Troubleshooting LDAP user repositories

If you defined an LDAP directory as a user repository in the realm and you experience problems, this information lists some common problems and likely solutions.
The following information lists common best practices for using an LDAP directory as your Web GUI user repository. Ensure that the following information is true of your environment before you read the troubleshooting topics.
  • All repositories that are defined in the realm need to be available and running. If one repository becomes unavailable, all other repositories are affected. If this problem occurs, you cannot log in, even if your user is in a repository that is still available. To solve this problem, use WebSphere Application Server commands to allow access when all repositories are available, or the federated repositories will not function properly. For more information, see http://www-01.ibm.com/support/docview.wss?uid=swg1PK78677 and http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.web20fep.multiplatform.doc/info/ae/ae/rxml_atidmgrrealmconfig.html.
  • All user IDs need to be unique across all repositories in the realm. Ensure that no user IDs are duplicated: if duplicates exist, delete them.
  • If users cannot perform functions that write to the ObjectServer, the user synchronization function might not be enabled.
  • If user synchronization is enabled, no ObjectServers can be defined as repositories in the realm.
  • Ensure that users and groups are configured in the Websphere administrative console.
  • Ensure that the maxSearchResults attribute in the wimconfig.xml file is set to a suitable value. For more information, see No LDAP groups available.
If the information in this troubleshooting section does not resolve the problems with your LDAP user repository, see the Websphere Application Server information center at https://www.ibm.com/docs/en/was/8.5.5?topic=limitations-ldap-repository-issues. Additionally, you can view the default values in the wimconfig.xml file, for each type of LDAP server at https://www.ibm.com/docs/en/was/8.5.5?topic=ldap-default-configuration-mapping-based-server-type.