Jazz_App_install_dir/server/liberty/servers/clm/server.xml
and include the following in the list of features
<feature>appSecurity-2.0</feature> <feature>servlet-3.0</feature> <feature>ldapRegistry-3.0</feature>
ldapUserRegistry.xml
entry is enabled in Jazz_App_install_dir/server/liberty/servers/clm/server.xml
<include location="conf/ldapUserRegistry.xml"/>
Jazz_App_install_dir/server/liberty/servers/clm/ldapUserRegistry.xml
and modify to match your environment
<server> <ldapRegistry ldapType="Microsoft Active Directory" baseDN="CN=Users,DC=HOST1,DC=com" bindDN="CN=CLM Admin,CN=Users,DC=HOST1,DC=com" bindPassword="********" host="ldapserver1" id="ldapserver1:389" ignoreCase="true" port="389" realm="ldapserver1:389" recursiveSearch="true" referal="follow" sslEnabled="false"> <activedFilters userFilter="(&(sAMAccountName=%v)(objectcategory=user))" groupFilter="(&(cn=%v)(objectcategory=group))" userIdMap="user:sAMAccountName" groupIdMap="*:cn" groupMemberIdMap="memberOf:member" > </activedFilters> </ldapRegistry> <ldapRegistry ldapType="Microsoft Active Directory" baseDN="CN=Users,DC=HOST2,DC=com" bindDN="CN=CLM Admin,CN=Users,DC=HOST2,DC=com" bindPassword="********" host="ldapserver2" id="ldapserver2:389" ignoreCase="true" port="389" realm="ldapserver2:389" recursiveSearch="true" referal="follow" sslEnabled="false"> <activedFilters userFilter="(&(sAMAccountName=%v)(objectcategory=user))" groupFilter="(&(cn=%v)(objectcategory=group))" userIdMap="user:sAMAccountName" groupIdMap="*:cn" groupMemberIdMap="memberOf:member" > </activedFilters> </ldapRegistry> </server>
<server> <ldapRegistry ldapType="Custom" baseDN="dc=clm,dc=com" host="ldapserver1" id="ldapserver1:10389" ignoreCase="true" port="10389" realm="ldapserver1:10389" recursiveSearch="true" referal="follow" sslEnabled="false"> <customFilters groupFilter="(&(cn=%v)(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))" groupIdMap="*:cn" groupMemberIdMap="groupOfUniqueNames:uniquemember" userFilter="(&(uid=%v)(objectclass=inetOrgPerson))" userIdMap="*:uid" > </customFilters> </ldapRegistry> <ldapRegistry ldapType="Custom" baseDN="dc=example,dc=com" host="ldapserver2" id="ldapserver2:10389" ignoreCase="true" port="10389" realm="ldapserver2:10389" recursiveSearch="true" referal="follow" sslEnabled="false" timestampFormat="yyyyMMddHHmmss.SSSSSSZ"> <customFilters groupFilter="(&(cn=%v)(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))" groupIdMap="*:cn" groupMemberIdMap="groupOfUniqueNames:uniquemember" userFilter="(&(uid=%v)(objectclass=inetOrgPerson))" userIdMap="*:uid" > </customFilters> </ldapRegistry> </server>
ldapUserRegistry.xml
and basicUserRegistry.xml
entries are enabled in Jazz_App_install_dir/server/liberty/servers/clm/server.xml
<include location="conf/basicUserRegistry.xml"/> <include location="conf/ldapUserRegistry.xml"/>
Jazz_App_install_dir/server/liberty/servers/clm/conf/ldapUserRegistry.xml
and modify to match your environment, you can include federate LDAP registries as per the above example as well
Jazz_App_install_dir/server/liberty/servers/clm/conf/basicUserRegistry.xml
and include Users and groups as per your requirement <server> <basicRegistry id="Jazz" realm="Jazz"> <user name="ADMIN" password="{xor}HhsSFhE="/> <user name="bclmadmin" password="{xor}Lz4sLCgwLTtsbW5rag=="/> <user name="bclmuser" password="{xor}Lz4sLCgwLTs="/> <group name="BJazzAdmins"> <member name="ADMIN"/> <member name="bclmadmin"/> </group> <group name="BJazzProjectAdmins"> <member name="bclmadmin"/> </group> <group name="BJazzGuests"> <member name="bclmadmin"/> </group> <group name="BJazzUsers"> <member name="bclmuser"/> </group> </basicRegistry> </server>
Jazz_App_install_dir/server/liberty/wlp/bin/securityUtility
$ securityUtility encode userPasswordwhere userPassword is the password to encode
Jazz_App_install_dir/server/liberty/server/liberty/servers/clm/conf/application.xml
and modify Group mapping for jts.war, ccm.war and qm.war <application id="jts" location="${server.config.dir}/apps/jts.war" name="jts" type="war"> <application-bnd> <security-role name="JazzAdmins"> <group name="JazzAdmins_Host1"/> <group name="JazzAdmins_Host2"/> <group name="JazzAdmins_Basic"/> </security-role> <security-role name="JazzProjectAdmins"> <group name="JazzProjectAdmins_Host1"/> <group name="JazzProjectAdmins_Host2"/> <group name="JazzProjectAdmins_Basic"/> </security-role> <security-role name="JazzUsers"> <group name="JazzUsers_Host1"/> <group name="JazzUsers_Host2"/> <group name="JazzUsers_Basic"/> </security-role> <security-role name="JazzGuests"> <group name="JazzGuests_Host1"/> <group name="JazzGuests_Host2"/> <group name="JazzGuests_Basic"/> </security-role> </application-bnd> </application>
Jazz_App_install_dir/server/liberty/server/liberty/servers/clm/server.xml
and modify the section shown below <!-- Edit the following, after setting up the user registry, to define the user(s) and/or group(s) that can perform Liberty server administration (e.g. access the Admin Center) --> <administrator-role> <user>bclmadmin</user> <group>JazzAdmins_Host1</group> </administrator-role>
Note: You can only Synchronize users from one LDAP registry at a time into JTS.