Using a single point for authentication greatly reduces the amount of time spent on system administration. Lightweight Directory Access Protocol (LDAP) is a common choice for bringing multiple systems together. IBM® Tivoli® Directory Server provides LDAP authentication and more.

Several Rational products require some form of security and include LDAP as a choice for authentication. This series covers installation of Tivoli Directory Server for use with the IBM® Rational® Build Forge® management console and agent, IBM® Rational® ClearQuest®, and IBM® Rational® RequisitePro®. The Rational applications will each be configured to use Tivoli Directory Server, and the clients will be used to test the configurations.

For purposes of this series, we assume that you already have an IBM Flex License Server in place to allow use of the Rational products. We also assume a basic knowledge of the specific Rational software. All of the installations are done on the Microsoft® Windows® platform, and we use these versions of the applications:

• Tivoli Directory Server, Version 6.0
• Rational Build Forge, Version 7.0.0.077
• Rational ClearQuest, Version 7.0
• Rational RequisitePro, Version 7.0

This first article in this series starts with the preconditions for installation and setup for Tivoli Directory Server. After it is ready to use as the backend, you will install the Build Forge management console and agent components and then configure Build Forge to use your LDAP server.

Plan your deployment

Although it is possible to install both on the same machine, it is best to install Tivoli Directory Server and Build Forge on two different machines. Tivoli Directory Server Version 6.0 requires 2GB of free disk space and can be installed on these platforms:

• Microsoft Windows server versions 2003 Standard, Enterprise, Datacenter SP1and R2 (32- and 64-bit)
• IBM® AIX® Version 5.2 (Maintenance Level 5 and later) and 5.3 (Technology Level 1 and later)
• Red Hat Enterprise Linux® 4 and 5 (32- and 64-bit Intel,® AMD, IBM® System z,™ IBM ®Power PC®, and IBM® System i™)
• SUSE Linux Enterprise Server 9 and 10 (32- and 64-bit Intel, AMD, IBM System z, IBM Power PC, and IBM System i), Solaris 9 (SPARC) and 10 (SPARC and Windows Professional XP x64 Edition)
• HP-UX 11i v2 (PA-RISC and Integrity)

Build Forge requires 2 GB of free disk space and 1GB of RAM on the installed system. Build Forge Standard Edition can be installed on Red Hat Enterprise Linux 3 and Windows 2000, Windows Server 2003, and Windows XP Pro. Build Forge Enterprise Edition adds platform support for Fedora Core 3 and Solaris 9 or later.

1. Choose a user name with eight characters or less on the Tivoli Directory Server machine. This is for the user who is running the server.
2. For working through this example, use TDSAdmin.

Set up the Tivoli Directory Server

Tivoli Directory Server is a product with many dependencies, so it installs a number of things automatically for you. These include the IBM®DB2® database and IBM® WebSphere® Application Server. Although it is possible to use other versions and even other database and application server products, we will stick with the provided default versions of DB2 and WebSphere Application Server for this example.

1. Begin the installation of Tivoli Directory Server. When prompted for which components to install, select every component except the Global Security Kit (GSKit).

Note:
The GSKit is needed only for adding Secure Sockets Layer (SSL) and Transport Layer Security (TLS), which are outside of the scope of this article.

2. When the installation is completed, click Finish in the installation wizard to close it.
3. The Server Instance Administration Tool will launch automatically. (If it does not, click Start > Programs > IBM Tivoli Directory Server V6.0, and then click Install Administration Tool).
4. Create a new directory server instance.
• For User name, type in the administrator user name that you created before installation: TDSAdmin.
• Under Install location, select the drive that you want to use.
• In the Encryption seed string field, type a string of your choice, but one that is at least 12 characters long.

8. Tivoli Directory Server has already automatically installed the IBM DB2 database. Use the same user name for the DB2 instance name (Figure 4) as you did during installation: TDSAdmin (it should default to the correct value).

9. Check Configure admin DN and password and Configure database (Figure 4).

10. DN (Distinguished Name) is the unique identifier for an LDAP entry. Leave cn=root for the DN, and type a password for the instance (Figure 5). When creating the new instance, use the DB2 system ID that you created, and provide a database name. If the database does not already exist, it will be created for you within the previously created DB2 instance.

When you get to the end of the installation wizard, a new window appears to show progress. If the installation is successful, it should look something like Figure 6.

11. After finishing the installation, you will see that two new services have been added (Figure 7). Start them if they are not already launched.

