Troubleshooting
Problem
When the Corporate LDAP server has a customized naming attribute which is used as the Corporate User DN (Distinguished name), a new DN for corporate users is created in IBM Rational Directory Administration.
Symptom
If the corporate LDAP server is configured with Rational Directory Server and DOORS, then:
- All corporate users and groups will be listed in Rational Directory Administration.
- The properties of all corporate groups will be visible in Rational Directory Administration.
- The properties of all corporate users will not be visible in Rational Directory Administration.
- Corporate users will not be able to log in to DOORS (when DOORS is configured with the Rational Directory Server.)
- When logged in as 'administrator' and if a search is run on corporate users. None of the corporate users will be listed in the DOORS user search.
- When logged in as 'administrator' and if a search is run on corporate groups. All the corporate groups will be listed in the DOORS group search.
Cause
Rational DOORS uses Rational Directory Server (RDS) to authenticate and search users present in corporate LDAP server. Rational Directory Server connects to the corporate LDAP server to view all the corporate users and their properties to be shared with other consuming products (Rational DOORS, Rational Change-Synergy, etc).
There are two methods to configure a corporate LDAP as follows:
A. Default Corporate DN:
- In Rational Directory Server, when a new corporate partition is created, there are options of selecting the Corporate User Logon attribute as either 'CN' or 'UID' or 'sAMAccountName'. Rational Directory Server is aware of only these three attributes for creating a partition. This information is present in Rational Directory Server schema.
- After a partition is created in Rational Directory Server, all users with corporate DN that contains any of these log on attributes is read and recognized by Rational Directory Server. Rational Directory Server creates internal entry (extended user entries) for these corporate users.
- When a user tries to log on to DOORS or perform a user search, the DOORS API communicates with Rational Directory Server and looks for these extended user entries. If the entry is present:
- The DOORS log on is successful or,
- The user search operation will display all the corporate users.
Customers deploying the corporate LDAP server (ADS/Sunone) generally have a default corporate Distinguished Name (DN) configured. For example DN for ADS/Sunone might look like:
DN: uid=suser3,ou=People,dc=Company,dc=com OR,
DN: cn=suser3,ou=People,dc=Company,dc=com OR,
DN: sAMAccountName=suser3,ou=People,dc=Company,dc=com
Rational Directory Server configuration and its behavior when configured with this corporate LDAP server:
- Rational Directory Server will not be able to extract the user information or read its attributes as the DN is unknown to Rational Directory Server (attribute "ABC" not defined in Rational Directory Server schema).
- In addition, Rational Directory Server will not be able to create extended user entry for corporate users, and it will result in failure of the corporate user search and log on operation in Rational DOORS.
A scenario can exist where customers create customized naming attributes that result in a customized DN.
For example, customer ABC configures 'ABC' as a naming attributes in their corporate LDAP server and this custom attribute name is used in defining the corporate user DN . In such a case, the corporate DN would look like:
DN: ABC=suser3,ou=People,dc=Company,dc=com
Rational Directory Server configuration and its behavior when configured with this corporate LDAP server:
Environment
- Corporate LDAP server (ADS/Sunone).
- Rational Directory Server installed on any of the supported operating systems.
- Rational DOORS configured with Rational Directory Server (Tivoli).
Diagnosing The Problem
- Right click on corporate user to select its properties.
- The properties window will not be displayed.
Resolving The Problem
- Create the following script.
- Save the script in a text file as <filename>.ldif
- Use the ldapmodify command to apply the schema change.
- Restart the Rational Directory Server server.
Add the custom attribute name to the Rational Directory Server schema if it is used in the corporate user DN. The following workaround can be used to add the custom attribute to the schema.
dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15265.0.100 NAME '<custom_attribute_name>' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
ldapmodify command can be found at:
- Windows:<LDAP install location>\LDAP\V6.3\bin
Unix: <LDAP install location>LDAP/V6.3/bin
ldapmodify -p <port number> -h <IP Address> -D "uid=tdsadmin,ou=people,dc=telelogic,dc=com" -w <password> -i <Ldif file name>
eg: ldapmodify -p 1389 -h 9.121.222.222 -D "uid=tdsadmin,ou=people,dc=telelogic,dc=com" -w xyz123 -i CustomizedDN.ldif
Related Information
Was this topic helpful?
Document Information
Modified date:
01 May 2020
UID
swg21503110