JazzAuthServer_install_dir/wlp/usr/servers/jazzop/defaults
folder one level up to JazzAuthServer_install_dir/wlp/usr/servers/jazzop/
server.xml
, appConfig.xml
, ldapUserRegistry.xml
and localUserRegistry.xml
appConfig.xml
- Contains Jazz Group/Role mappings and UserRegistry file information
ldapUserRegistry.xml
- Configuring Liberty with an LDAP user registry
localUserRegistry.xml
- Configuring Liberty file based registry
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/localUserRegistry.xml
<server> <!-- Sample basic user registry definition The passwords for the "ADMIN" and "clmadmin" users are the same as the user names. If those users are to be retained, the wlp/bin/securityUtility script should be used to encode new passwords. Otherwise, new users should defined with encoded passwords. --> <basicRegistry> <user name="ADMIN" password="{xor}HhsSFhE="/> <user name="clmadmin" password="{xor}PDMyPjsyNjE="/> <user name="clmuser" password="plaintext_password"/> <group id="JazzAdmins" name="JazzAdmins"> <member name="ADMIN"/> <member name="clmadmin"/> </group> <group id="JazzUsers" name="JazzUsers"> <member name="clmuser"/> </group> <group id="JazzGuests" name="JazzGuests"> </group> <group id="JazzProjectAdmins" name="JazzProjectAdmins"> </group> </basicRegistry> <administrator-role> <user>clmadmin</user> </administrator-role> </server>
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/defaults/appConfig.xml
file
<include location="localUserRegistry.xml" optional="true"/> <!--include location="ldapUserRegistry.xml" optional="true"/-->TO
<!--include location="localUserRegistry.xml" optional="true"/--> <include location="ldapUserRegistry.xml" optional="true"/>
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/defaults/ldapUserRegistry.xml
and modify the ldapRegistry configuration for your LDAP registry
<server> <ldapRegistry ldapType="Microsoft Active Directory" baseDN="CN=Users,DC=test,DC=com" bindDN="CN=CLM Admin,CN=Users,DC=test,DC=com" bindPassword="********" host="ldapserver" id="ldapserver:389" ignoreCase="true" port="389" realm="ldapserver:389" recursiveSearch="true" referal="follow" sslEnabled="false"> <activedFilters userFilter="(&(sAMAccountName=%v)(objectcategory=user))" groupFilter="(&(cn=%v)(objectcategory=group))" userIdMap="user:sAMAccountName" groupIdMap="*:cn" groupMemberIdMap="memberOf:member" > </activedFilters> </ldapRegistry> </server>
<server> <ldapRegistry ldapType="IBM Tivoli Directory Server" baseDN="o=test.com" bindDN="uid=clmadmin,c=in,ou=Users,o=test.com" bindPassword="********" host="ldapserver" id="ldapserver:389" ignoreCase="true" port="389" realm="ldapserver:389" recursiveSearch="true" sslEnabled="false"> <idsFilters groupFilter="(&(cn=%v)(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))" groupIdMap="*:cn" groupMemberIdMap="groupOfUniqueNames:uniquemember" userFilter="(&(uid=%v)(objectclass=person))" userIdMap="*:uid"> </idsFilters> </ldapRegistry> </server>
<server> <ldapRegistry ldapType="Custom" baseDN="dc=example,dc=com" host="localhost" id="localhostexample:10389" ignoreCase="true" port="10389" referal="follow" realm="localhostexample:10389" recursiveSearch="true" sslEnabled="false"> <customFilters groupFilter="(&(cn=%v)(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))" groupIdMap="*:cn" groupMemberIdMap="groupOfUniqueNames:uniquemember" userFilter="(&(uid=%v)(objectclass=inetOrgPerson))" userIdMap="*:uid" > </customFilters> </ldapRegistry> </server>
JazzAuthServer_install_dir/wlp/bin/securityUtility
$ securityUtility encode userPasswordwhere userPassword is the password to encode
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/appConfig.xml
<application id="com.ibm.team.integration.jazzop" location="jazzop.war" name="com.ibm.team.integration.jazzop" context-root="jazzop" type="war"> <application-bnd> <security-role name="JazzAdmins"> <group name="MYJAZZADMINS"/> <group name="JazzAdmins"/> </security-role> <security-role name="JazzUsers"> <group name="MYJAZZUSERS"/> <group name="JazzUsers"/> </security-role> <security-role name="JazzProjectAdmins"> <group name="MYJAZZPROJECTADMINS"/> <group name="JazzProjectAdmins"/> </security-role> <security-role name="JazzGuests"> <group name="MYJAZZGUESTS"/> <group name="JazzGuests"/> </security-role> <security-role name="JazzDebug"> <group name="MYJAZZDEBUG"/> <group name="JazzAdmins"/> </security-role> </application-bnd> </application>
<oauth-roles> <authenticated> <special-subject type="ALL_AUTHENTICATED_USERS" /> </authenticated> <clientManager> <group name="MYJAZZADMINS" /> <group name="JazzAdmins"/> <user name = "MYSCIMADMIN" /> </clientManager> </oauth-roles>
$ cd JazzAuthServer_install_dir $ ./start-jazz
{"data":[]}