You can configure LDAP when IBM® Rational® Quality Manager is
configured to run on WebSphere® Application Server.
About this task
To configure LDAP:
Procedure
- From the Websphere
Admin console, click .
- Update
the security settings as follows:
- Enable administrative
security: on
- Enable application security: on
- User account repository/Available realm definitions: standalone
LDAP registry
- In the User account repository section,
click Configure,
and supply the General Properties.
- Primary administrative
user name - Your user ID
- Server user identity - Automatically
generated server identity
- Type of LDAP server - Custom
- Search
timeout - 120 seconds
- Click Apply,
and save the changes.
- In the Configuration
section, click Test connection.
- In the Additional Properties section, click Advanced
Lightweight Directory Access Protocol (LDAP).
- Specify the General Properties fields as follows:
- User filter:
(&(emailaddress=%v)(objectclass=ePerson))
- Group filter:
(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
- User ID map:
*:emailaddress
- Group
member ID map: (replace ibm with your own
ID)
ibm-allGroups:member;ibm-allGroups:uniqueMember
- Certificate map mode:
EXACT_DN
- Click Apply when done and
save the
changes.
- Click Apply and Save for
each of the screens to confirm each setting.
Note: On the
last page, make sure the Current realm definition is
set to Standalone LDAP registry.
- Stop and restart the WebSphere Application Server.
- After the WebSphere Application Server restarts,
validate the changes by logging into the Admin Console.
- To map user groups to the specific applications, click .
- In the Enterprise
Applications list, select
the jazz_war application and click Stop.
- When the application stops, click the jazz_war application
to open it for editing.
- In the Detail properties
section, click Security
role to user/group mapping.
- Select
a specific group, such as JazzAdmins and JazzUsers,
and click Look up groups.
These
groups are associated with every Jazz™ implementation
and must be mapped to a particular LDAP group that contains the authorized
users. These groups must be set up on the LDAP server prior to performing
this mapping.
- Enter a search string to return your group names
from the
LDAP server. Click Search to run the query.
- From the list of available groups returned, select
the
particular group and move it to the Selected column.
- Click OK to map the LDAP groups
to the Jazz groups.
- Map the appropriate LDAP group for all Jazz groups:
- JazzAdmins
- JazzProjectAdmins
- JazzDWAdmins
- JazzUsers
- JazzGuests
Note: Do not enable the All authenticated? option.
- Save the changes, and restart the jazz_war application.
- Log out of the Admin Console, and close the browser
window.