For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Configure LDAP authentication for WebSphere Application Server V8.x

Use LDAP to define users who can access the Application Center console and users who can log in to the client.


Overview

We can configure LDAP based on the federated repository configuration only. This procedure shows you how to use LDAP to define the roles appcenteradmin and appcenteruser in WebSphere® Application Server V8.x.


Procedure

  1. Log in to the WebSphere Application Server console.
  2. Select Security > Global security and verify that administrative security and application security are enabled.
  3. In the "User account repository" section, select Federated repositories.
  4. Click Configure.
  5. Add a repository and configure it.
    1. Click Add Base entry to Realm.
    2. Specify the value of Distinguished name of a base entry that uniquely identifies entries in the realm and click Add Repository.
    3. Select LDAP Repository.
    4. Give this repository a name and enter the values that are required to connect to our LDAP server.
    5. Under Additional Properties, click LDAP entity types.
    6. Configure the Group, OrgContainer, and PersonAccount properties. These configuration details depend on your LDAP server.
  6. Save the configuration, log out, and restart the server.
  7. If you deployed WAR files, in the WebSphere Application Server console, map the security roles to users and groups.
    1. In the Configuration tab, select Applications > WebSphere Enterprise applications.
    2. Select IBM_Application_Center_Services.
    3. In the Configuration tab, select Details > Security role to user/group mapping.
    4. For appcenteradmin and appcenteruser roles, select Map groups. This selection enables you to select users and groups inside the WebSphere user repository, including LDAP users and groups. The selected users can access the Application Center as appcenteradmin or appcenteruser. We can also map the roles to Special Subjects “All authenticated in application realm” to give everyone in the WebSphere user repository, including everyone registered in the LDAP registry, access to the Application Center.
  8. Repeat step 7 for IBM_Application_Center_Console.

    Make sure that you select IBM_Application_Center_Console in step 7.b instead of IBM_Application_Center_Services. .

  9. If you deployed an EAR file, in the WebSphere Application Server console, map the security roles to users and groups.
    1. Click Applications > Application Types > WebSphere enterprise applications.
    2. From the list of applications, click AppCenterEAR.
    3. In the Detail Properties section, click Security role to user/group mapping.
    4. For appcenteradmin and appcenteruser roles, select Map groups or Map users to select users or groups inside the WebSphere user repository, including LDAP users and groups.

      The selected users can access the Application Center as appcenteradmin or appcenteruser. We can also map the roles to Special Subjects “All authenticated in application realm” to give access to the Application Center to everyone in the WebSphere user repository, including everyone registered in the LDAP registry.

  10. Click Save to save your changes.


What to do next

You must enable ACL management with LDAP. See Configuring LDAP ACL management for WebSphere Application Server V8.x.

Parent topic: LDAP with WebSphere Application Server V8.x