It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×6,076
×4,288

question asked: Oct 09 '15, 11:32 a.m.
question was seen: 2,220 times
last updated: Oct 10 '15, 6:30 a.m.

Related questions

FAQ - How this Forum works

Howto filter out disabled users in a federate repositories REALM within WAS?

0
Guido Schneider (3.4k1486115) | asked Oct 09 '15, 11:32 a.m.
edited Oct 09 '15, 11:34 a.m.
Hi All,

additional to my previous question about HowTo connect to two Windows Forests with WAS, I run into a next question:

How can I filter out in the federated repositories configuration disabled users account in the LDAP registry configuration? Currently I get all user accounts, also this one which are disabled in the LDAP (AD Forest).

I know from the single LDAP configuration, I had to filter this with

(!(userAccountControl:1.2.840.113556.1.4.803:=2))

But I do not know where to define this in the LDAP configuration of the federated repositories. Note: I'm using full WAS and not liberty yet.

Many thanks for each tip
Guido

Accepted answer

1
permanent link
Guido Schneider (3.4k1486115) | answered Oct 10 '15, 6:25 a.m.
edited Oct 10 '15, 6:30 a.m.
I found the solution for this:

Filter out disabled users on the LDAP registry in a federated repository within WAS:
  • Login into WAS console
  • <Security / Global Security>
  • click <Configure> to open available realm definitions “Federated repositories”
  • click on the repository to modify in Repositories in the realm / Repository Identifier
  • <LDAP1>
    • Click <Federated repositories entity types to LDAP object classes mapping>
        • Click <PersonAccount>
        • Change Search Filter: 
          • (&(ObjectCategory=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
        • <OK>
        • <Save>
    • Click <Federated Repositories> in Bread Crumb
    • <LDAP2>
      • Click <Federated repositories entity types to LDAP object classes mapping>
        • Change Search Filter: 
          • (&(ObjectCategory=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
        • <OK>
        • <Save>
    • Click <Federated Repositories> in Bread Crumb
    • <OK>
    • <Save>
  • <Apply>
  • <Save>
  • Restart WAS profile
cheers
Guido

Ralph Schoon selected this answer as the correct answer

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.