Topic
  • 1 reply
  • Latest Post - ‏2009-04-01T16:58:32Z by SystemAdmin
Justin_wzy
Justin_wzy
1 Post

Pinned topic How to configure Rational Quality Manager for IBM LDAP Blue Pages

‏2009-04-01T09:47:24Z |
Hi, pals,

Could someone help to provide a step-by-step instruction on how to confiure Rational Quality Manager for IBM LDAP Blue Pages?

I tried the wiki page for RTC (https://jazz.net/wiki/bin/view/Main/LDAP4Dummies) but it does not work fine for me.
  • SystemAdmin
    SystemAdmin
    475 Posts

    Re: How to configure Rational Quality Manager for IBM LDAP Blue Pages

    ‏2009-04-01T16:58:32Z  
    Hello Justin,

    I have set up RQM to be used with LDAP, although it is a bit tricky when I did it. I actually configured it using the help of an automated script that was distributed by part of the RQM development team, although it is not necessary to use this script. I will try to be as thorough as I can be on how to configure it manually.

    I will also just mention that this is regarding a Websphere Application Server (WAS) environment. As far as I know, the default Tomcat application server stores its members in XML files. There might be a way to hook up Tomcat to use LDAP, but after several days of searching on both internal IBM sites and on the internet, I came up empty-handed. So, this guide is for using WAS.

    The idea of this is that there is LDAP settings for both your application server, and for RQM. Even if RQM is enabled for LDAP correctly, this application is still running on top of WAS. If WAS is not also configured to accept and send LDAP requests, then the whole thing will fail.

    I'll also assume that you have Websphere installed, and you have RQM installed and running under WAS.

    Setup WAS with Bluepages LDAP

    1. Login to your Websphere administrative console (Default should be https://localhost.com:9043/ibm/console , if running from the localhost machine)
    2. Click on the links "Security -> Secure administration, applications, and infrastructure.
    3. Towards the bottom of this screen is a menu that says "Available realm definitions" ... set this to "Standalone LDAP registry". Click the button that says "Configure" next to it.
    4. Click the link on the right-hand side of the screen that says "Advanced LDAP user registry settings".
    5. These should already be filled out, but set them to be the following:

    *User filter = (&(mail=%v)(objectclass=ePerson))
    *Group filter = (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
    *User ID map = *:mail
    *Group ID map = *:cn
    *Group-member ID map = ibm-allGroups:member;ibm-allGroups:uniqueMember
    *Certificate Map mode = EXACT_DN

    Click OK, and save these settings to the master configuration.

    6. Now return to the page accessed before the Advanced LDAP settings page (Secure administration, applications, and infrastructure > Standalone LDAP registry). Make sure that these fields are set:

    • Primary administrative user name = <Your Bluepages LDAP username> ... Also set the server user identity that is stored to your Bluepages LDAP username and password.
    • Type of LDAP server = Custom
    • Host = bluepages.ibm.com
    • Port = 389
    • Base Distinguished name = o=ibm.com
    • search timeout = 120

    Make sure that the two checkboxes "Reuse Connection" and "Ignore case for authorization" are checked.

    Test your configuration ... everything should be OK. Save your configuration to the master configuration file, and click OK.

    7. Now, returning to the "Secure administration, applications, and infrastructure" page, make sure that the "Available realm definition" selection is set to Standalone LDAP registry. Click the button next to it that says "set as current". Save this setting to the master config file.

    You will also want to make sure that the two checkboxes for "Enable administrative security" and "Enable application security" are checked. The "Enable application security" will enable these LDAP settings across all of your applications (a good thing). The administrative security will allow you to port these same LDAP settings to the Websphere admin console. Thus, you should be able to log into Websphere using your LDAP Bluepages credentials.

    Save all settings to the master configuration file.

    8. The last thing you will need to do is map a user to the proper security role for RQM. Click on the navigational link "Applications->Enterprise Applications->jazz_war->Security role to user/group mappng".

    Check the JazzAdmins box, and click on "Look up users". In the search string text box, enter in the beginning of your email, with an asterisk ('*') character afterward. This text is a regular expression that will be used to search for your email address, which is unique. For example, my email is "ajbetz@us.ibm.com" ... I couldnt enter in my email, or I could enter in "ajbetz*".

    Click the search button. There should only be one returned user. Select this user, and click the ">>" button to map this user to the JazzAdmins group. Click OK, and save the configurations. Doing this operation will grant you Administrative level access on this application. If you require other users to also have access to this application, you will also need to map them. One alternative to this is to create a new bluegroup, and add all of your users to this group. Then instead of mapping each user in WAS, you can just map the single group to this security role, and all members of this group will be given the same access level.

    9. To test your LDAP settings, logout of the administrative console, and log back into WAS using your Bluepages LDAP credentials. You should be able to log in. This will confirm that your LDAP settings are correct


    To setup LDAP in RQM, you should be able to follow the online instructions for setting up LDAP, using many of the same parameters used to enable LDAP for WAS. For example, when setting up LDAP in RQM, there will be a "Base Distinguished Name (DN)" field, and you should copy in the value used for the configuration above.

    The included documentation on how to do this within RQM should be fairly straightforward. If you have further questions or problems, or need more instructions on how to set this up in RQM, just respond to this thread, and I will write something up for you.

    I hope this helps!