Configure WebSphere Portal for LDAP Searches


This section describes procedures for configuring LDAP searches and aliases in the LDAP user registry.

 

Searching on LDAP user registry using LDAPSearch

The example LDAP configurations shown in this section are relatively simple and are intended to show you how to derive values for the wpconfig.properties file from the simple example directory setups. This does not mean that your LDAP user registry must be so simple. Your LDAP server could have unique settings that are very different from the default examples included in this topic, including different objectclasses for user and group objects and different directory tree layouts. Be sure to substitute settings that are appropriate for your specific LDAP configuration where necessary. Use the ldapsearch utility to help you determine the correct settings for WebSphere Portal to access your directory. Using the ldapsearch utility, you can search your user registry, specifying LDAP search bases, search filters, and other parameters in much the same way that WebSphere Portal will search the directory.

 

Using aliases in the LDAP user registry

The default configuration assumes that the LDAP user registry does not contain aliases. If your LDAP user registry contains aliases that are used during logon, perform the following procedure:

  1. Unix and Windows:Edit $WAS_HOME/properties/jndi.properties .

  2. Search for the property java.naming.ldap.derefAliases.

  3. Set the property value to always (java.naming.ldap.derefAliases=always).

 

Using the ldapsearch utility to validate LDAP settings

If you specify an LDAP suffix of dc=setgetweb,dc=com, a user suffix of cn=users, a user prefix of uid, and an objectclass of inetOrgPerson, and set the LDAP access identity for WebSphere Portal to wpsbind with the password wpsbind, then the ldapsearch command will perform an equivalent search to what WebSphere Portal will perform, for a user wpsadmin, is as follows. This command is shown on two lines but must be entered as one line.

ldapsearch -b "dc=setgetweb,dc=com" -h <directory hostname> -D "uid=wpsbind,cn=users,dc=setgetweb,dc=com" -w "wpsbind" 
"(&(uid=wpsadmin)(objectclass=inetOrgPerson))"

If you get back a listing of the attributes of the entry in the directory for wpsadmin, then you have the correct set of LDAP parameters set for your directory.

A complete description of the ldapsearch utility is beyond the scope of this document, but you can simply specify ldapsearch with no parameters on a command line to get a listing of the syntax for the utility.

 

See also

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.