Adding the LDAP user registry as a federated repository

After setting up the LDAP server, you must add it as a federated repository in the Federated Repositories > Repository references > New window.

Procedure

  1. Start the WebSphere administrative console; for example, select Start > IBM WebSphere > IBM® WebSphere® Application Server > Profiles > JazzSMProfile > Administrative console.
  2. Enter the WebSphere administrator user ID and password, and click Log in.
  3. Select Security > Global security.
  4. From the Available realm definitions list, select Federated repositories and click Configure.
  5. In the Related Items area, click the Manage repositories link and then click Add repositories to add the LDAP user registry as a federated repository.
  6. Click New Repository > LDAP repository.
  7. In the Repository identifier field, provide a unique identifier for the repository. The identifier uniquely identifies the repository within the cell, for example, LDAP1.
  8. From the Directory type list, select the type of LDAP server. The type of LDAP server determines the default filters that are used by WebSphere Application Server.
  9. In the Primary host name field, enter the fully qualified host name of the primary LDAP server. The primary host name and the distinguished name must contain no spaces. You can enter either the IP address or the domain name system (DNS) name.
  10. In the Port field, enter the server port of the LDAP user registry.

    The host name and the port number represent the realm for this LDAP server in a mixed version nodes cell. If servers in different cells are communicating with each other using Lightweight Third Party Authentication (LTPA) tokens, these realms must match exactly in all the cells.

    Note:

    The default port value is 389, which is not a Secure Sockets Layer (SSL) connection port. Use port 636 for a Secure Sockets Layer (SSL) connection. For some LDAP servers, you can specify a different port. If you do not know the port to use, contact your LDAP server administrator.

  11. Optional: In the Bind distinguished name and Bind password fields, enter the bind distinguished name (DN) (for example, cn=root) and password.
    Note: The bind DN is required for write operations or to obtain user and group information if anonymous binds are not possible on the LDAP server. In most cases, a bind DN and bind password are needed, except when an anonymous bind can satisfy all of the required functions. Therefore, if the LDAP server is set up to use anonymous binds, leave these fields blank.
  12. Optional: In the Login properties field, enter the property names used to log into the WebSphere Application Server. This field takes multiple login properties, delimited by a semicolon (;). For example, cn.
  13. Optional: From the Certificate mapping list, select your preferred certificate map mode. You can use the X.590 certificates for user authentication when LDAP is selected as the repository.
    Note: The Certificate mapping field is used to indicate whether to map the X.509 certificates into an LDAP directory user by EXACT_DN or CERTIFICATE_FILTER. If you select EXACT_DN, the DN in the certificate must match the user entry in the LDAP server, including case and spaces.
  14. Click Apply and then Save.
  15. Log out of the WebSphere administrative console.