After installation, you can add an IBM Tivoli Directory
Server or Active Directory Microsoft Active Directory Server as an LDAP repository for Tivoli Integrated PortalWeb
GUI.
About this task
To add a new
LDAP repository:
Procedure
- Log in to the Tivoli Integrated PortalWeb
GUI.
- In the navigation pane, click and
click Launch Websphere Admin Console.
- In the WebSphere Application Server administrative
console, select .
- From the Available realm definitions list,
select Federated repositories and click Configure.
- In the Related Items area, click the Manage
repositories link and then click Add to
add a new LDAP repository.
- In the Repository identifier field,
provide a unique identifier for the repository. The identifier
uniquely identifies the repository within the cell, for example, LDAP1.
- From the Directory type list, select
the type of LDAP server. The type of LDAP server
determines the default filters that are used by WebSphere Application Server.
Note: IBM Tivoli Directory Server
users can choose either IBM Tivoli Directory Server or SecureWay as
the directory type. For better performance, use the IBM Tivoli Directory
Server directory type.
- In the Primary host name field,
enter the fully qualified host name of the primary LDAP server. The primary
host name and the distinguished name must contain no spaces. You can
enter either the IP address or the domain name system (DNS) name.
- In the Port field, enter the server
port of the LDAP directory.
The host name and the port
number represent the realm for this LDAP server in a mixed version
nodes cell. If servers in different cells are communicating with each
other using Lightweight Third Party Authentication (LTPA)
tokens, these realms must match exactly in all the cells.
Note: The
default port value is 389, which is not a Secure
Sockets Layer (SSL) connection port. Use port 636 for
a Secure Sockets Layer (SSL) connection. For some LDAP servers, you can specify
a different port. If you do not know the port to use, contact your LDAP server administrator.
- Optional: In the Bind distinguished
name and Bind password fields,
enter the bind distinguished name (DN) (for example, cn=root)
and password.
Note: The bind DN is required for write operations
or to obtain user and group information if anonymous binds are not
possible on the LDAP server.
In most cases, a bind DN and bind password are needed, except when
an anonymous bind can satisfy all of the required functions. Therefore,
if the LDAP server is set
up to use anonymous binds, leave these fields blank.
- Optional: In the Login properties field,
enter the property names used to log into the WebSphere Application Server. This field takes
multiple login properties, delimited by a semicolon (;).
For example, cn.
- Optional: From the Certificate mapping list,
select your preferred certificate map mode. You can use the X.590
certificates for user authentication when LDAP is selected as the repository.
Note: The Certificate mapping field is
used to indicate whether to map the X.509 certificates into an LDAP
directory user by EXACT_DN or CERTIFICATE_FILTER.
If you select EXACT_DN, the DN in the certificate
must match the user entry in the LDAP server, including case and spaces.
- Click OK.
- In the Messages area at the top of the Global
security page, click the Save link
and log out of the WebSphere Application Server console.
What to do next
Configure the
Tivoli Integrated Portal Server to
communicate with an external
LDAP repository.