IBM Support

IBM MustGather: UrbanCode Deploy and LDAP integration

Question/Answer


Question

What information does IBM Rational Client support need when you submit a service request for IBM UrbanCode Deploy LDAP integration?

Cause

You experienced unexpected behavior. For example, attempts to integrate IBM UrbanCode Deploy and an LDAP server do not produce the expected results.

Answer

Steps to diagnose the problem.
 
  1. Edit the file log4j.properties, located in:


    <InstallationDir>/conf/server/log4j.properties

     
  2. Add the following to the bottom of the log4j.properties file.


    # ldap appender  
    log4j.appender.ldap=org.apache.log4j.RollingFileAppender  
    log4j.appender.ldap.File=../var/log/ldap.out  
    log4j.appender.ldap.MaxFileSize=5MB  
    log4j.appender.ldap.MaxBackupIndex=2  
    log4j.appender.ldap.layout=org.apache.log4j.PatternLayout  
    log4j.appender.ldap.layout.ConversionPattern=%d{ISO8601} %-5p %t %c -%m%n  
     
    # LDAP debug Log File  
    log4j.additivity.com.urbancode.security.authentication.ldap=false  
    log4j.logger.com.urbancode.security.authentication=ALL, ldap  
    log4j.logger.com.urbancode.security.authorization=ALL, ldap


     
  3. Restart the UrbanCode Deploy server for the changes to take affect.
     
  4. Look for the file ldap.out in the directory:


    <InstallationDir>/var/log/ldap.out
     
  5. The contents will look like the following.


    2014-02-10 19:16:43,542 DEBUG http-0.0.0.0-8443-6  
    com.urbancode.security.authorization.ldap.LdapAuthorizationModule -  
    LDAP Group Definition: Search
    2014-02-10 19:16:43,543 DEBUG http-0.0.0.0-8443-6  
    com.urbancode.security.authorization.ldap.LdapAuthorizationModule -  
    LDAP Group Search: (&(member=<userDN>)(|(cn=Group1)(cn=Group2)))  
    2014-02-10 19:16:43,590 DEBUG http-0.0.0.0-8443-6  
    com.urbancode.security.authorization.ldap.LdapAuthorizationModule -  
    Found LDAP group 'Group1' for user 'username'.  
    2014-02-10 19:16:43,591 DEBUG http-0.0.0.0-8443-6  
    com.urbancode.security.authorization.ldap.LdapAuthorizationModule -  
    Found LDAP group 'Group2' for user 'username'.  
    2014-02-10 19:16:43,591 DEBUG http-0.0.0.0-8443-6  
    com.urbancode.security.authorization.ldap.LdapAuthorizationModule -  
    Checking for existing group 'Group2'.  
    2014-02-10 19:16:43,651 DEBUG http-0.0.0.0-8443-6  
    com.urbancode.security.authorization.ldap.LdapAuthorizationModule -  
    Created security group 'Group2' from LDAP.  
    2014-02-10 19:16:43,653 DEBUG http-0.0.0.0-8443-6
    com.urbancode.security.authorization.ldap.LdapAuthorizationModule -  
    Checking for existing group 'Group1'.  
    2014-02-10 19:16:43,707 DEBUG http-0.0.0.0-8443-6  
    com.urbancode.security.authorization.ldap.LdapAuthorizationModule -  
    Created security group 'Group1' from LDAP. `



Submit the following information to IBM Support:
 
  1. Screenshot of the configuration in: Settings > Security > Authentication
     
  2. Screenshot of the configuration in: Settings > Security > Authorization
     
  3. Output file <InstallationDir>/var/log/ldap.out .
     
  4. Output file <InstallationDir>/var/log/deployserver.out .

For issues related to poor performance (slow login) of  LDAP or Active Directory users please follow the steps below :
1.    Try to reproduce the issue using one of the UrbanCode Deploy users that belong to the internal authentication realm of UrbanCode Deploy. If these users can login quickly, then likely the issue is related to the LDAP configuration.
2.    If you cannot reproduce the problem with an internal authentication realm, then try to reproduce the problem outside of UrbanCode Deploy. Try to connect to your LDAP or Active Directory server from the host where UrbanCode Deploy is installed,  using a separate  LDAP client.

For Linux distributions you can use ldapsearch.

Example of usage of ldapsearch command:
 
 ldapsearch -H ldap(s)://<ldap_server_hostname> -b "<User Search Base>" -D "<Search Connection DN>" -w <Search Connection Password> -s sub "<User Search Filter>"
 
-H       : URI to your ldap server
-b        : User search base  Note!! the value provided needs to be quoted ""
-D       : Search Connection DN  Note!! the value provided needs to be quoted ""
-w.      : Search Connection Password
-s sub : the search filters - arguments
 
For more information see:




Document information

More support for: IBM UrbanCode Deploy

Component: Integrations - 3rd Party

Software version: 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.1, 6.1.0.1

Operating system(s): AIX, HP-UX, Linux, OS X, Solaris, Windows, Windows Mobile, z/OS

Reference #: 1680342

Modified date: 01 March 2019