Configuring LDAP on WebSphere Application Server

This topic provides instructions on how to configure LDAP on WebSphere® Application Server.

Procedure

  1. From the WebSphere Admin console, click Security > Secure administration, applications, and infrastructure. (On WebSphere Application Server 7.0.0.7, click Security > Global security.)
  2. Update the security settings as follows:
    • Enable administrative security: on
    • Enable application security: on
    • User account repository/Available realm definitions: standalone LDAP registry
    • In the User account repository section, click Configure, and supply the General Properties.
      • Primary administrative user name - Your user ID
      • Server user identity - Automatically generated server identity
      • Host - Name of the LDAP server
      • Port - Port of the LDAP server
      • Type of LDAP server - Custom
      • Search timeout - 120 seconds
      • Base distinguished name (DN) - The base distinguished name of the directory service
  3. Click Apply, and save the changes.
  4. In the Configuration section, click Test connection.
  5. In the Additional Properties section, click Advanced Lightweight Directory Access Protocol (LDAP).
  6. Specify the General Properties fields as follows:
    • User filter: 
      (&(emailaddress=%v)(objectclass=ePerson))
    • Group filter: 
      (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
    • User ID map:
       *:emailaddress
    • Group member ID map: (replace ibm with your own ID)
      ibm-allGroups:member;ibm-allGroups:uniqueMember
    • Certificate map mode:
      EXACT_DN
  7. Click Apply when done and save the changes.
  8. Click Apply and Save for each of the screens to confirm each setting.
    Note: On the last page, make sure the Current realm definition is set to Standalone LDAP registry.
  9. Stop and restart the WebSphere Application Server.
  10. After the WebSphere Application Server restarts, validate the changes by logging into the Admin Console.
  11. To map user groups to the specific applications, click Applications > Enterprise Applications. (On WebSphere Application Server 7.0.0.7 and newer, click Applications > Application Types > WebSphere enterprise applications.)
  12. In the Enterprise Applications list, select the jazz_war application and click Stop.
  13. When the application stops, click the jazz_war application to open it for editing.
  14. In the Detail properties section, click Security role to user/group mapping.
  15. Select a specific group, such as JazzAdmins and JazzUsers, and click Look up groups. ( On WebSphere Application Server 7.0.0.7 and newer, click Map groups.)

    These groups are associated with every Jazz™ implementation and must be mapped to a particular LDAP group that contains the authorized users. These groups must be set up on the LDAP server prior to performing this mapping.

  16. Enter a search string to return your group names from the LDAP server. Click Search to run the query.
  17. From the list of available groups returned, select the particular group and move it to the Selected column.
  18. Click OK to map the LDAP groups to the Jazz groups.
  19. Map the appropriate LDAP group for all Jazz groups:
    • JazzAdmins
    • JazzProjectAdmins
    • JazzDWAdmins
    • JazzUsers
    • JazzGuests
    Note: Do not enable the All authenticated? option.
  20. Save the changes, and restart the jazz_war application.
  21. Log out of the Admin Console, and close the browser window.

What to do next

After configuring LDAP, proceed to t_run_server_setup_wiz.html.
Feedback