Configure WebSphere Portal for Active Directory

Configure WebSphere Portal for Active Directory without realm support

Configure the AD Schema

If not installed, install the Windows 2000 Support Tool from the...
\SUPPORT\TOOLS

...directory on the Windows 2000 Setup CD.
Register Active Directory Schema (schmmgmt.dll) by running the following command at a command line:
regsvr32 schmmgmt.dll

Load the Security Administration Tools console...

...for Windows 2003...

Windows Start menu | Run | mmc /a | OK

...Window 2000...
Windows Start Menu | Programs |Windows 2000 Support Tools | Security Administration Tools | Console | Add/Remove Snap-in | Standalone tab | Add | Active Directory Schema | Add

Configure the Active Directory Schema Snap-in using the following steps:

For Windows 2003:

From the Security Administration Tools console, right-click on Active Directory Schema and select Operations Master.

For Window 2000:

From the Security Administration Tools console, right-click on Active Directory Schema and select Operations Master.
Select The Schema can be modified on this Domain Controller, and click OK to save this change.

If you are using Windows 2000. Create the preferredLanguage attribute:

From the Security Administration Tools console...
Active Directory Schema | Attributes (right-click) | Create Attribute | Continue

Enter the following values in Create New Attribute:

Field name Description
Common Name preferredLanguage
LDAP Display Name preferredLanguage
Unique X500 Object ID 2.16.840.1.113730.3.1.39
Syntax Unicode String

Click OK to create the preferredLanguage attribute.

Follow these steps to add the preferredLanguage attribute to the user object class:

From the Security Administration Tools console,
Active Directory Schema | Classes | user | Attributes | Optional | Add

Select preferredLanguage from the list of objects and click OK to add this object.

Follow these steps to enable the preferredLanguage mapping to the Member Manager XML file:

Edit...
$WP_HOME/PortalServer/config/templates/wmm/wmmLDAPAttributes_ACTIVE_DIRECTORY.xml.

Find the following attribute map tag:
<attributeMap wmmAttributeName="preferredLanguage" pluginAttributeName="preferredLanguage" applicableMemberTypes="Person" dataType="String" valueLength="128" multiValued="false" />

Remove the comment tags on the lines above and below the map tag block. Comment tags are .
Save and close the text file before configuring WebSphere Portal.

Configure WebSphere Portal

Follow these steps to edit the wpconfig.properties file and run the appropriate configuration tasks so that WebSphere Portal can work with the LDAP server.
A configuration template might exist to support these instructions. Refer to the...
$WP_ROOT/config/helpers

If you do not want to use a configuration template, simply follow the instructions below as written.

Password considerations

For security reasons, not store passwords in the wpconfig.properties file. It is recommended that you edit the wpconfig.properties prior to running a configuration task, inserting the passwords needed for that task. Then, after the task has run, you should delete all passwords from the wpconfig.properties file. For more information, see Delete passwords.
Alternatively, you can specify the password on the command line using the following syntax:
WPSconfig.{sh|bat} task_name -Dpassword_property_key=password_value

As with other properties, each password property must have the -D prefix and be set equal to (=) a value. If you have multiple properties in a single command, use a space character between each -Dproperty=value setting.

Steps for this task

Ensure that the LDAP software is installed and any setup required by WebSphere Portal has been performed.
Locate the wpconfig.properties file and create a back up copy before changing any values.
$WP_ROOT/config/wpconfig.properties

Use a text editor to open the wpconfig.properties file and enter the values appropriate for your environment.

WebSphere Application Server properties

Property Description Recommended Default
WasUserid The user ID for WAS security authentication. This should be the fully qualified distinguished name (DN). For LDAP configuration this value should not contain spaces.
If a value is specified for WasUserid, a value must also be specified for WasPassword. If WasUserid is left blank, WasPassword must also be left blank.
cn=wpsbind,
cn=users,
dc=yourco,
dc=com ReplaceWithYourWASUserId
WasPassword The password for WAS security authentication.
If a value is specified for WasPassword, a value must also be specified for WasUserid. If WasPassword is left blank, WasUserid must also be left blank.
<none> ReplaceWithYourWASUserPwd

Portal configuration properties

Property Description Recommended Default
PortalAdminId The user ID for the WebSphere Portal administrator. This should be the fully qualified distinguished name (DN).
For LDAP configuration this value should not contain spaces.
cn=portaladminid,
cn=users,
dc=yourco,
dc=com uid=<portaladminid>,
o=default organization

