It's all about the answers!

Ask a question

How to get the LDAP user on WAS


Elvin Jiang (1178) | asked Mar 14 '13, 3:42 a.m.
edited Mar 14 '13, 7:14 a.m. by Ralph Schoon (62.9k33645)

Hi,   

I'm trying to configure WAS with LDAP realm but I had many problems. My system ifo are: CLM 4.0.1, WAS 8.0 fixpack 05, OS Win Server 2008 R2.   

As first step I followed instructions for enabling LDAP on WebSphere as here described: http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0/topic/com.ibm.jazz.install.doc/topics/t_instl_config_ldap_on_was.html   

I didn't understand the correst setup for the values in the section Advanced Lightweight Directory Access Protocol (LDAP) user registry settings for "User ID map", "Group ID map" and "Group member ID map".   

I was able to connect to LDAP server. and set the "Standalone LDAP registry  as current, but when I try to retrieve the users and groups, I just got nothing. In this situation I tryied to add a new valid LDAP user as aministrator by "Management user roles" but the list of avilable users is always empty.   

By the way, when  restart the WAS, I cannot login anymore, I was totally lost....
Thank you very much in advance   
Elvin

 

Accepted answer


permanent link
Ralph Schoon (62.9k33645) | answered Mar 14 '13, 7:13 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Elvin,

to my experience the key is to get the LDAP Advanced properties in WAS and in the LDAP configuration right. I can only suggest to follow the linkin the user registry setup page to http://www-01.ibm.com/support/docview.wss?uid=swg21445366 and test your parameters. If you don't get them right, you will see no groups as you describe above. Also, there needs to be a group mapping in LDAP, so the LDAP user needs to have a group property that you have to map for RTC to allow to retrieve the repository groups.

There are also several articles in the library. Find them with https://jazz.net/library/#tag=ldap . For example https://jazz.net/library/article/479 .

The administration workshop shows how to use Active Directory the old upgrade workshop is a good source for how to setup LDAP on WAS too.

You need to get the group information into LDAP and you need to figure the settings for the LDAP queries to actually get the required information, to make it work. Please also be aware the ID's are case sensitive by default once you make WAS recognizing groups and ID's.
Elvin Jiang selected this answer as the correct answer

Your answer


Register or to post your answer.