Multiple LDAP domains

There is a growing need for your product users to be able to authenticate across multiple LDAPs. Sometimes large organizations might have an LDAP domain controller for different global regions or subsidiaries.

Users can have a mix of directory types such as AD, Tivoli, OpenLDAP etc.

Users can configure multiple directories in the LDAP configuration in your product. Your product uses WebSphere Liberty Server OpenID Connect Opens in a new tab as an authentication service which does administration and authentication against the appropriate directory.

Note: Currently, IM doesn't support LDAP failover and nested LDAP group.

Multiple LDAP registration

As a cluster administrator, you can configure multiple LDAP domains by adding multiple directory entries to the LDAP configuration in server.xml.

Open LDAP server.xml AD Tivoli Cluster Persist LDAP config Configure each LDAP WebSphere Liberty Multiple LDAP registration

In a multiple domain configured environment, a new user administration on your product platform enforces a selection of appropriate domains and the user is added to the Team.

The user profile and the domain name is maintained by your product and is further used for user management. The ability to chose domain before selecting users, such as for a team, allows administrator to isolate teams with a specific domain.

Note: User credentials are passed by your product to WebSphere Liberty OIDC server which resolves the user domain and authenticates the user with a matching domain.