PortalAdminIdShort The short form of the user ID for the WebSphere Portal administrator, as defined in the PortalAdminId property. <none> <portaladminid>
PortalAdminPwd The password for the WebSphere Portal administrator, as defined in the PortalAdminId property. <none> <none>
PortalAdminGroupId The group ID for the group to which the WebSphere Portal administrator belongs.
The recommended value is only a guideline. Before setting this property, check the name of the group schema in your unique environment.
cn=wpsadmins,
cn=groups,
dc=yourco,
dc=com cn=wpsadmins,
o=default organization
PortalAdminGroupIdShort The short form of the group ID for the WebSphere Portal administrator, as defined in the PortalAdminGroupId property. <none> wpsadmins
WpsContentAdministrators The group ID for the WebSphere Content Administrator group. cn=wpsContentAdministrators,
cn=groups,
dc=yourco,
dc=com cn=wpsContentAdministrators,
o=default organization
WpsContentAdministratorsShort The WebSphere Content Administrators group ID. <none> wpsContentAdministrators
WpsDocReviewer The group ID for the WebSphere Document Reviewer group. cn=wpsDocReviewer,
cn=groups,
dc=yourco,
dc=com cn=wpsDocReviewer,
o=default organization
WpsDocReviewerShort The WebSphere Document Reviewer group ID. wpsDocReviewer wpsDocReviewer

Database properties

Property Description Recommended Default
DbUser The user ID for the database administrator. <none> db2admin
DbPassword The password for the database administrator. <none> ReplaceWithYourDbAdminPwd

WebSphere Portal Security LTPA and SSO configuration

Property Description Recommended Default
LTPAPassword The password for the LTPA bind. <none> <none>
LTPATimeout Specifies the number of minutes after which an LTPA token will expire. 120 120
SSODomainName Specifies the domain name for all allowable single signon host domains.

Enter the part of the domain that is common to all servers that participate in single signon. For example, if WebSphere Portal has the domain portal.us.ibm.com and another server has the domain another_server.ibm.com, enter ibm.com.
To specify multiple domains, use a semicolon ; to separate each domain name. For example, your_co.com;ibm.com.

Single signon (SSO) is achieved via a cookie that is sent to the browser during authentication. When connecting to other servers in the TCP/IP domain specified in the cookie, the browser sends the cookie. If no domain is set in the cookie, the browser will only send the cookie to the issuing server.
your company's domain name <none>

LDAP Properties Configuration

Property Description Recommended Default
Lookaside Specifies if a Lookaside database is to be used in combination with the LDAP server. A Lookaside database stores attributes which cannot be stored in your LDAP server. This combination of LDAP plus a Lookaside database is needed to support Member Manager, however, using a Lookaside database can slow down performance.To enable the LDAP + Lookaside database combination, set this property to true.
This value cannot be configured after security is enabled. If you intend to use a Lookaside database, set this value before configuring security.
false false
LDAPHostName The host information for the LDAP server that WebSphere Portal will use; for example, yourserver.yourcompany.com. <none> yourldapserver.com
LDAPPort The server port of the LDAP directory. (non-SSL): 389 389
LDAPAdminUId The LDAP administrator id. <none> cn=root
LDAPAdminPwd The LDAP administrator password. If the LDAPAdminUId is blank, this property must be blank as well. <none> <none>
LDAPServerType Type of LDAP Server to be used. ACTIVE_DIRECTORY IBM_DIRECTORY_SERVER
LDAPBindID The user ID for LDAP Bind authentication. This user ID is used by WAS to bind to the LDAP to retrieve user attributes required for authentication. If this property is omitted, the LDAP is access anonymously and is then read-only. bind_user cn=wpsbind,
cn=users,
dc=yourco,
dc=com
LDAPBindPassword Password for LDAP Bind authentication. If the LDAPBindID is blank, this property must be blank as well. bind_password WmmSystemId
The fully-qualified distinguished name (DN) of a user in the LDAP. This DN is stored in the credential vault for PUMA's use to access the Member Manager EJB. The Member Manager EJB is secured by WAS Security starting with WebSphere Portal 5.1. An authenticated security context is now established before WebSphere Portal can access Member Manager.
This value should not contain spaces and must not contain any suffixes in the custom user registry case.
cn=wmmsystemid,
cn=users,
dc=yourco,
dc=com <none>
WmmSystemIdPassword Password for WmmSystemId. <none> <none>

