+

Search Tips   |   Advanced Search

Configure LDAP authentication (WebSphere Application Server V7)

Define the users who can access the Application Center console and the users who can log in to the client by configuring LDAP as a stand-alone LDAP server or as a federated repository.

This procedure shows you how to use LDAP to define the roles appcenteradmin and appcenteruser in WebSphere Application Server V7.

  1. Log in to the WebSphere Application Server console.

  2. In Security > Global Security, verify that administrative security and application security are enabled.

  3. Select Federated repositories or Standalone LDAP registry.

  4. Click Configure. For federated repositories, follow step 5. For stand-alone LDAP registry, follow step 6

  5. Option for federated repositories: add the new repository and configure the required additional properties.

    1. To add a new repository, click Add Base entry to Realm.

    2. Specify the value of "Distinguished name of a base entry that uniquely identifies entries in the realm" and click Add Repository.

    3. Select LDAP Repository.

    4. Give this repository a name and enter the values required to connect to the LDAP server.

    5. Under Additional Properties, click LDAP entity types.

    6. Configure the Group, OrgContainer, and PersonAccount properties. These configuration details depend on the LDAP server.

  6. Option for stand-alone LDAP registry: Configure access control (ACL) management. We can use JNDI properties for this configuration, but we cannot use VMM.

    1. Enter the values of General Properties. These values depend on the LDAP server.

    2. Under Additional Properties, click Advanced Lightweight Directory Access Protocol (LDAP) and configure the user and group filters and maps. These configuration details depend on the LDAP server.

  7. Save the configuration, log out, and restart the server.

  8. In the WebSphere Application Server console, map the security roles to users and groups.

    1. In the Configuration tab, select Applications > WebSphere Enterprise applications.

    2. Select "IBM_Application_Center_Services".

    3. In the Configuration tab, select Details > Security role to user/group mapping.

    4. For appcenteradmin and appcenteruser roles, select Map groups. This selection enables you to select users and groups inside the WebSphere user repository, including LDAP users and groups. The selected users can access the Application Center as appcenteradmin or appcenteruser. We can also map the roles to Special Subjects "All authenticated in application realm" to give everyone in the WebSphere user repository, including everyone registered in the LDAP registry, access to the Application Center.

  9. Repeat the procedure described in step 8 for IBM_Application_Center_Console. (Make sure that you select "IBM_Application_Center_Console" in step 8.b instead of "IBM_Application_Center_Services").

  10. Click Save to save the changes.


Parent topic: LDAP with WebSphere Application Server V7