserTSMT,dc\=tsmt,dc\=net
com.ibm.team.datawarehouse.db.jdbc.location=//ceres\:1433;databaseName\=dw;user\=dwDBuser;password\={password}
com.ibm.team.repository.notification.mail.smtp.server=tsmtmail.tsmt.net
com.ibm.team.fulltext.indexLocation=conf/jts/indices/workitemindex
com.ibm.team.repository.web.helpuri=/clmhelp/index.jsp
com.ibm.team.repository.diagnostic.dnsResolutionDiagnostic.externalHostname=tsmt.net
com.ibm.team.repository.db.jdbc.password=[k0Hdl4yYF5/VhPT0IKeV3w\=\=]
com.ibm.team.repository.ldap.userAttributesMapping=userId\=cn,name\=displayName,emailAddress\=mail
com.ibm.team.repository.notification.mail.from_name=jazz
com.ibm.team.repository.notification.mail.from=Jazz@tsmt.net
com.ibm.team.repository.notification.mail.enabled=false
com.ibm.team.datawarehouse.db.jdbc.password=[z30UFj2BBvaqhIZHiC9JRg\=\=]
com.ibm.team.repository.db.repoLockId=_ZD2KUDk5EeKYmfO0PQ739A
com.ibm.team.repository.user.registry.type=LDAP
com.ibm.team.repository.ws.allow.identity.assertion=false
com.ibm.team.repository.ldap.registryLocation=ldap\://tsmtdom1.tsmt.net\:389
com.ibm.team.datawarehouse.auth.password=[nVljcwAbVUnJFFJU47Aq0MYvATN3hVdYbnuMeSS9eIluZ4R66KIsDqOD47eGgist]
com.ibm.team.repository.ldap.baseGroupDN=ou\=JazzGroup,dc\=tsmt,dc\=net
com.ibm.team.repository.notification.mail.reply=fontana@tsmt.net;viano@tsmt.net;digiandomenico@tsmt.net
com.ibm.team.repository.changeEvent.expirationDefault=1209600
com.ibm.team.repository.licenseService.floatingLicenseServerURI=https\://ceres\:9443/jts/
com.ibm.team.repository.tokenProviderService=com.ibm.rational.common.token.licensing.RLSTokenService
com.ibm.team.repository.ldap.findUsersByNameQuery=displayName\=?1*
com.ibm.team.repository.ldap.registryUserName=jazz_admin@tsmt.net
com.ibm.team.repository.web.suppressedPages={"com.ibm.team.repository.web.admin"\: ["com.ibm.team.repository.provision"]}
com.ibm.team.datawarehouse.datawarehouse.jobs.enabled=true
com.ibm.team.repository.setup.completed.setup=true
com.ibm.team.repository.ldap.registryPassword=administrator
com.ibm.team.repository.server.webapp.url=https\://ceres\:9443/jts
com.ibm.team.datawarehouse.db.automatic.setup=true
com.ibm.team.repository.db.vendor=sqlserver
com.ibm.team.repository.ldap.findUsersByUserIdQuery=cn\=?1
com.ibm.team.jfs.index.root.directory=indices
com.ibm.team.datawarehouse.db.net.port=1527
com.ibm.team.repository.ws.allow.admin.access=false
com.ibm.team.repository.ldap.findUsersByAnyNameQuery=(| (displayName\=* ?1*) (displayName\=*_?1*))
com.ibm.team.datawarehouse.db.vendor=sqlserver
com.ibm.team.datawarehouse.datawarehouse.provider=Remote
com.ibm.team.datawarehouse.db.base.folder=C\:\\RTC
-------------------------------------------------------------------------------------------------------------------------
Thanks in advance for any help.
Bruno
Accepted answer
Bruno, the information above is not nearly enough to debug your problem.
Can you log in with your administrative user? It looks like it, otherwise you would not be able to sync users in.
If you can, my guess is you failed with the LDAP setup.
I
Can you log in with your administrative user? It looks like it, otherwise you would not be able to sync users in.
If you can, my guess is you failed with the LDAP setup.
- Make sure your administrative user user has a valid LDAP account.
-
Please run Setup again.
-
On the LDAP setup page follow the hints provided to the support technote. It guides you to download a tool that allows you to verify your LDAP settings. https://jazz.net/library/article/831 could also provide you some hints on set up with MS AD.
- Make sure the LDAP settings and parameters you are using work and are valid with the tool.
-
If setting up with Tomcat, also make sure to follow the last directions in the LDAP setup step. Don't forget to replace the web.xml files manually. Keep a backup of the old file, in case your LDAP settings don't work.
I
Comments
Some answers first.
- Yes we can login with the administrative account.The account, called jazz_admin is a LDAP account. On this I have some slight doubt, which I have to check, because it was created before the connection to LDAP was performed, so I beleieve it was local. I have a slight suspicion that if I try to import it as well from LDAP I will not be able to enter RTC as admin. I can bypass that though creating another local user as admin.
-
We downloaded the tool and it was a great help. But not final, alas.
- We did not replace the web.xml file, I'll have a look there.
It is several files for JTS, CCM, QM.