Managing users with Lightweight Directory Access Protocol (LDAP)

This information helps you configure your Lightweight Directory Access Protocol (LDAP) registry to manage users.

By default, the Jazz™ server stores user information with encrypted passwords in the user database.

If you plan to use an LDAP registry with your Jazz server, you must configure your Apache Tomcat or WebSphere® Application Server to use an LDAP registry to authenticate users.

To configure LDAP to work with a Jazz server:
  1. Understand the LDAP configuration parameters. See Understanding the LDAP configuration parameters.
  2. Configure the Web container for Apache Tomcat or WebSphere Application Server.
    Note: The Jazz server user identity is case sensitive. When using LDAP for user management, turn off the not case-sensitive option. Work with your server administrator or consult your product documentation to ensure that the settings are case-sensitive.
  3. Create an initial Jazz server administrator.
  4. Configure the Jazz Server to use LDAP.
  5. Import the users.

For further details about this topic, see Managing users with LDAP in the IBM® Rational® Team Concert help.

Understanding the LDAP configuration parameters

Table 1. LDAP Parameters and descriptions
Parameter Value description
LDAP Registry Location The URL that references your LDAP server. ldap://ldap.example.com:389
User Name The user name to log in to this LDAP server. Some LDAP servers do not require a login and password. In this case, this parameter is blank.
Password The password that is associated with the user name.
Base user DN The search base indicates where in the hierarchy to begin the search for the users. For example, the search for users can begin with these attributes: o=[company],l=[your city],c=[your country]
User Property Names Mapping The mapping of Jazz user property names to LDAP registry entry attribute names. You must define these mappings:
  • userId =[LDAP user ID]
  • name =[LDAP user name]
  • emailAddress =[LDAP user e-mail]
This example shows defined mappings: userId=mail,name=cn,emailAddress=mail
Base Group DN This search base indicates where in the hierarchy to begin the search for the group names, for example, ou=memberlist,ou=yourgroups,o=example.com
Jazz to LDAP Group Mapping The mapping between Jazz groups and LDAP groups. One Jazz group can be mapped to multiple LDAP groups. Separate LDAP groups with a semicolon. For example: JazzAdmins=LDAPAdmins1;LDAPAdmins2 maps JazzAdmins group to LDAPAdmins1 and LDAPAdmins2. The Jazz Server defines 4 groups to map with:
  • JazzAdmins =[LDAP Group for Jazz admins]
  • JazzUsers =[LDAP Group for Jazz users]
  • JazzDWAdmins =[LDAP Group for Jazz Data Warehouse Admin]
  • JazzGuests =[LDAP Group for Jazz guest]
For example, JazzAdmins= YourGroupA, JazzUsers= YourGroupB, JazzDWAdmins= YourGroupC, JazzGuests= YourGroupD .
Group Name Property The LDAP Property that represents the name of the Jazz groups in the LDAP registry, for example: cn.
Group Member Property The LDAP Property that represent the members of a group in the LDAP registry, for example: uniquemember.

Feedback