Configuring an LDAP or an LDAP/SDBM connection

Configure an LDAP or an LDAP/SDBM connection with the WebSphere Liberty server.

About this task

If you use LDAP for user management and you enable the option to not use case-sensitive user management, make sure that Jazz™ Team Server is also configured to allow user management that is not case sensitive. To configure the Jazz Team Server login property, on the Advanced Properties page of the Administrative web interface, modify the Use case insensitive user ID matching property.

Procedure

  1. Run the setup wizard and advance through the pages until you reach the Setup User Registry page. For more information about the setup wizard, see Running the setup by using Custom setup in the setup wizard.
  2. In Step 1, under User Registry Type, select LDAP or LDAP/SDBM .
  3. In Step 2, complete the fields. See LDAP and LDAP/SDBM configuration parameters for details.
  4. Click Save LDAP Config Files.
    Tip: Two files are modified with this operation: ldapUserRegistry.xml and application.xml files. You can see the name and location of the generated XML files by clicking show details in the message box.
  5. Go to JazzInstallDir/server/liberty/servers/clm and open the server.xml file for editing. For LDAP/SDBM, replace the basicUserRegistry.xml file with the generated ldapUserRegistry.xml file. Change the value of ignoreCase from false to true.
  6. Comment out <include location="conf/basicUserRegistry.xml"> and uncomment <!--include location="conf/ldapUserRegistry.xml"--> to use the LDAP user registry.
  7. Open JazzInstallDir/server/liberty/servers/clm/conf/ldapUserRegistry.xml for editing and examine the ldapRegistry values to ensure that they match your organization's particular LDAP configuration. By default, the ldapUserRegistry.xml file uses IBM Tivoli Directory Server as ldapType and idsFilters:
    <ldapRegistry
            id="sample_ldap" realm="SampleLdapIDSRealm" ignoreCase="true"
            host="localhost" port="389"
            baseDN="ou=people,dc=jazz,dc=net"
            ldapType="IBM Tivoli Directory Server">  
            <idsFilters
                userFilter="(&amp;(uid=%v)(objectclass=inetOrgPerson))"
                groupFilter="(&amp;(cn=%v)(|(objectclass=groupOfNames)(objectclass=posixGroup)))"
                userIdMap="*:uid"
                groupIdMap="*:cn"
                groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember">
            </idsFilters>
            <ldapEntityType name="PersonAccount">
            <searchBase>DC=company,DC=com</searchBase>
            </ldapEntityType>
    
            <ldapEntityType name="Group">
            <searchBase>OU=Groups,OU=America,DC=company,DC=com</searchBase>
            </ldapEntityType>
        </ldapRegistry>
    You can also use Microsoft Active Directory LDAP type. Here is an example of a Microsoft Active Directory LDAP type with its default values:
    ldapType="Microsoft Active Directory LDAP"
            <activedFilters
                userFilter="(&(sAMAccountName=%v)(objectcategory=user))"
                groupFilter="(&(cn=%v)(objectcategory=group))"
                userIdMap="user:sAMAccountName"
                groupIdMap="*:cn"
                groupMemberIdMap="memberof:member">
            </activedFilters>
  8. Save and close ldapUserRegistry.xml .
  9. Open JazzInstallDir/server/liberty/servers/clm/conf/application.xml and examine each war file group name and ensure it matches your organization group names. Applications that rely on container authentication are jts.war, ccm.war, qm.war, and am.war. Other applications delegate authentication to Jazz Team Server.
  10. Restart the WebSphere Liberty server.
  11. Open a web browser window and go to https://host.example.com:9443/jts/setup, where host.example.com is the fully qualified host name for your server.
  12. Test the connection by logging on to your server by using a user ID that is in your LDAP external registry.
    Note: For the LDAP/SDBM settings, you are recommended to select the check box next to Compute and save additional LDAP queries based on these configuration values. You can view and modify the computed settings at any time from the Admin Configuration UI.
  13. Optional: Under the LDAP/SDBM configuration, continue the following steps:
    1. Ignore the Test Connection warning. Click Save LDAP Config Files.
    2. Follow the message and click Next to save the LDAP settings.
    3. Restart the WebSphere Liberty server according to the message that explains you have to restart the server to connect it to the LDAP RACF user registry.

What to do next

Note: In a distributed environment, carry out steps 5 through 10 to configure the WebSphere Liberty files on other servers.
Tip: To learn about different configuration settings that can be set in the Liberty server.xml file such as the contextPool element, see the WebSphere Liberty documentation.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki