To configure the Jazz® Authorization Server to use a
Lightweight Directory Access Protocol (LDAP) user registry, instead of a file-based user registry,
complete the following steps.
Before you begin
If you have not already done so, copy the files in the
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/defaults
directory up one level to the jazzop directory as described in Managing users on Jazz Authorization Server.Groups to Jazz Roles mappings are picked
from JTS configuration when JAS is configured with LDAP. When running JTS/setup, select the User
registry type as LDAP and configure to the same LDAP registry that is configured with JAS
and enter the group mappings under the property Jazz to LDAP Group
Mapping.
Procedure
-
Open the
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/appConfig.xml
file in an editor.
-
Comment out or delete the line that includes this content:
<include location="localUserRegistry.xml" optional="true"/>
-
Uncomment the line that contains this content:
<include location="ldapUserRegistry.xml" optional="true"/>
-
If the group name that is used for Jazz administrator access is not
JazzAdmins
, complete the next steps.
- In the
<oauth-roles>
element, edit the following
line.<group name="JazzAdmins"/>
- Change the
group name
attribute value from JazzAdmins
to the
name of your Jazz administrator group. For example, in the following sample configuration, the
clientManager
role is granted to members of the YourJazzAdmins
group.<oauth-roles>
<authenticated>
<special-subject type="ALL_AUTHENTICATED_USERS"/>
</authenticated>
<clientManager>
<group name="YourJazzAdmins"/>
</clientManager>
</oauth-roles>
- Be sure to include an administrator-role.
For more information, see Configuring an OpenID Connect Provider to accept client registration
requests.
-
Save your changes and close the file.
-
Open the
JazzAuthServer_install_dir/wlp/usr/servers/jazzop/ldapUserRegistry.xml
file in an editor.
-
Modify the
<ldapRegistry>
element for your LDAP registry.
-
Save your changes and close the file.