You can set up the Lightweight Directory Access Protocol
(LDAP) on WebSphere Application
Server.
About this task
LDAP registries contain record of users and groups. When configuring a WebSphere server
(either Liberty or full WAS) for LDAP authentication, you must specify queries to identify records
that represent users and groups. Use the userFilter and
groupFilter attributes to identify user records and group records. The
userFilter attribute identifies only user records. The
groupFilter attribute identifies only group records.For example:
- userFilter="(&(uid=%v)(objectclass=inetOrgPerson))"
- groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=posixGroup)))"
If you use LDAP (including LDAP and LDAP/SDBM) for user management and you enable the
option to not use case-sensitive user management, make sure that Jazz® Team Server
is also configured to allow user management that is not case sensitive. To configure the Jazz Team Server
login property, on the Advanced Properties page of the Administrative web interface, modify the
Use case insensitive user ID matching
property.
Procedure
-
From the WebSphere Application
Server Integrated
Solutions Console, click .
- Apply the following security settings, and then click Apply and
save the changes.
- Enable administrative security: on
- Enable application security: on
- User account repository/Available realm definitions: standalone
LDAP registry
- In the User account repository section, click Configure,
and enter information about the general properties:
- Primary administrative user name: Your user ID
- Server user identity: Automatically generated server identity
- Host: Name of the LDAP server
- Port: Port of the LDAP server. Default is 389.
- Type of LDAP server: Custom
- Search timeout: 120 seconds
- Base distinguished name (DN): The base distinguished name of the
directory service
- Click Test connection to make sure
you can successfully connect to your LDAP server.
- In the Additional Properties section, click Advanced
Lightweight Directory Access Protocol (LDAP) user registry settings and
provide the information in the General Properties fields as follows:
Remember: Replace the objectclass
values and use the values that your
LDAP administrator provided for configuring WebSphere Application
Server.
- User filter:
(&(uid=%v)(objectclass=inetOrgPerson))
- Group filter:
(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=posixGroup)))
- User ID map:
*:uid
- Group ID map:
*:cn
- Group member ID map, where ibm is replaced
with your ID:
ibm-allGroups:member;ibm-allGroups:uniqueMember
- Click Apply and save the changes.
Confirm each setting by clicking Apply and Save on
each screen.
- Click OK to go back to the Global
Security page.
- Set Standalone LDAP registry as
the current realm definition by clicking Set as Current.
- Stop and restart WebSphere Application
Server.
- After WebSphere Application
Server restarts,
validate the changes by logging on to the Integrated Solutions Console.