Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2013 IBM Corporation LDAP Fundamentals & LDAP for CLM Bruce Besch IBM Rational Services.

Published byJanice Stevens Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2013 IBM Corporation LDAP Fundamentals & LDAP for CLM Bruce Besch IBM Rational Services."— Presentation transcript:

1 © 2013 IBM Corporation LDAP Fundamentals & LDAP for CLM Bruce Besch IBM Rational Services

2 © 2013 IBM Corporation Rational Services - ISSR 2 Agenda  LDAP basics  A sample LDAP directory structure  Dissecting a Distinguished Name  LDAP Groups  LDAP for CLM  Troubleshooting LDAP

3 © 2013 IBM Corporation Rational Services - ISSR 3 LDAP basics  LDAP: Lightweight Directory Access Protocol, an industry standard for storing and retrieving attributes of things (or people)  LDAP uses TCP ports 389 (insecure) and 636 (secure) by default  Directories typically have a hierarchical structure  Every directory entry has one or more attributes, each of which has one or more values  Every entry has a name that is unique across the directory, its Distinguished Name (DN)

4 © 2013 IBM Corporation Rational Services - ISSR 4 A sample LDAP directory structure dc=com dc=acme ou=USA ou=Germany ou=Contractors ou=Employees cn=Mary Hill cn=Steven Schmidt cn=Jill Voss dc: Domain Component (typically in Active Directory) ou: Organizational Unit cn: Common Name

5 © 2013 IBM Corporation Rational Services - ISSR 5 A sample LDAP directory structure (continued) dc=com dc=acme ou=USA ou=Germany ou=Contractors ou=Employees cn=Mary Hill cn=Steven Schmidt cn=Lisa Simpson Distinguished Name (DN): cn=Steven Schmidt,ou=Contractors,ou=USA,dc=acme,dc=com Distinguished Name (DN): cn=Steven Schmidt,ou=Employees,ou=Germany,dc=acme,dc=com

6 © 2013 IBM Corporation Rational Services - ISSR 6 Dissecting a Distinguished Name cn=Steven Schmidt,ou=Contractors,ou=USA,dc=acme,dc=com Level in the LDAP hierarchyHighestLowest The leftmost part of a Distinguished Name is lowest in the LDAP hierarchy. The rightmost part of a Distinguished Name is highest in the LDAP hierarchy. The DN above refers to the LDAP entry Whose Common Name attribute contains the value Steven Schmidt Which resides in the Organizational Unit Contractors Which resides in the Organizational Unit USA Which is part of the Domain Component acme Which is part of the Domain Component com

7 © 2013 IBM Corporation Rational Services - ISSR LDAP Groups  Groups are LDAP entries like any other object  There is one attribute that stores the DNs of the members of the group  This attribute has one value for each member.  This attribute has different names depending on the LDAP server and the LDAP schema 7

8 © 2013 IBM Corporation Rational Services - ISSR LDAP and CLM 8 Specify the connection information for the LDAP server. To use LDAP over SSL, use ldaps:// instead of ldap:// Specify the DN of the LDAP account used to search the directory (aka “Bind DN”). This is typically required by Active Directory but any LDAP server can require it. Specify the password of the Bind DN above

9 © 2013 IBM Corporation Rational Services - ISSR LDAP and CLM (continued) 9 Specify the Base DN that contains all users who are going to be able to log into CLM Specify which attributes in the LDAP entry for a user map to the corresponding properties in a CLM user record.

10 © 2013 IBM Corporation Rational Services - ISSR LDAP and CLM (continued) 10 Specify the Base DN that contains all groups that you are specifying in the field below Specify which LDAP groups map to the five Jazz system groups. If the LDAP group names match the Jazz group names, the default can be kept. Specify which attribute of the group entry in LDAP contains the name of the group. Specify which attribute of the group entry in LDAP contains the members of the group.

11 © 2013 IBM Corporation Rational Services - ISSR Choosing the right Base DN 11 dc=com dc=acme ou=USA ou=Germany ou=Contractors ou=Employees cn=Steven Schmidt cn=Mary Hill cn=Steven Schmidt cn=Jill Voss When searching for objects in the directory, CLM will start at the Base DN and search it and all levels below. For performance reasons choose the lowest point in the hierarchy that is high enough to contain all users/groups who need access to CLM as the Base DN.

12 © 2013 IBM Corporation Rational Services - ISSR Testing the LDAP configuration 12 Enter the user ID of an LDAP-authenticated user that will have administrative privileges to continue to the setup. This user must be member of the LDAP group mapped to JazzAdmins. Note: “user ID” refers to the LDAP attribute that was configured to map to the “userId” property in Jazz.

13 © 2013 IBM Corporation Rational Services - ISSR Saving Tomcat Files  When using Tomcat, the LDAP configuration is stored in XML files  Clicking “Save Tomcat Files” will write the LDAP configuration to temporary XML files in the Tomcat directories  First click “Next” in the JTS Setup Wizard, then replace the existing XML files with the temporary XML files to enable the LDAP configuration: \server\tomcat\conf\server.xml \server\tomcat\webapps\admin\WEB-INF\web.xml \server\tomcat\webapps\ccm\WEB-INF\web.xml \server\tomcat\webapps\jts\WEB-INF\web.xml \server\tomcat\webapps\rm\WEB-INF\web.xml \server\tomcat\webapps\qm\WEB-INF\web.xml  Finally restart Tomcat, restart the browser and start the JTS Setup Wizard again, this time log in using an LDAP-authenticated user and continue through the wizard. 13

14 © 2013 IBM Corporation Rational Services - ISSR Importing Users 14 In order for users to be able to log into CLM, they must be imported into the Jazz repository. You can search for users using the Import Users wizard. The asterisk (*) is available as a wildcard. Users are synced nightly with the LDAP server, so users added in LDAP will be created in CLM by the next day. (You can also trigger the sync manually at any time.)

