Format of LDAP Server "Group Member Property"
I'm trying to configure my jazz server to use Apache Directory Server. I believe I've gotten to the point where, when I try to log into the Jazz server, the user id authenticates successfully, but then it appears that the user is not part of any Jazz groups. I suspect that I'm not properly setting the "Group Member Property". The attribute used to identify members is "uniquemember", and the value is e.g. "uid=jsmith". This would lead me to believe that the Group Member Property needs to be "uniquemember=uid", such that the resulting property in teamserver.properties is:
com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember\=uid\={USER-DN} I suspect I'm wrong here though, given that all the examples in the doc indicate that I should just be specifying "uniquemember" for Group Member Property, and when I try to test the connection with "uniquemember=uid" I get a warning that no such attribute exists. Just using "uniquemember" passes the connection test, but then doesn't work. Ideally I would just turn on logging in log4j.properties and see what query is being used against my ldap server, but I'm not having any luck turning on DEBUG either. Setting log4j.logger.com.ibm.team.repository.service.internal.userregistry.ldap.LDAPUserRegistry to DEBUG doesn't give me any ldap-related entries in the log. Nor does setting log4j.rootLogger to DEBUG. I am using build rtc.200x.integration I20090814-1409. Any suggestions for what to try next would be greatly appreciated. Thanks! Robin |
3 answers
Robin,
Unfortunately there is no easy to fix your issue. We are assuming that the membership information would be collected using the following format : uniquemember: {dn of the user} For e..g uniquemember: uid=jsmith,ou=people,dc=jazz,dc=net This problem is described in https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/89980 I believe you are using a simple objectclass like groupOfNames / groupOfUniqueNames. In these schemas, the uniquemember property can take any text. To get around this problem, you need to have 2 entries in LDAP group. uniquemember: jsmith uniquemember: uid=jsmith,ou=people,dc=jazz,dc=net --- Balaji Jazz Server Team I'm trying to configure my jazz server to use Apache Directory Server. I believe I've gotten to the point where, when I try to log into the Jazz server, the user id authenticates successfully, but then it appears that the user is not part of any Jazz groups. I suspect that I'm not properly setting the "Group Member Property". The attribute used to identify members is "uniquemember", and the value is e.g. "uid=jsmith". This would lead me to believe that the Group Member Property needs to be "uniquemember=uid", such that the resulting property in teamserver.properties is: |
We added support for fetching the groups of a user using their user id.
We now support 2 formats : member={USER-DN} memberuid={USER-ID} where member and memberuid are attributes in LDAP to represent the membership --- Balaji Robin, I'm trying to configure my jazz server to use Apache Directory Server. I believe I've gotten to the point where, when I try to log into the Jazz server, the user id authenticates successfully, but then it appears that the user is not part of any Jazz groups. I suspect that I'm not properly setting the "Group Member Property". The attribute used to identify members is "uniquemember", and the value is e.g. "uid=jsmith". This would lead me to believe that the Group Member Property needs to be "uniquemember=uid", such that the resulting property in teamserver.properties is: |
Hello,
It is not very clear to me how can i configure the LDAP settings in Rational Team Concert if i have the different domains located in different geographical locations. I.e i have team members in Germany, NA and India and i have to configure LDAP for all these domain users, where the LDAP for all these locations are different. Please give a hint how can i configure. Thank you |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.