r7 - 2013-12-02 - 04:30:59 - Main.liuzhichengYou are here: TWiki >  Deployment Web > CloudDeployment > DeployingCLMOnPrivateCloudUsingPatterns

uc.png Configuring the script package to enable CLM to use your LDAP server

Authors: Zhi Cheng Liu, Xiang Yue Gao, Xue Po Wang, Ting Hui Li
Build basis: IBM Software Delivery and Lifecycle Patterns

You can configure a property file in a script package in the CLM pattern to use an LDAP server for authentication. For step by step instructions on this, please refer to IBM software delivery lifecycle patterns info center. In this wiki page, we will cover how to customize the LDAP property file to your environment by giving example on this.

In this example, you will see a LDAP registry pre-populated with 2 groups and a set of users. See more details about entries in the registry, in Fig 1,Fig 2 and Fig3.

Please see how the LDAPSecurity.properties file is constructed for the above LDAP registry in the below table with parameter name, its description and sample codes.

Parameter Description sample code
Group Member Property The LDAP property that represents the members of a group in the LDAP registry jazz_ldap_membersOfGroup="uniqueMember"
Jazz LDAP User Mapping Properties Map Jazz group roles to LDAP groups. Jazz team server defines five groups to map #Jazz Admins Group Role Mapping
#Jazz Data Warehouse Admins Group Role Mapping
#Jazz Users Group Role Mapping
#Jazz Guests Group Role Mapping
#Jazz Project Admins Group Role Mapping
#In this example, these five Jazz group roles are mapped to 2 LDAP groups.
LDAP Host Properties The web address that references your LDAP server jazz_ldap_host="xxx.rtp.raleigh.ibm.com"
LDAP search filter properties Filters to search users and groups from LDAP jazz_ldap_groupMemberIdMap="*:uniqueMember"
Bind User Name The user name to log on to this LDAP server. For the LDAP servers that allow anonymous user names and passwords, you can leave this parameter blank jazz_ldap_bindDN="cn\=root"
Bind Password The password that is associated with the bind user name jazz_ldap_bindPassword="ec11ipse"
Base DN The base distinguished name in the LDAP registry jazz_ldap_baseDN="dc\=RPTSVT,dc\=domain"
Base User DN The base distinguished name of users in the LDAP registry jazz_ldap_baseUserDN="dc\=RPTSVT,dc\=domain"
User Property Names Mapping The mapping of Jazz™ user property names to LDAP registry entry attribute names. You must define the following mappings:
userId = LDAP user ID
name = LDAP user name
emailAddress = LDAP user e-mail
The userId property identifies the user ID that is used when a user logs on to the system. The name property renders the name in the user interface
Base Group DN The base distinguished name of the Jazz application groups in the LDAP registry jazz_ldap_baseGroupDN="dc\=RPTSVT,dc\=domain"
Jazz to LDAP Group Mapping Jazz Team Server defines five groups to map:
JazzAdmins = LDAP Group for Jazz admins
JazzUsers = LDAP Group for Jazz users
JazzDWAdmins = LDAP Group for Jazz Data Warehouse Admin
JazzGuests = LDAP Group for Jazz guest (Not used by Rational Quality Manager)
JazzProjectAdmins = LDAP Group for Jazz project admins
Group Name Property The LDAP property that represents the name of the Jazz groups in the LDAP registry. For example, cn. This property is used in the query to retrieve an LDAP group. To retrieve an LDAP group, a query uses a combination of the Base group DN and the Group Name Property jazz_ldap_groupNameAttribute="cn"

External links:

Topic attachments
I Attachment Action Size Date Who Comment
Pngpng LDAP_Group.png manage 35.2 K 2013-06-14 - 05:19 UnknownUser LDAP groups
Pngpng LDAP_Group2.png manage 93.3 K 2013-06-17 - 04:55 UnknownUser LDAP groups two
Pngpng LDAP_User.png manage 39.4 K 2013-06-14 - 05:21 UnknownUser LDAP users
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r7 < r6 < r5 < r4 < r3 | More topic actions
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our Terms of Use. Please read the following disclaimer.