[Optional] Configuring an LDAP user registry

If you don't want to use the default file-based user repository for managing WebSphere® Application Server users, you can configure a central user registry, such as a Lightweight Directory Access Protocol (LDAP) registry, for user management and authentication.

Configure WebSphere Application Server to use the LDAP user registry as a federated repository. The WebSphere Application Server uses this registry for user authentication and the retrieval of information about users and groups to run security-related functions.

For more information about how to configure a federated user repository in WebSphere Application Server, see Managing the realm in a federated repository configuration.
Procedure for pre-defined LDAP setup
  1. Install Jazz® for Service Management including WebSphere Application Server and Dashboard Application Services Hub (DASH).
  2. LDAP configuration
    1. Add the LDAP user registry as a federated repository to the WebSphere Application Server.
    2. Configure the supported entity types so that new users and groups are created in the LDAP user repository.
  3. Install IBM® Z Automation Web Console.
  4. Optional: Configure the connection to the LDAP server for secure communications. For more information, see Configuring an SSL connection to an LDAP server.
Procedure for post-defined LDAP setup
  1. Install Jazz for Service Management including WebSphere Application Server and Dashboard Application Services Hub (DASH).
  2. Install IBM Z Automation Web Console.
  3. LDAP configuration
    1. Add the LDAP user registry as a federated repository to the WebSphere Application Server.
    2. Configure the supported entity types so that new users and groups are created in the LDAP user repository.
  4. Port from a file-based repository to an LDAP repository
    1. Create users and groups to use with IBM Z Automation Web Console in the LDAP repository if they do not exist.
    2. Authorize the LDAP groups within the Dashboard Application Services Hub.
    3. Remove duplicate users from the file-based user repository.
  5. Optional: Configure the connection to the LDAP server for secure communications. For more information, see Configuring an SSL connection to an LDAP server.

The core LDAP configuration is done in the same way for both pre-defined and post-defined setup. This LDAP configuration is described in the next sections.