![[레벨:9]](http://jazzlab.net/jazz/modules/point/icons/default/9.gif "포인트:8896point (93%), 레벨:9/30"){kind=icon}
풍차1. Create LDAP Groups
If you want to manage RTC users with LDAP, you should find LDAP Groups that will be mapped to your Jazz repository roles (JazzAdmins, JazzUsers, etc.).
LDAP administrator can create new LDAP Groups.
After that, you should define the mapping between Jazz role name and the LDAP Groups.Sample mapping:
|
Jazz Repository role |
LDAP Group |
|
JazzAdmins |
MyTestJazzAdmins |
|
JazzDWAdmins |
MyTestJazzDWUsers |
|
JazzProjectAdmins |
MyTestJazzProjectAdmins |
|
JazzUsers |
MyTestJazzUsers |
|
JazzGuests |
MyTestJazzGuests |
If you do not need fine-grained access control, a LDAP Group can be mapped to multiple Jazz roles. For example, you can map MyTestJazzUsers LDAP Group to all of the Jazz roles, when all member in the MyTestJazzUsers LDAP Group access all capability of RTC.
2. Perform RTC setup wizard to configure LDAP
2. Login using ADMIN / ADMIN
3. Select “Custom Setup”
4. Configure DB connection setting, and click “Next >”
5. Configure e-mail notification setting, and click “Next >”
6. Configure Repository’s Public URL and click “Next >”
7.
Before configure LDAP
connection, create an administrator user.
Leaving Step 5.1 as “Tomcat User Database”, input the user information on Step
5.2 like this:
User ID: Your User ID
(userId is changed to mail,
according to jazzy.com user id policy)
<실전> MyTestJazzAdmins에 속한 사용자 계정을 만들어야 함
Name: Your name
Password: Intranet password (not necessary, since this is a temporary password that will be stored in tomcat-user.xml).
E-mail Address: Your mail address
In Step 5.3,
check “Disable default ADMIN access”
In Step 5.4, select the Client Access License for the new user.
8. Click “Next” to create the administrator user into RTC repository.
9. Click “Back” to continue configuring LDAP access setting.
10.
Select the “LDAP” in Step 5.1
11. Input the LDAP access information to access LDAP server.
LDAP
Registry Location: ldap://ldap.jazzy.com:389
User Name: leave blank (can access LDAP anonymously)
Password: leave blank
Base Use DN: ou=people, o=jazzy.com
User Property Names Mapping: userId=mail,
name=cn, emailAddress=mail
(userId is changed to mail,
according to jazzy.com user id policy)
Base Group DN: ou=memberList, ou=groups, o=jazzy.com
Jazz to LDAP Group Mapping: <The
mapping you determined>
e.g. JazzAdmin=MyTestJazzAdmins,JazzUsers=MyTestJazzUsers,….
Group Name Property: cn
Group Member Property: members
12. Click “Test Connection”.
13. If the test connection finished successfully, click “Next” and finish the wizard.
3. Configure LDAP authentication (tomcat server.xml)
1. Stop Jazz Team Server
2. Open C:\jazz\server\tomcat\conf\server.xml for edit.
3.
Comment the following
<Realm> element.
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"
digest="SHA-1"
digestEncoding="UTF-8"/>
4.
Add the following <Realm>
element to enable LDAP access.
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://ldap.jazzy.com:389"
userSearch="(mail={0})"
userBase="ou=people,o=jazzy.com"
userSubtree="true"
roleSearch="(members={0})"
roleName="cn"
roleSubtree="false"
roleBase="ou=memberList,ou=groups,o=jazzy.com"/>
4. Configure security-role information in web.xml
The last thing you should configure is security information in deployment descriptor (web.xml) of the jazz.war.
1. Open C:\jazz\server\tomcat\webapps\jazz\WEB-INF\web.xml for edit.
2. Add <security-role> elements for your LDAP Groups.
3. Add <security-role-ref> elements for mapping of your LDAP Groups and Jazz roles.
For detail, please refer the following information:
Managing
users with Lightweight Directory Access Protocol (LDAP)
|
…생략… <init-param> <param-name>frameworkLauncherClass</param-name> <param-value>com.ibm.team.repository.server.servletbridge.JazzFrameworkLauncher</param-value> </init-param> <load-on-startup>1</load-on-startup> <!-- Map Jazz Roles to LDAP Groups --> <security-role-ref>
<role-name>JazzAdmins</role-name>
<role-link>MyTestJazzAdmins</role-link> </security-role-ref> <security-role-ref>
<role-name>JazzDWAdmins</role-name>
<role-link>MyTestJazzDWAdmins</role-link> </security-role-ref> <security-role-ref>
<role-name>JazzUsers</role-name>
<role-link>MyTestJazzUsers</role-link> </security-role-ref> <security-role-ref>
<role-name>JazzGuests</role-name> <role-link>MyTestJazzGuests</role-link> </security-role-ref> <security-role-ref>
<role-name>JazzProjectAdmins</role-name>
<role-link>MyTestJazzProjectAdmins</role-link> </security-role-ref> …생략… <auth-constraint> <role-name>JazzUsers</role-name> <role-name>JazzAdmins</role-name> <role-name>JazzGuests</role-name> <role-name>JazzDWAdmins</role-name> <role-name>JazzProjectAdmins</role-name> <!-- Add LDAP Groups -->
<role-name>MyTestJazzUsers</role-name>
<role-name>MyTestJazzAdmins</role-name>
<role-name>MyTestJazzGuests</role-name>
<role-name>MyTestJazzDWAdmins</role-name>
<role-name>MyTestJazzProjectAdmins</role-name> </auth-constraint> …생략… <auth-constraint> <role-name>JazzAdmins</role-name>
<!-- Add LDAP Groups --> <role-name>MyTestJazzAdmins</role-name> </auth-constraint> …생략… <security-role> <role-name>JazzAdmins</role-name> </security-role>
<security-role> <role-name>JazzDWAdmins</role-name> </security-role>
<security-role> <role-name>JazzUsers</role-name> </security-role> <security-role> <role-name>JazzGuests</role-name> </security-role> <security-role> <role-name>JazzProjectAdmins</role-name> </security-role> <!-- Add LDAP Groups --> <security-role>
<role-name>MyTestJazzAdmins</role-name> </security-role> <security-role>
<role-name>MyTestJazzDWAdmins</role-name> </security-role> <security-role>
<role-name>MyTestJazzUsers</role-name> </security-role> <security-role>
<role-name>MyTestJazzGuests</role-name> </security-role> <security-role>
<role-name>MyTestJazzProjectAdmins</role-name> </security-role> |