Troubleshooting LDAP user repositories
If you defined an LDAP directory as a user repository
in the realm and you experience problems, this information lists some
common problems and likely solutions.
The following information lists common best practices for using an LDAP directory as your
Web GUI user
repository. Ensure that the following information is true of your environment before you read the
troubleshooting topics.
- All repositories that are defined in the realm need to be available and running. If one repository becomes unavailable, all other repositories are affected. If this problem occurs, you cannot log in, even if your user is in a repository that is still available. To solve this problem, use WebSphere Application Server commands to allow access when all repositories are available, or the federated repositories will not function properly. For more information, see http://www-01.ibm.com/support/docview.wss?uid=swg1PK78677 and http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.web20fep.multiplatform.doc/info/ae/ae/rxml_atidmgrrealmconfig.html.
- All user IDs need to be unique across all repositories in the realm. Ensure that no user IDs are duplicated: if duplicates exist, delete them.
- If users cannot perform functions that write to the ObjectServer, the user synchronization function might not be enabled.
- If user synchronization is enabled, no ObjectServers can be defined as repositories in the realm.
- Ensure that users and groups are configured in the Websphere administrative console.
- Ensure that the maxSearchResults attribute in the wimconfig.xml file is set to a suitable value. For more information, see No LDAP groups available.