Advanced LDAP Configuration

Property Description Recommended Default
LDAPSuffix The LDAP Suffix. Choose a value appropriate for your LDAP server. This is the distinguished name (DN) of the node in the LDAP containing all user and group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal and all Portal groups.
If WAS configuration tasks (e.g., enable-security-ldap) are used to activate WAS Security, this value will be used as the single Base Distinguished Name for the Application Server LDAP configuration. This value will be qualified with the LDAPUserSuffix and LDAPGroupSuffix values in order to configure Member Manager.
dc=yourco,
dc=com dc=yourco,
dc=com
LdapUserPrefix RDN prefix attribute name for user entries. cn uid
LDAPUserSuffix The DN suffix attribute name for user entries. Choose the value appropriate for your LDAP server. With the "LDAPSuffix" appended to this value, it is the DN of the common root node in the LDAP containing all user information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal including the Portal admin users (e.g., wpsadmin and wpsbind). cn=users cn=users
LdapGroupPrefix RDN prefix attribute name for user entries. cn cn
LDAPGroupSuffix The DN suffix attribute name for group entries. Choose a value appropriate for your LDAP server. With the "LDAPSuffix" appended to this value, it is the DN of the common root node in the LDAP containing all group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all group entries for the Portal including the Portal admin group (e.g., wpsadmins). cn=groups cn=groups
LDAPUserObjectClass The LDAP object class of the Portal users in your LDAP directory that will log into the Portal being configured. user inetOrgPerson
LDAPGroupObjectClass The LDAP object class of all the groups in your LDAP directory that the Portal will access. group groupOfUniqueNames
LDAPGroupMember The attribute name in the LDAP group object of the "membership" attribute. Choose a value appropriate for your LDAP server. member uniqueMember
LDAPUserFilter The filter used by WAS for finding users in the LDAP. (&(|(cn=%v)(samAccountName=%v))(objectclass=user))
(&(uid=%v)(objectclass=inetOrgPerson))
LDAPGroupFilter The filter used by WAS for finding groups in the LDAP. (&(cn=%v)(objectclass=group)) (&(cn=%v)(objectclass=groupOfUniqueNames))
LDAPsslEnabled Specifies whether secure socket communications is enabled to the LDAP server. (non-SSL): false
(SSL): true false

Optional: If you installed WAS as part of the WebSphere Portal installation and you plan to use WAS single signon, ensure that the following property in the wpconfig.properties file has the recommended value and not the default value. WebSphere Portal uses Form-based login for authentication, which requires SSO to be enabled; otherwise, you will be no longer able to login to WebSphere Portal.
If you installed WebSphere Portal onto a pre-existing instance of WAS, skip this step. Any pre-existing settings for WAS SSO are automatically detected and preserved when you run the appropriate task to configure security.

WebSphere Portal Security LTPA and SSO Configuration

Property Description Recommended Default
SSORequiresSSL Specifies that single signon is enabled only when requests are over HTTPS Secure Sockets Layer (SSL) connections. Choose False unless SSL is already enabled for WebSphere Portal. In most cases, SSL for WebSphere Portal will not yet be in place. After SSL for WebSphere Portal is set up, change this value using the WAS administrative console. (non-SSL): false
(SSL): true false

Save the file.
Start the servers...
cd $WAS_HOME/bin
startServer server1
stopServer WebSphere_Portal

Change to the WebSphere Portal configuration directory.

Windows/Unix:...
$WP_ROOT/config

Enter the following command to run the appropriate configuration task for your specific operating system:
./WPSconfig.sh validate-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPwd=password -DWmmSystemIdPassword=password

If the configuration task fails, validate the values in the wpconfig.properties file.
If you installed WebSphere Portal on a pre-existing instance of WAS which had Global Security enabled or if you followed the steps in Manually configure WAS Global Security.

If you disabled WAS Global Security before installing WebSphere Portal, enable it now.
Run the following configuration task.
This task configures WebSphere Portal for security but does not modify your WAS existing security settings. Enter the appropriate command to run the configuration task:
./WPSconfig.sh secure-portal-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPwd=password -DWmmSystemIdPassword=password

Check the output for any error messages before proceeding with any additional tasks. If any the configuration task fails, verify the values in the wpconfig.properties file.

