Integration with Tivoli Directory Server
Since IBM Worklight Foundation v6.2.0, an LDAP server is needed to protect the operations console. To protect also the MobileFirst applications on PureApplication System, IBM SmartCloud Orchestrator, or IBM PureApplication Service on SoftLayer, we can either leverage a new User Registry TDS component as a user registry or connect to an existing user registry server.
To integrate with LDAP, we need to implement the LDAP login module in authenticationConfig.xml.located in WEB-INF\classes\conf of MobileFirst runtime WAR as follows:
- The name attribute of LoginModule must be set to LDAPLoginModuleIPAS.
- The module must include a parameter with a name attribute set to ldapProviderURL. If we connect to a new TDS, its value will be automatically overridden by the built-in TDS server. URL.
This is an example of a suitable LDAP login module:
<loginModule name="LDAPLoginModuleIPAS"> <className>com.worklight.core.auth.ext.LdapLoginModule</className> <parameter name="ldapProviderURL" value="ldaps://192.0.2.123:636"/> ... ... </loginModule>
- If Connect to a new TDS is enabled in the project.configuration, we need to specify a .ldif file or use the default .ldif file used to protect the operations console.
- If Connect to existing TDS is enabled, the value of the ldapProviderURL parameter is taken as the remote LDAP server address.
Parent topic: Work with IBM MobileFirst Platform Application Pattern Extension for MobileFirst Studio