Configuring the Tomcat server for Rational Asset Manager to use LDAP

You must configure both Rational® Asset Manager and the Tomcat server to use LDAP authentication.

Procedure

  1. Log in to the Rational Asset Manager web client as the server administrator and configure Rational Asset Manager to use LDAP authentication. Be sure to specify the user ID for the repository administrator in the Administrator ID field, or else you cannot log in to Rational Asset Manager later. For more information, see step 9 in Configuring the Rational Asset Manager server application.
  2. Log out of Rational Asset Manager.
  3. Shut down the Tomcat server.
  4. Configure the Tomcat server for Rational Asset Manager to use LDAP:
    1. In a text editor, open the tomcat_install_directory/conf/server.xml file.
    2. Find the Realm tag and edit it with the appropriate values for your LDAP server: 
      <Realm  className="org.apache.catalina.realm.JNDIRealm" debug="99"    			
     connnectionURL="ldap://example.com:389"
     connectionName="uid=123456,c=us,ou=exampleorganization,o=example.com"
     connectionPassword="password"
     userBase="ou=exampleorganization,o=example.com"
     userSearch="(mail={0})"
     userSubtree="true"
     roleBase="ou=memberlist,ou=groups,o=example.com"
     roleName="cn"
     roleSearch="(mail={0})"
     roleSubtree="true"
/>
      Where:
      Table 1. LDAP Properties needed for Rational Asset Manager and Rational Team Concert
      LDAP Property Definition
      connectionURL The location and port for the LDAP server
      connectionName The distinguished user name that is used to connect to the LDAP repository
      connectionPassword The password for the distinguished user
      userBase When you search for a user, this is where to start the search.
      userSearch The LDAP search filter to use to select the user entry after substituting the user name in {0}.
      userSubtree To enable LDAP searches of the entire subtree, set to this value to true.
      roleBase The base entry for the role search
      roleName An LDAP entry that contains the name of the role
      roleSearch The LDAP filter that is used for searching groups
      roleSubtree To enable LDAP searches of the entire roles subtree, set this value to true.
  5. Restart the Tomcat server.

Results

Now you can log in to Rational Asset Manager as a repository administrator by using the ID that you specified in Rational Asset Manager.
Note: Tomcat no longer uses file-based authentication. You can create communities and assign other LDAP users to be administrators.

What to do next

If the included Rational Team Concert™ is on the same server, or it is on a different server and you want it to use LDAP authentication, you must configure Rational Team Concert to use LDAP.
Feedback