It's all about the answers!

Ask a question

How to get the LDAP user on WAS

Elvin Jiang (1178) | asked Mar 14 '13, 3:42 a.m.
edited Mar 14 '13, 7:14 a.m. by Ralph Schoon (62.9k33645)


I'm trying to configure WAS with LDAP realm but I had many problems. My system ifo are: CLM 4.0.1, WAS 8.0 fixpack 05, OS Win Server 2008 R2.   

As first step I followed instructions for enabling LDAP on WebSphere as here described:   

I didn't understand the correst setup for the values in the section Advanced Lightweight Directory Access Protocol (LDAP) user registry settings for "User ID map", "Group ID map" and "Group member ID map".   

I was able to connect to LDAP server. and set the "Standalone LDAP registry  as current, but when I try to retrieve the users and groups, I just got nothing. In this situation I tryied to add a new valid LDAP user as aministrator by "Management user roles" but the list of avilable users is always empty.   

By the way, when  restart the WAS, I cannot login anymore, I was totally lost....
Thank you very much in advance   


Accepted answer

permanent link
Ralph Schoon (62.9k33645) | answered Mar 14 '13, 7:13 a.m.
Hi Elvin,

to my experience the key is to get the LDAP Advanced properties in WAS and in the LDAP configuration right. I can only suggest to follow the linkin the user registry setup page to and test your parameters. If you don't get them right, you will see no groups as you describe above. Also, there needs to be a group mapping in LDAP, so the LDAP user needs to have a group property that you have to map for RTC to allow to retrieve the repository groups.

There are also several articles in the library. Find them with . For example .

The administration workshop shows how to use Active Directory the old upgrade workshop is a good source for how to setup LDAP on WAS too.

You need to get the group information into LDAP and you need to figure the settings for the LDAP queries to actually get the required information, to make it work. Please also be aware the ID's are case sensitive by default once you make WAS recognizing groups and ID's.
Elvin Jiang selected this answer as the correct answer

Your answer

Register or to post your answer.