15 © 2013 IBM Corporation Rational Services - ISSR Connecting to an LDAP server using an LDAP management tool  Apache Directory Studio is an open source Eclipse-based management tool that can connect to any LDAP server.  You can use it to browse the LDAP hierarchy, perform searches or make changes to the directories entries.  It is available for download from http://directory.apache.org/studio/ 15

16 © 2013 IBM Corporation Rational Services - ISSR Troubleshooting basic LDAP problems  LDAP configuration is complete but the Import Users wizard shows no users –Use an LDAP management tool to verify that the Base DN for users and the search string are correct and make changes as necessary  A user does not have JazzAdmin privileges even though that user is member of the corresponding group in LDAP –Verify that the Jazz group-to-LDAP group mapping is correct –Verify that the correct LDAP attribute was selected as the one containing membership information –Verify that the Base DN for groups is correct and use an LDAP management tool to verify the group can be found –If the user has a mixed-case username or entered their username with a different case than what is stored in LDAP, make sure that case insensitive user matching is enabled. This is a setting that is configurable on the Advanced Properties page in JTS. 16

17 © 2013 IBM Corporation Rational Services - ISSR 17 © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. www.ibm.com/software/rational

Download ppt "© 2013 IBM Corporation LDAP Fundamentals & LDAP for CLM Bruce Besch IBM Rational Services."

Similar presentations

IBM Industry Security Electric Sector Security Awareness Rising

IBM Industry Security Electric Sector Security Awareness Rising
UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.

UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.
IBM Rational Team Concert

IBM Rational Team Concert
© 2009 IBM Corporation iEA16 Defining and Aligning Requirements using System Architect and DOORs Paul W. Johnson CEO / President Pragmatica Innovations.

© 2009 IBM Corporation iEA16 Defining and Aligning Requirements using System Architect and DOORs Paul W. Johnson CEO / President Pragmatica Innovations.
© 2009 IBM Corporation SDP023 Extending Rational Team Concert 2.0 Jean-Michel Lemieux Team Concert PMC Jazz Source Control Lead IBM Rational Software Ottawa,

© 2009 IBM Corporation SDP023 Extending Rational Team Concert 2.0 Jean-Michel Lemieux Team Concert PMC Jazz Source Control Lead IBM Rational Software Ottawa,
® IBM Software Group © 2010 IBM Corporation Rational Publishing Engine and Rational Change configuration Francisco López Minaya Rational Technical Solution.

® IBM Software Group © 2010 IBM Corporation Rational Publishing Engine and Rational Change configuration Francisco López Minaya Rational Technical Solution.
The following 10 questions test your knowledge of Internet-based client management in Configuration Manager 2007. Configuration Manager 2007 Internet-Based.

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
© 2013 IBM Corporation Green Hat Technology Demo Certification Program.

© 2013 IBM Corporation Green Hat Technology Demo Certification Program.
RTC Agile Planning Component

RTC Agile Planning Component
® IBM Software Group © 2007 IBM Corporation Achieving Harmony IBM's Platform and Methodology for Systems Engineering and Embedded Software Development.

® IBM Software Group © 2007 IBM Corporation Achieving Harmony IBM's Platform and Methodology for Systems Engineering and Embedded Software Development.
Design Management: When Model Driven Engineering Embraces the Semantic Web NECSIS 2012, Gatineau, QC 27 June 2012 Maged Elaasar.

Design Management: When Model Driven Engineering Embraces the Semantic Web NECSIS 2012, Gatineau, QC 27 June 2012 Maged Elaasar.
Authenticating REST/Mobile clients using LDAP and OERealm

Authenticating REST/Mobile clients using LDAP and OERealm
Understanding Active Directory

Understanding Active Directory
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal
® IBM Software Group © 2013 IBM Corporation Innovation for a smarter planet Timeboxes in a New Paradigm of Behavior Modeling Barclay Brown, ESEP IBM

® IBM Software Group © 2013 IBM Corporation Innovation for a smarter planet Timeboxes in a New Paradigm of Behavior Modeling Barclay Brown, ESEP IBM
© 2011 IBM Corporation Overview on Modeling RESTful Services August, 2011 Manoj Paul, Software Developer, Rational,

© 2011 IBM Corporation Overview on Modeling RESTful Services August, 2011 Manoj Paul, Software Developer, Rational,
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Click to add text © 2012 IBM Corporation 1 Streams Toolkit Landscape InfoSphere Streams Version 3.0 Mike Branson Toolkits.

Click to add text © 2012 IBM Corporation 1 Streams Toolkit Landscape InfoSphere Streams Version 3.0 Mike Branson Toolkits.
® IBM Software Group © 2012 IBM Corporation OPTIM Data Studio – 3.1.1 Jon Sayles, IBM/Rational November, 2012.

® IBM Software Group © 2012 IBM Corporation OPTIM Data Studio – Jon Sayles, IBM/Rational November, 2012.
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

Similar presentations

Ads by Google