JazzAuthServer_install_dir/wlp/usr/servers/jazzop/defaults
folder one level up to JazzAuthServer_install_dir/wlp/usr/servers/jazzop/
server.xml
, appConfig.xml
, ldapUserRegistry.xml
and localUserRegistry.xml
appConfig.xml
- Contains Jazz Group/Role mappings and UserRegistry file information
ldapUserRegistry.xml
- Configuring Liberty with an LDAP user registry
localUserRegistry.xml
- Configuring Liberty file based registry
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/server.xml
and include the following in the list of features
<feature>scim-1.0</feature>
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/defaults/appConfig.xml
file and towards the end of the file change from <include location="localUserRegistry.xml" optional="true"/> <!--include location="ldapUserRegistry.xml" optional="true"/-->TO
<!--include location="localUserRegistry.xml" optional="true"/--> <include location="ldapUserRegistry.xml" optional="true"/>
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/defaults/ldapUserRegistry.xml
and modify to match your environment, examples below
<server> <ldapRegistry ldapType="Microsoft Active Directory" baseDN="CN=Users,DC=test,DC=com" bindDN="CN=CLM Admin,CN=Users,DC=test,DC=com" bindPassword="********" host="ldapserver" id="ldapserver:389" ignoreCase="true" port="389" realm="ldapserver:389" recursiveSearch="true" referal="follow" sslEnabled="false"> <activedFilters userFilter="(&(sAMAccountName=%v)(objectcategory=user))" groupFilter="(&(cn=%v)(objectcategory=group))" userIdMap="user:sAMAccountName" groupIdMap="*:cn" groupMemberIdMap="memberOf:member" > </activedFilters> </ldapRegistry> <federatedRepository> <primaryRealm name="FVTRegistry"> <participatingBaseEntry name="CN=Users,DC=test,DC=com"/> </primaryRealm> </federatedRepository> <administrator-role> <user>clmadmin</user> <group>MyJazzAdmins</group> </administrator-role> </font> </server>
<server> <ldapRegistry ldapType="IBM Tivoli Directory Server" baseDN="o=test.com" bindDN="uid=clmadmin,c=in,ou=Users,o=test.com" bindPassword="********" host="ldapserver" id="ldapserver:389" ignoreCase="true" port="389" realm="ldapserver:389" recursiveSearch="true" searchTimeout="10m" sslEnabled="false"> <idsFilters groupFilter="(&(cn=%v)(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))" groupIdMap="*:cn" groupMemberIdMap="groupOfUniqueNames:uniquemember" userFilter="(&(uid=%v)(objectclass=person))" userIdMap="*:uid"> </idsFilters> <ldapEntityType name="PersonAccount"> <searchBase>c=in,ou=Users,o=test.com</searchBase> </ldapEntityType> <ldapEntityType name="Group"> <searchBase>ou=JazzGroups,ou=Groups,o=test.com</searchBase> </ldapEntityType> <administrator-role> <user>myscimadmin</user> </administrator-role> </ldapRegistry> </server>
< ldapEntityType >
tag is not mandatory, but can be used to limit the User and group query scope
<server> <ldapRegistry ldapType="Custom" baseDN="dc=example,dc=com" host="ldapserver" id="ldapserver:10389" ignoreCase="true" port="10389" realm="ldapserver:10389" recursiveSearch="true" referal="follow" sslEnabled="false" timestampFormat="yyyyMMddHHmmss.SSSSSSZ"> <customFilters groupFilter="(&(cn=%v)(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))" groupIdMap="*:cn" groupMemberIdMap="groupOfUniqueNames:uniquemember" userFilter="(&(uid=%v)(objectclass=inetOrgPerson))" userIdMap="*:uid" > </customFilters> </ldapRegistry> <administrator-role> <user>myscimdmin</user> </administrator-role> </server>
attribute as shown above resolves the error.
<federatedRepository maxSearchResults="100000" />
JazzAuthServer_install_dir/wlp/bin/securityUtility
$ securityUtility encode userPasswordwhere userPassword is the password to encode
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/appConfig.xml
<application id="com.ibm.team.integration.jazzop" location="jazzop.war" name="com.ibm.team.integration.jazzop" context-root="jazzop" type="war"> <application-bnd> <security-role name="JazzAdmins"> <group name="MYJAZZADMINS"/> </security-role> <security-role name="JazzUsers"> <group name="MYJAZZUSERS"/> </security-role> <security-role name="JazzProjectAdmins"> <group name="MYJAZZPROJECTADMINS"/> </security-role> <security-role name="JazzGuests"> <group name="MYJAZZGUESTS"/> </security-role> <security-role name="JazzDebug"> <group name="MYJAZZDEBUG"/> </security-role> </application-bnd> </application>
<oauth-roles> <authenticated> <special-subject type="ALL_AUTHENTICATED_USERS" /> </authenticated> <clientManager> <group name="MYJAZZADMINS" /> <user name = "MYSCIMADMIN" /> </clientManager> </oauth-roles>
$ cd JazzAuthServer_install_dir $ ./start-jazz