r7 - 2013-12-02 - 04:30:59 - Main.liuzhichengYou are here: TWiki > 
Deployment Web > CloudDeployment > DeployingCLMOnPrivateCloudUsingPatterns
Deployment Web > CloudDeployment > DeployingCLMOnPrivateCloudUsingPatterns 
Configuring the script package to enable CLM to use your LDAP server
Authors: Zhi Cheng Liu, Xiang Yue Gao, Xue Po Wang, Ting Hui Li Build basis: IBM Software Delivery and Lifecycle Patterns
You can configure a property file in a script package in the CLM pattern to use an LDAP server for authentication. For step by step instructions on this, please refer to IBM software delivery lifecycle patterns info center. In this wiki page, we will cover how to customize the LDAP property file to your environment by giving example on this.
In this example, you will see a LDAP registry pre-populated with 2 groups and a set of users. See more details about entries in the registry, in Fig 1,Fig 2 and Fig3.
Please see how the LDAPSecurity.properties file is constructed for the above LDAP registry in the below table with parameter name, its description and sample codes.
Please see how the LDAPSecurity.properties file is constructed for the above LDAP registry in the below table with parameter name, its description and sample codes.
| Parameter | Description | sample code |
|---|---|---|
| Group Member Property | The LDAP property that represents the members of a group in the LDAP registry | jazz_ldap_membersOfGroup="uniqueMember" |
| Jazz LDAP User Mapping Properties | Map Jazz group roles to LDAP groups. Jazz team server defines five groups to map | #Jazz Admins Group Role Mapping jazz_grouprole_JazzAdmins="cn\=RQMSVTJazzAdmins,cn\=SVT,dc\=RPTSVT,dc\=domain" #Jazz Data Warehouse Admins Group Role Mapping jazz_grouprole_JazzDWAdmins="cn\=RQMSVTJazzAdmins,cn\=SVT,dc\=RPTSVT,dc\=domain" #Jazz Users Group Role Mapping jazz_grouprole_JazzUsers="cn\=RQMSVTJazzUsers,cn\=SVT,dc\=RPTSVT,dc\=domain" #Jazz Guests Group Role Mapping jazz_grouprole_JazzGuests="cn\=RQMSVTJazzUsers,cn\=SVT,dc\=RPTSVT,dc\=domain" #Jazz Project Admins Group Role Mapping jazz_grouprole_JazzProjectAdmins="cn\=RQMSVTJazzAdmins,cn\=SVT,dc\=RPTSVT,dc\=domain" #In this example, these five Jazz group roles are mapped to 2 LDAP groups. |
| LDAP Host Properties | The web address that references your LDAP server | jazz_ldap_host="xxx.rtp.raleigh.ibm.com" jazz_ldap_port="389" jazz_ldap_enableSSL="false" |
| LDAP search filter properties | Filters to search users and groups from LDAP | jazz_ldap_groupMemberIdMap="*:uniqueMember" jazz_ldap_userIdMap="*:uid" jazz_ldap_userFilter="(&(uid=%v)(objectclass=inetOrgPerson))" jazz_ldap_groupIdMap="*:cn" jazz_ldap_groupFilter="(&(cn=%v)(objectclass=groupOfUniqueNames))" |
| Bind User Name | The user name to log on to this LDAP server. For the LDAP servers that allow anonymous user names and passwords, you can leave this parameter blank | jazz_ldap_bindDN="cn\=root" |
| Bind Password | The password that is associated with the bind user name | jazz_ldap_bindPassword="ec11ipse" |
| Base DN | The base distinguished name in the LDAP registry | jazz_ldap_baseDN="dc\=RPTSVT,dc\=domain" |
| Base User DN | The base distinguished name of users in the LDAP registry | jazz_ldap_baseUserDN="dc\=RPTSVT,dc\=domain" |
| User Property Names Mapping | The mapping of Jazz™ user property names to LDAP registry entry attribute names. You must define the following mappings: userId = LDAP user ID name = LDAP user name emailAddress = LDAP user e-mail The userId property identifies the user ID that is used when a user logs on to the system. The name property renders the name in the user interface |
jazz_ldap_userAttributesMapping="userId\=uid,name\=cn,emailAddress\=mail" |
| Base Group DN | The base distinguished name of the Jazz application groups in the LDAP registry | jazz_ldap_baseGroupDN="dc\=RPTSVT,dc\=domain" |
| Jazz to LDAP Group Mapping | Jazz Team Server defines five groups to map: JazzAdmins = LDAP Group for Jazz admins JazzUsers = LDAP Group for Jazz users JazzDWAdmins = LDAP Group for Jazz Data Warehouse Admin JazzGuests = LDAP Group for Jazz guest (Not used by Rational Quality Manager) JazzProjectAdmins = LDAP Group for Jazz project admins |
jazz_ldap_groupMapping="JazzProjectAdmins\=RQMSVTJazzAdmins,JazzAdmins\=RQMSVTJazzAdmins,JazzUsers\=RQMSVTJazzUsers,JazzDWAdmins\=RQMSVTJazzAdmins,JazzGuests\=RQMSVTJazzUsers" |
| Group Name Property | The LDAP property that represents the name of the Jazz groups in the LDAP registry. For example, cn. This property is used in the query to retrieve an LDAP group. To retrieve an LDAP group, a query uses a combination of the Base group DN and the Group Name Property | jazz_ldap_groupNameAttribute="cn" |
External links:
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 png |
LDAP_Group.png | manage | 35.2 K | 2013-06-14 - 05:19 | UnknownUser | LDAP groups |
| png |
LDAP_Group2.png | manage | 93.3 K | 2013-06-17 - 04:55 | UnknownUser | LDAP groups two |
| png |
LDAP_User.png | manage | 39.4 K | 2013-06-14 - 05:21 | UnknownUser | LDAP users |
-
Deployment web
-
Planning and design
- Installing and upgrading
- Migrating and evolving
- Integrating
- Administering
- Monitoring
- Troubleshooting
- ELM SaaS
Community information and contribution guidelines 
Topic list 
Search 
Advanced search 
Notify 
RSS 
Atom 
Changes 
Statistics 
Web preferences 
NOTE: Please use the Sandbox web for testing 
-
To do
- Under construction
-
New
-
Updated
-
Constant change
- None - stable page
- Smaller versions of status icons for inline text:
-
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Contributions are governed by our Terms of Use. Please read the following disclaimer.