Adding an external LDAP repository

After installation, you can add an IBM Tivoli Directory Server or Active Directory Microsoft Active Directory Server as an LDAP repository for Tivoli Integrated PortalWeb GUI.

1. Log in to the Tivoli Integrated PortalWeb GUI.
2. In the navigation pane, click Settings > Websphere Admin Console and click Launch Websphere Admin Console.
3. In the WebSphere Application Server administrative console, select Settings > Global security.
4. From the Available realm definitions list, select Federated repositories and click Configure.
5. In the Related Items area, click the Manage repositories link and then click Add to add a new LDAP repository.
6. In the Repository identifier field, provide a unique identifier for the repository. The identifier uniquely identifies the repository within the cell, for example, LDAP1.
7. From the Directory type list, select the type of LDAP server. The type of LDAP server determines the default filters that are used by WebSphere Application Server.
   Note: IBM Tivoli Directory Server users can choose either IBM Tivoli Directory Server or SecureWay as the directory type. For better performance, use the IBM Tivoli Directory Server directory type.
8. In the Primary host name field, enter the fully qualified host name of the primary LDAP server. The primary host name and the distinguished name must contain no spaces. You can enter either the IP address or the domain name system (DNS) name.
9. In the Port field, enter the server port of the LDAP directory.

   The host name and the port number represent the realm for this LDAP server in a mixed version nodes cell. If servers in different cells are communicating with each other using Lightweight Third Party Authentication (LTPA) tokens, these realms must match exactly in all the cells.

   Note:

   The default port value is 389, which is not a Secure Sockets Layer (SSL) connection port. Use port 636 for a Secure Sockets Layer (SSL) connection. For some LDAP servers, you can specify a different port. If you do not know the port to use, contact your LDAP server administrator.

10. Optional: In the Bind distinguished name and Bind password fields, enter the bind distinguished name (DN) (for example, cn=root) and password.
    Note: The bind DN is required for write operations or to obtain user and group information if anonymous binds are not possible on the LDAP server. In most cases, a bind DN and bind password are needed, except when an anonymous bind can satisfy all of the required functions. Therefore, if the LDAP server is set up to use anonymous binds, leave these fields blank.
11. Optional: In the Login properties field, enter the property names used to log into the WebSphere Application Server. This field takes multiple login properties, delimited by a semicolon (;). For example, cn.
12. Optional: From the Certificate mapping list, select your preferred certificate map mode. You can use the X.590 certificates for user authentication when LDAP is selected as the repository.
    Note: The Certificate mapping field is used to indicate whether to map the X.509 certificates into an LDAP directory user by EXACT_DN or CERTIFICATE_FILTER. If you select EXACT_DN, the DN in the certificate must match the user entry in the LDAP server, including case and spaces.
13. Click OK.
14. In the Messages area at the top of the Global security page, click the Save link and log out of the WebSphere Application Server console.