Configuring an LDAP connection

Configure an LDAP connection with the WebSphere Liberty server.

About this task

If you use LDAP for user management and you enable the option to not use case-sensitive user management, make sure that Jazz™ Team Server is also configured to allow user management that is not case sensitive. To configure the Jazz Team Server login property, on the Advanced Properties page of the Administrative web interface, modify the Use case insensitive user ID matching property.

Procedure

  1. Run the setup wizard and advance through the pages until you reach the Setup User Registry page. For more information about the setup wizard, see Running the setup by using Custom setup in the setup wizard.
  2. In Step 1, under User Registry Type, select LDAP.
  3. In Step 2, complete the fields. See LDAP configuration parameters for details.
  4. Click Save LDAP Config Files.
    Tip: Two files are modified with this operation: ldapUserRegistry.xml and application.xml files. You can see the name and location of the generated XML files by clicking show details in the message box.
  5. Go to JazzInstallDir/server/liberty/servers/clm and open the server.xml file for editing.
  6. Comment out <include location="conf/basicUserRegistry.xml"> and uncomment <!--include location="conf/ldapUserRegistry.xml"--> to use the LDAP user registry.
  7. Open JazzInstallDir/server/liberty/servers/clm/conf/ldapUserRegistry.xml for editing and examine the ldapRegistry values to ensure that they match your organization's particular LDAP configuration. By default, the ldapUserRegistry.xml file uses IBM Tivoli Directory Server as ldapType and idsFilters:
    <ldapRegistry
            id="sample_ldap" realm="SampleLdapIDSRealm" ignoreCase="true"
            host="localhost" port="389"
            baseDN="ou=people,dc=jazz,dc=net"
            ldapType="IBM Tivoli Directory Server">  
            <idsFilters
                userFilter="(&amp;(uid=%v)(objectclass=inetOrgPerson))"
                groupFilter="(&amp;(cn=%v)(|(objectclass=groupOfNames)(objectclass=posixGroup)))"
                userIdMap="*:uid"
                groupIdMap="*:cn"
                groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember">
            </idsFilters>
        </ldapRegistry>
    Other LDAP type examples that can be used with their default values:
    ldapType="Microsoft Active Directory LDAP"
            <activedFilters
                userFilter="(&(sAMAccountName=%v)(objectcategory=user))"
                groupFilter="(&(cn=%v)(objectcategory=group))"
                userIdMap="user:sAMAccountName"
                groupIdMap="*:cn"
                groupMemberIdMap="memberof:member">
            </activedFilters>
    ldapType="Custom LDAP"
            <customFilters
                userFilter="(&(uid=%v)(objectclass=ePerson))"
                groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))"
                userIdMap="*:uid"
                groupIdMap="*:cn"
                groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember;groupOfNames:member;groupOfUniqueNames:uniqueMember">
            </customFilters>
    ldapType="IBM Lotus Domino LDAP"
            <domino50Filters
                userFilter="(&(uid=%v)(objectclass=Person))"
                groupFilter="(&(cn=%v)(objectclass=dominoGroup))"
                userIdMap="person:uid"
                groupIdMap="*:cn"
                groupMemberIdMap="dominoGroup:member">
            </domino50Filters>
    ldapType="Novell eDirectory LDAP"
            <edirectoryFilters
                userFilter="(&(cn=%v)(objectclass=Person))"
                groupFilter="(&(cn=%v)(objectclass=groupOfNames))"
                userIdMap="person:cn"
                groupIdMap="*:cn"
                groupMemberIdMap="groupOfNames:member">
            </edirectoryFilters>
    ldapType="Sun Java System Directory Server LDAP"
            <iplanetFilters
                userFilter="(&(uid=%v)(objectclass=inetOrgPerson))"
                groupFilter="(&(cn=%v)(objectclass=ldapsubentry))"
                userIdMap="inetOrgPerson:uid"
                groupIdMap="*:cn"
                groupMemberIdMap="nsRole:nsRole">
            </iplanetFilters>
    ldapType="Netscape Directory Server LDAP"
            <netscapeFilters
                userFilter="(&(uid=%v)(objectclass=inetOrgPerson))"
                groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))"
                userIdMap="inetOrgPerson:uid"
                groupIdMap="*:cn"
                groupMemberIdMap="groupOfNames:member;groupOfUniqueNames:uniqueMember">
            </netscapeFilters>
    ldapType="IBM SecureWay Directory Server LDAP"
            <securewayFilters
                userFilter="(&(uid=%v)(objectclass=ePerson))"
                groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))"
                userIdMap="*:uid"
                groupIdMap="*:cn"
                groupMemberIdMap="groupOfNames:member;groupOfUniqueNames:uniqueMember">
            </securewayFilters>
  8. Save and close ldapUserRegistry.xml .
  9. Restart the WebSphere Liberty server.
  10. Open a web browser window and go to https://host.example.com:9443/jts/setup, where host.example.com is the fully qualified host name for your server.
  11. Test the connection by logging on to your server by using a user ID that is in your LDAP external registry.

What to do next

Note: In a distributed environment, carry out these steps to configure the Liberty files on all servers.

video icon Watch videos

CLM playlist
Jazz.net channel
User Education channel

learn icon Learn more

CLM learning circle
Agile learning circle
Learning circles

ask icon Ask questions

Jazz.net forum
developerWorks forums

support icon Get support

Support Portal
Deployment wiki
Support blog