Enabling LDAP on WebSphere Application Server

You can set up the Lightweight Directory Access Protocol (LDAP) on WebSphere® Application Server.

About this task

If you use LDAP (including LDAP and LDAP/SDBM) for user management and you enable the option to not use case-sensitive user management, make sure that Jazz™ Team Server is also configured to allow user management that is not case sensitive. To configure the Jazz Team Server login property, on the Advanced Properties page of the Administrative web interface, modify the Use case insensitive user ID matching property.

Procedure

  1. From the WebSphere Application Server Integrated Solutions Console, click Security > Global security.
  2. Apply the following security settings, and then click Apply and save the changes.
    • Enable administrative security: on
    • Enable application security: on
    • User account repository/Available realm definitions: standalone LDAP registry
    • In the User account repository section, click Configure, and enter information about the general properties:
      • Primary administrative user name: Your user ID
      • Server user identity: Automatically generated server identity
      • Host: Name of the LDAP server
      • Port: Port of the LDAP server. Default is 389.
      • Type of LDAP server: Custom
      • Search timeout: 120 seconds
      • Base distinguished name (DN): The base distinguished name of the directory service
  3. Click Test connection to make sure you can successfully connect to your LDAP server.
  4. In the Additional Properties section, click Advanced Lightweight Directory Access Protocol (LDAP) user registry settings and provide the information in the General Properties fields as follows:
    Remember: Replace the objectclass values and use the values that your LDAP administrator provided for configuring WebSphere Application Server.
    • User filter:
      (&(uid=%v)(objectclass=inetOrgPerson))
    • Group filter:
      (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=posixGroup)))
    • User ID map:
       *:uid
    • Group ID map:
      *:cn
    • Group member ID map, where ibm is replaced with your ID:
      ibm-allGroups:member;ibm-allGroups:uniqueMember 
  5. Click Apply and save the changes. Confirm each setting by clicking Apply and Save on each screen.
  6. Click OK to go back to the Global Security page.
  7. Set Standalone LDAP registry as the current realm definition by clicking Set as Current.
  8. Stop and restart WebSphere Application Server.
  9. After WebSphere Application Server restarts, validate the changes by logging on to the Integrated Solutions Console.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki