IBM Support

APM 8.1.4 - 10 steps to enable LDAP on your APM Server

Technical Blog Post


APM 8.1.4 - 10 steps to enable LDAP on your APM Server


Please follow the 10 steps to enable LDAP on your APM v8.1.4 server.

1)     Find the necessary information in the Microsoft Active Directory using the Microsoft Sysinternals Active Directory Explorer


2)  Stop ALL APM processes: /usr/bin/

                                 apm stop_all

3)  make a backup of the following files:

4)   update the <install_dir>/wlp/usr/shared/config/ldapRegistry.xml (choose the Non-SSL or SSL template. Both are identical except for the additional SSL settings. )
            <ldapRegistry id="ldap" realm="MSADO2012Realm"
                host="" port="389" ignoreCase="true"
                ldapType="Microsoft Active Directory"

5)   update the realm name <install_dir>/wlp/usr/shared/config/oauthVariables-onprem.xml (must much the entry from the ldapRegistry.xml)
                <?xml version="1.0" encoding="UTF-8"?><server>
                <variable name="oauthRealm" value="MSADO2012Realm"/>

6)  update the <install_dir>/wlp/usr/shared/config/commonRegistry.xml (you can only use LDAP or Basic registry) and enable the LDPARegistry
                <!--include optional="false" location="${shared.config.dir}/basicRegistry.xml"/-->
               <include optional="false" location="${shared.config.dir}/ldapRegistry.xml"/>

7)     Navigate to the <install_dir>/wlp/usr/servers/server1/cscs/conf directory and create a file called
        Do not edit or remove the cscsRoleAdmin.conf file directly.
        Any change should be done by creating a file.
         MSADO2012Realm: The realm specified in the registry configuration file (basicRegistry.xml or ldapRegistry.xml).

         Jens: The user that is replacing apmadmin. It might be the LDAP administrator account or it might be any  user account from your user directory. The syntax is case-sensitive!
8)    update the <install_dir>/wlp/usr/servers/apmui/server-oauth2-tai.xml   and modify the line starting with "systemUser".
       The systemUser must be the same like in the file
                    systemUser=" CN=Jens,CN=Users,dc=csilabdom,dc=private”

9)     Restart the Cloud APM server by using the following command in the /usr/bin/ directory:
                          apm start_all
10)   If the LDAP doesn't work as expected, like the admin user can not logon or you get an Not Authorized message.
        Then check the messages.log file in the <install_dir>/wlp/usr/servers/apmui/logs/  directory for any LDAP related errors.
        A search for the word 'RBAC2' should return several entries with the expected settings for your LDAP configuration



Subscribe and follow us for all the latest information directly on your social feeds:






Check out all our other posts and updates:

Academy Blogs:
Academy Videos:
Academy Google+:
Academy Twitter :


[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]