Enabling case sensitivity for LDAP

The LDAP user registry does not use case-sensitive user names by default. You can enable case-sensitivity for LDAP.

Before you begin

Before you complete the procedure, you must apply APAR PI53797 for IBM WebSphere Application Server Liberty Profile.

For more information, see technote 2404194

Ensure that the LDAP you use supports case-sensitive user names and is enabled.

Procedure

To make LDAP user names case sensitive, complete the following steps.

  1. Stop Log Analysis.
  2. Add the following property to the ldapRegistry.xml file:
    ignoreCase="false"
    
    For example,
    <server>
        <ldapRegistry
            host="9.118.40.171"
            port="389"
            baseDN="dc=com"
            realm="LdapRegistryRealm"
            id="LdapRegistryId"
            ignoreCase="false"
            ldapType="IBM Tivoli Directory Server">
            <idsFilters
                userFilter="(&(uid=%v)(|(objectclass=ePerson)(objectclass=inetOrgPerson)))"
                groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))" 
                userIdMap="*:uid"
                groupIdMap="*:cn" 
                groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember;groupOfNames:member;groupOfUniqueNames:uniqueMember"/>
         </ldapRegistry>
     </server>
  3. Save the ldapRegistry.xml file.
  4. Ensure that the LDAP_IGNORE_PROPERTY parameter in the unitysetup.properties files is set to false.
    For example,
    LDAP_IGNORECASE_PROPERTY=false
  5. Start Log Analysis.