Configure the Tivoli Directory Server

It is time to configure Tivoli Directory Server by using the Web Administration tool. It runs on top of the WebSphere Application Server that was installed automatically when you installed Tivoli Directory Server.

1. To start the WebSphere Application Server instance that Tivoli Directory Server will use, open a command prompt for the following:
   

   C:\Program Files\IBM\LDAP\V6.0\appsrv\bin>startServer.bat server1

   
   
2. Replace the path with yours if you did not use the default for the installation (Figure 8).

3. Now that WebSphere Application Server is running, you can access the Web Administration tool by opening this URL in a Web browser on your server:
   

   http://localhost:12100/IDSWebApp/IDSjsp/Login.jsp

   
   
4. Use superadmin for the user name and secret for the password. These are the defaults.
5. Under Console administration, you will see a link to Manage console servers. Select it and add localhost to the list of servers, leaving the Enable SSL encryption option unchecked (Figure 9).

Now that localhost has been added, it will appear as a server option on the login page.

6. Log in to localhost by logging off the current session and then selecting localhost for the server as you log back in. Your administrator DN for localhost, if you left the default, is cn=root.
7. Next, add a suffix to the server by selecting Server Administration > Manage Server Properties, and then selecting Suffixes.
8. Type o=jke.ibm.com in the suffix DN field, click Add, and then click OK.
9. Now go to Directory Management > Manage Entries, and select the new suffix in the list.
10. Click the Add button.

Now you must create an entry for this suffix.

11. To add an entry for a newly created suffix, click Directory management > Add an entry > Add.
12. When the Add an entry window displays, select Organization from the Structural object classes list, and click Next. The Select auxiliary object classes window will display, but no other object classes are necessary, so just click Next.
13. For this example, enter the Relative DN as o=jke.ibm.com and leave the Parent DN blank.
14. Click Finish.

This will take you back to the Manage entries window, where you will see the newly added suffix in the list of top-level entries.

14. Add an organizationalUnit with no Auxiliary Object Class. The Relative DN should be ou=jke_us, and the Parent DN should already be o=jke.ibm.com.
15. Add a second organizationalUnit under jke_us, and for the Relative DN., use ou=users. These new suffixes and organizational units enable you to add users.
16. Now, add a user to Tivoli Directory Server by going to Directory Management > Manage Entries and drilling down to the users group by selecting the suffix and units and then clicking the Expand button.
17. When you have the user's organizationalUnit selected, add an inetOrgPerson.
18. On the Enter the Attributes page, use the attributes and values that Table 1 shows.

19. Click Finish.

You have now created an LDAP user on Tivoli Directory Server within a new organization.

Users who will log in using the Tivoli Directory Server need access to the Tivoli Directory Server keyfile on the server. Our copy defaulted to this:

C:\Program Files\IBM\LDAP\v6.0\etc\ldapkey.kdb
  

20. Share the directory so that the user running the applications on other machines can see the file.

Status summary

These tasks are now finished:

• You have installed and configured Tivoli Directory Server.
• DB2 and WebSphere Application Server were automatically installed and configured during the Tivoli Directory Server installation.
• You added a user entry to the server and opened access for the Tivoli Directory Server keyfile.

Back to top

Set up the Build Forge management console and agent

Now that Tivoli Directory Server has been installed, configured, and populated, you can install and set up Build Forge to use it for authentication. If you are installing the system to perform a trial or to test a specific feature, you may want to install the Build Forge management console and one Build Forge agent on the same machine. These two components are enough for a working Build Forge system, so that you can test the system without using additional machines. Someone installing for production would typically install the management console on one machine to control the other machines, which are set up with an appropriate version of the agent.

1. Launch the Build Forge management console installation, and choose Next when it appears (Figure 10).

2. Accept the License Agreement.
3. Enter the installation location, and click Next (Figure 11).

4. Enter the License Host port (the default port is 80).

Important:
We are using an internal license server for this example. If you do not have an internal license server for Build Forge, you will need to deploy one and configure this after setting it up. Please consult your Build Forge documentation for this (see Resources for a link).

5. Choose Use IBM Rational supplied database if you do not have an existing database

Note:
For DB2 to install properly, the user account must be for an administrator on the local machine.

Alternatively, you can connect to an existing database by selecting Datasource Name, Database Type (DB2, Oracle, MySQL, Sybase, SQLServer), Username, and Password. It is best to use the default database option because of a license problem that occurs with other databases (see Figure 13):>

6. After the installation completes, you must reboot your system.
7. If the Build Forge engine is not running, start it now.
8. You will then need to launch the management console. The administrator user name and password is root for both.

