LDAP and Kerberos SSO

Kerberos authentication with Microsoft Active Directory requires the use of Lightweight Directory Access Protocol (LDAP).

Microsoft Active Directory also functions as an LDAP server. For information about configuring IBM® WebSphere® Application Server to use LDAP to map user IDs that are resolved by SPNEGO to user IDs in the LDAP registry, see Chapter 7, Single sign-on to WebSphere Application Server using SPNEGO of Implementing Kerberos in a WebSphere Application Server Environment.

You must ensure that the role-to-group mapping for your web applications is correct. It is best to create custom groups for the Jazz roles. For more information, see Setting up groups and users.

When you configure the Jazz™ Team Server by using either the setup wizard or the Advanced Properties tab on the Administration page, you must ensure that the Jazz Team Server values for LDAP are adjusted for Active Directory.

Important: When you create new users in Active Directory, you must specify a display name and email address; these attributes are expected by CLM applications.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki