LDAP and Kerberos SSO

Kerberos authentication with Microsoft Active Directory requires the use of Lightweight Directory Access Protocol (LDAP).

Microsoft Active Directory also functions as an LDAP server. For information about configuring IBM® WebSphere® Application Server to use LDAP to map user IDs that are resolved by SPNEGO to user IDs in the LDAP registry, see Chapter 7, Single sign-on to WebSphere Application Server using SPNEGO of Implementing Kerberos in a WebSphere Application Server Environment.

You must ensure that the role-to-group mapping for your web applications is correct. It is best to create custom groups for the Jazz roles. For more information, see Setting up groups and users.

When you configure the Jazz® Team Server by using either the setup wizard or the Advanced Properties tab on the Administration page, you must ensure that the Jazz Team Server values for LDAP are adjusted for Active Directory.

Important: When you create new users in Active Directory, you must specify a display name and email address; these attributes are expected by CLM applications.