Enabling LDAP on WebSphere Application Server
You can set up the Lightweight Directory Access Protocol (LDAP) on WebSphere Application Server.
LDAP registries contain record of users and groups. When configuring a WebSphere server (either Liberty or full WAS) for LDAP authentication, you must specify queries to identify records that represent users and groups. Use the userFilter and groupFilter attributes to identify user records and group records. The userFilter attribute identifies only user records. The groupFilter attribute identifies only group records.
About this task
For example:If you use LDAP (including LDAP and LDAP/SDBM) for user management and you enable the option to not use case-sensitive user management, make sure that Jazz® Team Server is also configured to allow user management that is not case sensitive. To configure the Jazz Team Server login property, on the Advanced Properties page of the Administrative web interface, modify the
Use case insensitive user ID matchingproperty.
- From the WebSphere Application Server Integrated Solutions Console, click .
- Apply the following security settings, and then click Apply and
save the changes.
- Enable administrative security: on
- Enable application security: on
- User account repository/Available realm definitions: standalone LDAP registry
- In the User account repository section, click Configure,
and enter information about the general properties:
- Primary administrative user name: Your user ID
- Server user identity: Automatically generated server identity
- Host: Name of the LDAP server
- Port: Port of the LDAP server. Default is 389.
- Type of LDAP server: Custom
- Search timeout: 120 seconds
- Base distinguished name (DN): The base distinguished name of the directory service
- Click Test connection to make sure you can successfully connect to your LDAP server.
- In the Additional Properties section, click Advanced
Lightweight Directory Access Protocol (LDAP) user registry settings and
provide the information in the General Properties fields as follows:
Remember: Replace the
objectclassvalues and use the values that your LDAP administrator provided for configuring WebSphere Application Server.
- User filter:
- Group filter:
- User ID map:
- Group ID map:
- Group member ID map, where ibm is replaced
with your ID:
- User filter:
- Click Apply and save the changes. Confirm each setting by clicking Apply and Save on each screen.
- Click OK to go back to the Global Security page.
- Set Standalone LDAP registry as the current realm definition by clicking Set as Current.
- Stop and restart WebSphere Application Server.
- After WebSphere Application Server restarts, validate the changes by logging on to the Integrated Solutions Console.