How does WSRR work with external security directories, such as LDAP, Tivoli Directory Server or Active Directory?
WSRR runs on a WebSphere Application Server (WAS), and it uses the WAS security layer, so whichever directory you wish to use, you configure in the WAS server. Essentially you secure your WAS server and enable Application Security, so WAS requires the user to be from whatever security provider you configure. Once your user logs onto WAS, they are then authenticated with WAS and they can access WSRR with those credentials.
A WSRR administrator then of course needs to map certain users or groups from the security provider to the two WSRR J2EE roles: Administrator and User. Otherwise users cannot log into WSRR at all. I'd recommend mapping groups because then you can manage user memberships on your LDAP server, rather than having to tweak users around from the WAS Administration Console. Mapping users and groups to J2EE roles for the WSRR application is done in the WAS Admin Console. See the following infocenter page for info:
If you need the Role Based Security that WSRR itself enforces, then in the WSRR Web UI you map users or groups to WSRR Roles. Again I'd recommend mapping groups to these roles. See this page for more details: