Configuring Document Builder on WebSphere Application Server with Microsoft Active Directory Service (ADS) LDAP server

You can set up a Microsoft Active Directory Service (ADS) LDAP server to provide authentication for Document Builder.

Before you begin

  1. Enable LDAP on WebSphere® Application Server
  2. Configure users for Document Builder on WebSphere Application Server
  3. Create Document Builder user roles as LDAP groups and then assign users to the groups.

    For example, you must create three LDAP groups that match the three Document Builder user roles. In Microsoft Active Directory, create the following three groups: pub_admin, rpe_designer, and rpe_user. For details on how to create groups and users, see the documentation available for Microsoft Active Directory.

    This is a screen capture of the Microsoft Active Directory groups and assigned users.
    The above screen captures are from Microsoft Active Directory and shows that the users, Allison and Irene, are assigned under the pub_admin group. The user Ryan is assigned under the pub_designer group. And the user Susan is assigned under the pub_user group.

About this task

The following procedure provides steps to map the Document Builder user roles in WebSphere Application Server with the LDAP groups.


  1. Open the administrative console in a browser. Example: http://server:port/ibm/console/logon.jsp
  2. Expand Applications > Application Types and click WebSphere enterprise applications.
  3. In the Name column, click the link.
  4. Under Detail Properties, select Security role to user/group mapping.
    This is a screen capture of the Security role to user/group mapping.
  5. Under the Select column in the Security role to user/group mapping page, select one of the Document Builder roles that you want to map to LDAP group. For example, select the pub_admin entry.
  6. Click the Map Groups button.
  7. Map the Document Builder role (pub_admin) with the LDAP group (pub_admin).
    1. In the Search string field, keep the wildcard (*) character or type a search text to locate your LDAP group.
    2. Click the Search button to populate the entries under the Available list.
    3. Under the Available section, select the LDAP group.
    4. Click the Add button (This is an Add button icon.) to move the LDAP group entry under the Selected list.
    This is a screen capture of the Secuirty rolle to user/group mapping for Documeng Builder role with LDAP group.
  8. Click OK.
  9. Repeat step 5 and 6 for mapping the Document Builder roles (rpe_report_designer and rpe_user) with the LDAP group (rpe_designer and rpe_user respectively).
    This is a screen capture of the result of mapping the LDAP group with the Document Builder role.
  10. Click OK.
  11. Click Save to update your changes to the master configuration.

video icon Video channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community forums library

support icon Support

IBM Support Community
Deployment wiki