Build Forge does not require that the user names are prepopulated into its repository. After a valid user name is supplied and access is granted, that user is automatically recognized by the Build Forge system. When the user is recognized, the only attributes that can be modified are the time zone, date format, and console login characteristics. All other information is governed by the LDAP directory. The Build Forge system will not use LDAP authentication until you create at least one LDAP domain.

Create an LDAP domain

9. Log into the Build Forge management console as the admin user (Figure 14).

10. Select Administration from the top of the left navigation menu (Figure 15).

11. Select LDAP from the bottom of the left navigation menu (Figure 16).

12. Click the Add LDAP Domain button in the right panel (Figure 17).

13. Enter the information for the LDAP server. Here is the information that you need for the domain:
• Domain Name: Enter whatever you want to call your domain. We use JKE_US for this example. Note that our server already has three domains in it, including this one.
• Host and Port: <yourldapserver:389>
• Search Base: <ou=users,ou=jke_us, o=jke.ibm.com>
• Unique Identifier: <mail=%>
• Display Name: <cn>
• Distinguished Name: <dn>
• Group Unique Identifier: <mail=%>
14. Save the LDAP domain.

Test the LDAP configuration

The next part of this article shows how to test the LDAP configuration for a domain in Build Forge. The steps for authenticating with a user account in the LDAP server are also included.

15. Select Administration from the top of the left navigation menu (Figure 18).

16. Select LDAP from the bottom of the left navigation menu (Figure 19).

17. Select a domain (Figure 20).

18. Click Test LDAP Domain (Figure 21).

19. Confirm the test by clicking OK (Figure 22).

20. Verify that the domain passes the test. Build Forge queries the LDAP server, verifying that it can make a connection by using the configuration information that you have supplied. If the test is successful, a check mark will appear by the Test LDAP Domain button (Figure 23).

21. Log out of Build Forge (Figure 24).

22. Log into Build Forge by using an LDAP account.
23. Supply a valid LDAP user name and password, using the JKE US domain (Figure 25).

Note:
The system remembers LDAP users after they log in once. LDAP users appear on user lists only after they have logged in at least once.

You have successfully completed the installation of Rational Build Forge and configured it to use accounts that are set up on Tivoli Directory Server for LDAP authentication.

Resources

Learn

• Take a look at a demo of Build Forge
  
  
• Attend a live demo of Build Forge
  
  
• Attend a Webcast on Build and Release Management with Build Forge
  
  
• Consult the IBM Tivoli Directory Server documentation for further information.
  
  
• Check the Rational Build Forge documentation for technical resources and best practices for Rational Software Delivery Platform products.
  
  
• Visit the Rational software area on developerWorks for technical resources and best practices for Rational Software Delivery Platform products.
  
  
• Subscribe to the developerWorks Rational zone newsletter. Keep up with developerWorks Rational content. Every other week, you'll receive updates on the latest technical resources and best practices for the Rational Software Delivery Platform.
  
  
• Subscribe to the Rational Edge newsletter for articles on the concepts behind effective software development.
  
  
• Browse the technology bookstore for books on these and other technical topics.
  
  

Get products and technologies

• Find more resources for build and release engineers and managers in the Build Forge area of the developerWorks Rational zone, including articles and whitepapers, links to training, discussion forums, product documentation and support.
  
  
• Download trial versions of IBM Rational software.
  
  

Discuss

• Participate in the discussion forum.
  
  
• Talk to an IBM Rational Build Forge Specialist: call me – email us
  
  
• Seeking answers or advice about good build and release management practices? Are you a Build Forge user looking to connect with others? Post in the Build and release Management/Build Forge forum on developerWorks.
  
  

About the authors

Comments (Undergoing maintenance)

Back to top

Trademarks  |  My developerWorks terms and conditions

Table of contents

• Plan your deployment
• Set up the Tivoli Directory Server
• Set up the Build Forge management console and agent
• Resources
• About the authors
• Comments

Next steps from IBM

• Try: Rational ClearQuest
• Demo: Create customized queries with IBM Rational ClearQuest
• Webcast: Tips on achieving global IT efficiency through collaboration, automation, and project insight
• Briefing: Quality driven software delivery
• Buy: Rational ClearQuest

My developerWorks community

Dig deeper into Rational on developerWorks

Rate a product. Write a review.

Write a review for Rational products today!

Special offers