Corporate users are not listed in DOORS or cannot login to DOORS, when corporate LDAP server is configured with Custom DN

Technote (troubleshooting)


Problem(Abstract)

When the Corporate LDAP server has a customized naming attribute which is used as the Corporate User DN (Distinguished name), a new DN for corporate users is created in IBM Rational Directory Administration.

Symptom

If the corporate LDAP server is configured with Rational Directory Server and DOORS, then:

  • All corporate users and groups will be listed in Rational Directory Administration.
  • The properties of all corporate groups will be visible in Rational Directory Administration.
  • The properties of all corporate users will not be visible in Rational Directory Administration.
  • Corporate users will not be able to log in to DOORS (when DOORS is configured with the Rational Directory Server.)
  • When logged in as 'administrator' and if a search is run on corporate users. None of the corporate users will be listed in the DOORS user search.
  • When logged in as 'administrator' and if a search is run on corporate groups. All the corporate groups will be listed in the DOORS group search.


Cause

Rational DOORS uses Rational Directory Server (RDS) to authenticate and search users present in corporate LDAP server. Rational Directory Server connects to the corporate LDAP server to view all the corporate users and their properties to be shared with other consuming products (Rational DOORS, Rational Change-Synergy, etc).

There are two methods to configure a corporate LDAP as follows:

A. Default Corporate DN:


    Customers deploying the corporate LDAP server (ADS/Sunone) generally have a default corporate Distinguished Name (DN) configured. For example DN for ADS/Sunone might look like:

      DN: uid=suser3,ou=People,dc=Company,dc=com OR,
      DN: cn=suser3,ou=People,dc=Company,dc=com OR,
      DN: sAMAccountName=suser3,ou=People,dc=Company,dc=com

    Rational Directory Server configuration and its behavior when configured with this corporate LDAP server:
    • In Rational Directory Server, when a new corporate partition is created, there are options of selecting the Corporate User Logon attribute as either 'CN' or 'UID' or 'sAMAccountName'. Rational Directory Server is aware of only these three attributes for creating a partition. This information is present in Rational Directory Server schema.
    • After a partition is created in Rational Directory Server, all users with corporate DN that contains any of these log on attributes is read and recognized by Rational Directory Server. Rational Directory Server creates internal entry (extended user entries) for these corporate users.
    • When a user tries to log on to DOORS or perform a user search, the DOORS API communicates with Rational Directory Server and looks for these extended user entries. If the entry is present:
      • The DOORS log on is successful or,
      • The user search operation will display all the corporate users.
B. Customized Corporate DN:

    A scenario can exist where customers create customized naming attributes that result in a customized DN.

    For example, customer ABC configures 'ABC' as a naming attributes in their corporate LDAP server and this custom attribute name is used in defining the corporate user DN . In such a case, the corporate DN would look like:


      DN: ABC=suser3,ou=People,dc=Company,dc=com

    Rational Directory Server configuration and its behavior when configured with this corporate LDAP server:
    • Rational Directory Server will not be able to extract the user information or read its attributes as the DN is unknown to Rational Directory Server (attribute "ABC" not defined in Rational Directory Server schema).
    • In addition, Rational Directory Server will not be able to create extended user entry for corporate users, and it will result in failure of the corporate user search and log on operation in Rational DOORS.

Environment

Corporate LDAP server (ADS/Sunone).

  • Rational Directory Server installed on any of the supported operating systems.
  • Rational DOORS configured with Rational Directory Server (Tivoli).

Diagnosing the problem

Right click on corporate user to select its properties.

  • The properties window will not be displayed.

Resolving the problem


Add the custom attribute name to the Rational Directory Server schema if it is used in the corporate user DN. The following workaround can be used to add the custom attribute to the schema.

    • Create the following script.
      dn: cn=schema
      changetype: modify
      add: attributetypes
      attributeTypes: ( 1.3.6.1.4.1.15265.0.100 NAME '<custom_attribute_name>' SYNTAX
      1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
    • Save the script in a text file as <filename>.ldif
    • Use the ldapmodify command to apply the schema change.
      ldapmodify command can be found at:
        Windows:<LDAP install location>\LDAP\V6.3\bin
        Unix: <LDAP install location>LDAP/V6.3/bin

      ldapmodify -p <port number> -h <IP Address> -D "uid=tdsadmin,ou=people,dc=telelogic,dc=com" -w <password> -i <Ldif file name>

      eg: ldapmodify -p 1389 -h 9.121.222.222 -D "uid=tdsadmin,ou=people,dc=telelogic,dc=com" -w xyz123 -i CustomizedDN.ldif
    • Restart the Rational Directory Server server.

Related information

RDS common problems

Cross reference information
Segment Product Component Platform Version Edition
Software Development Rational DOORS Directory Server Linux, Solaris, Windows 9.2, 9.2.0.1, 9.2.0.2, 9.2.0.3, 9.2.0.4, 9.2.0.5, 9.3, 9.3.0.1, 9.3.0.2, 9.3.0.3

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Rational Directory Server
General Information

Software version:

5.0, 5.1, 5.1.0.1, 5.1.0.2, 5.2, 5.2.0.1

Operating system(s):

Linux, Solaris, Windows

Reference #:

1503110

Modified date:

2013-08-23

Translate my page

Machine Translation

Content navigation