LDAP and Kerberos SSO
Kerberos authentication with Microsoft Active Directory requires the use of Lightweight Directory Access Protocol (LDAP).
Microsoft Active Directory also functions as an LDAP server. For
information about configuring IBM®
WebSphere® Application Server to
use LDAP to map user IDs that are resolved by SPNEGO to user IDs in
the LDAP registry, see Chapter 7,
Single sign-on to WebSphere Application
Server using SPNEGO of Implementing Kerberos in a WebSphere Application
You must ensure that the role-to-group mapping for your web applications is correct. It is best to create custom groups for the Jazz roles. For more information, see Setting up groups and users.
When you configure the Jazz® Team Server by using either the setup wizard or the Advanced Properties tab on the Administration page, you must ensure that the Jazz Team Server values for LDAP are adjusted for Active Directory.