IBM Support

Changing the granularity of users with the LDAP filter

Troubleshooting


Problem

In large environments you might have 15,000 user objects or more. If you try to list users in the WebSphere Business Modeler Publishing Server "Administration > Access Control" dialog you get a list of just 1,000 user Objects. Those 1,000 user objects can vary depending on your LDAP server algorithm. This limitation also applies to login of the Publishing Server application

Symptom

Not all available users are displayed.

Cause

The 1,000 objects limit is set by the LDAP server to ensure the responsiveness
of LDAP services when a search query is performed. The objects returned
depends on the algorithm implemented on the LDAP server, and you might not
see the same 1,000 objects returned each time you perform the same query if
there are more than 1,000 qualified objects. Publishing Server does not perform
any type of filtering and displays the result set returned from WebSphere Application Server.

Resolving The Problem

To solve this Problem you can use a function that is implemented in WebSphere
Application Server. On the Security > Global Security > LDAP user registry >
Advanced LDAP User Registry Settings page you can set a LDAP filter to filter
out the qualified user objects you want to manage.

For example:
You have 15,000 users in a company. Just 4 departments (Management, Design,
Controlling, Marketing) with 200 users needing access to Publishing Server.

At first you create a new group "Publisher". Then you add all the members of the
4 departments to this group. In order to display just the members of the "Publisher"
group in Publishing Server you need to set a LDAP filter in the user input field:



(&(cn=%v)(memberOf=CN=Publisher,OU=Groups,DC=YourDomain,DC=com))




Save new settings and restart Portal Server.
(Be aware that just the users who are included in the LDAP filter are able to logon to Publishing Server.)

The final result looks like this picture:





Also be aware that a (uid=%v) may render the filter useless (the problem still occurs)

[{"Product":{"code":"SSCRHV","label":"WebSphere Business Modeler Publishing Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"LDAP","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.1.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21304387

Page Feedback