Managing users with Lightweight Directory Access Protocol (LDAP)

This information helps you configure your LDAP registry to manage users.

By default, the Jazz™ Team Server stores the user information with encrypted passwords in the user database.

If you plan to use an LDAP registry with your Jazz Team Server, you must configure your Apache Tomcat or WebSphere® Application Server to use an LDAP registry to authenticate users.

To configure LDAP to work with Jazz Team Server,
  1. Understand the LDAP configuration parameters.
  2. Configure the Web container for Apache Tomcat or WebSphere Application Server.
    Note: The Jazz Team Server user identity is case sensitive. When using LDAP for user management, turn off the case-insensitive option. Work with your server administrator or consult your product documentation to ensure that the settings are case-sensitive.
  3. Create an initial user. This user is the initial Jazz Team Server administrator.
  4. Configure Jazz Team Server to use LDAP.
  5. Import the users.

Understanding the LDAP configuration parameters

Table 1. LDAP Parameters and descriptions
Parameter Value description
LDAP Registry Location The URL that references your LDAP server. ldap://ldap.example.com:389
User Name The user name to log in to this LDAP server. Some LDAP servers do not require a login and password. In this case, this parameter is blank.
Password The password associated with the user name.
Base User DN The search base indicates where in the hierarchy to begin the search for the users. For example, "o=[company],l=[your city],c=[your country]"
User Property Names Mapping The mapping of Jazz user property names to LDAP registry entry attribute names. You must define the following mappings:
  • userId =[LDAP user ID]
  • name =[LDAP user name]
  • emailAddress =[LDAP user e-mail]
For example, userId=mail,name=cn,emailAddress=mail
Base Group DN This search base indicates where in the hierarchy to begin the search the group names, for example, ou=memberlist,ou=yourgroups,o=example.com
Jazz to LDAP Group Mapping The mapping between Jazz groups and LDAP groups. One Jazz group can be mapped to multiple LDAP groups. The LDAP groups must be separated by a semicolon. For example, JazzAdmins=LDAPAdmins1;LDAPAdmins2 maps JazzAdmins group to LDAPAdmins1 and LDAPAdmins2. Jazz Team Server defines 4 groups to map with:
  • JazzAdmins =[LDAP Group for Jazz admins]
  • JazzUsers =[LDAP Group for Jazz users]
  • JazzDWAdmins =[LDAP Group for Jazz Data Warehouse Admin]
  • JazzGuests =[LDAP Group for Jazz guest]
For example, JazzAdmins= YourGroupA, JazzUsers= YourGroupB, JazzDWAdmins= YourGroupC, JazzGuests= YourGroupD .
Group Name Property The LDAP Property that represents the name of the Jazz groups in the LDAP registry. For example, cn.
Group Member Property The LDAP Property that represent the members of a group in the LDAP registry. For example, uniquemember.
Related information
Supported server environments
LDAP Configuration for Newbies
Apache Tomcat Realm Configuration
Configuring Lightweight Directory Access Protocol user registries
Mapping users to roles
Feedback

Did this help? You can provide feedback at Jazz.net (registration required): Comment in the forums or submit a bug