Multiple LDAP domains
There is a growing need for your product users to be able to authenticate across multiple LDAPs. Sometimes large organizations might have an LDAP domain controller for different global regions or subsidiaries.
Users can have a mix of directory types such as AD, Tivoli, OpenLDAP etc.
Users can configure multiple directories in the LDAP configuration in your product. Your product uses WebSphere Liberty Server OpenID Connect as an authentication service which does administration and authentication against the appropriate directory.
- Currently, IAM doesn't support LDAP failover.
- The user ID and username must be unique across multiple LDAP domains.
Multiple LDAP registration
As a cluster administrator, you can configure multiple LDAP domains.
In a multiple domain configured environment, a new user administration on your product platform enforces a selection of appropriate domains and the user is added to the Team.
The user profile and the domain name is maintained by your product and is further used for user management. The ability to chose domain before selecting users, such as for a team, allows administrator to isolate teams with a specific domain.
Note: User credentials are passed by your product to WebSphere Liberty OIDC server which resolves the user domain and authenticates the user with a matching domain.