If you meet either of the following criteria:

You installed WebSphere Portal on a pre-existing instance of WAS which did not have Global Security enabled
You installed WAS as part of the WebSphere Portal installation

Enter the appropriate command to run the configuration task for your specific operating system:
If this is a cluster environment, stop all cluster members before enabling security using the enable-security-ldap task.
/WPSconfig.sh enable-security-ldap -DWasPassword=password -DPortalAdminPwd=password -DDbPassword=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPwd=password -DWmmSystemIdPassword=password

Check the output for any error messages before proceeding with any additional tasks. If the configuration task fails, verify the values in the wpconfig.properties file. Before running the task again, be sure to stop the WebSphere Portal appserver. To stop the server follow these steps.

In a command prompt, change to the WAS /bin directory.

Windows/Unix: was_root/bin

Enter the following command and specify the WebSphere Application Server user ID and password (as defined by the WasUserid and WasPassword properties):

stopServer WebSphere_Portal -user was_admin_userid -password was_admin_password

If you are using wmm.xml to store Member Manager configuration information, modify...
$WP_ROOT/wmm/wmm.xml

... to change the wmmGenerateExtId value from true to false. By default, this value is true. But for Active Directory, this value needs to be set to false. In the <ldapRepository...> stanza of the wmm.xml file, change the value as follows: wmmGenerateExtId="false".
Follow these steps to uncomment preferredLanguage attributeMap:

Go to the ...
$WP_ROOT/wmm

...directory.
Make a backup copy of wmmLDAPServerAttributes.xml. For example, copy and rename wmmLDAPServerAttributes.xml to wmmLDAPServerAttributes.xml.orig.
Open the wmmLDAPServerAttributes.xml file.
Search for the preferredLanguage attributeMap element. By default, it is commented out.
Remove the comment tags.
Save the file.

If you are using LDAP over SSL, refer to Set up LDAP over SSL and be sure your LDAP is properly configured.
If you are using Windows 2003 Active Directory, modify...
$WP_ROOT/wmm/wmm.xml

In the <ldapRepository...> stanza of the wmm.xml file, change the adapterClassName= value to: adapterClassName="com.ibm.ws.wmm.ldap.activedir.ActiveDirectory2003AdapterImpl".
Stop and start the servers.

In a command prompt, change to the WAS /bin directory.

Windows/Unix: was_root/bin

Enter the following commands. If you are running with security enabled on WAS, specify a user ID and password for security authentication when entering the commands.

Stop server 1.

stopServer server1
Security enabled: stopServer server1 -user was_admin_userid -password was_admin_password

Start server 1.

startServer server1

Start WebSphere Portal appserver

startServer WebSphere_Portal

Perform this step only if you installed WebSphere Portal on a pre-existing instance of WAS, do one of the following:

If you disabled Global Security before installing: Manually reactivate Global Security. From the WAS Administrative Console, select Security > Global Security. Make the appropriate selections and click OK. Restart WebSphere Portal.
If you installed WebSphere Portal without configuring it during installation: Use the procedure below to manually deploy portlets.
Cluster note: If you are installing WebSphere Portal on a WAS node that is part of managed cell, this step is only required if you are installing on the primary node. It is not necessary to deploy portlets if you are installing on a secondary node.

Ensure that WebSphere Portal is running.
In a command prompt, change to the WebSphere Portal /config directory.
$WP_ROOT/config

Enter the appropriate command to run the configuration task for your specific operating system:
./WPSconfig.sh portlets -DPortalAdminPwd=password

If you installed WebSphere Portal into a pre-existing SSO environment. Because you will not be given the option to import your existing token file, perform the following steps:

To import your SSO Token:

In the WAS Administrative Console, select Security > Authentication Mechanisms > LTPA.
Enter the LTPA token password in the Password field.
Enter the password again in the Confirm password field.
In the Key File Name field, enter the LTPA token file.
Click Import Keys.
Click Save.

To set your SSO Domain:

In the WAS Administrative Console, select Security > Authentication Mechanisms > LTPA.
Click Single Signon in Additional Properties.
Enter the domain name in the Domain Name field.
Click OK.

If you want to allow users or portal administrators to create and modify directory attributes through self-registration and self-care screens or the user management portlet. Perform the following steps:

Open PumaService.properties file. You can find this file in the...
$WP_ROOT/shared/app/config/services

...directory.
Add user.sync.remove.attributes=cn,CN.
Save the file.
Restart the WebSphere_Portal appserver.

If you do not perform these steps WebSphere Portal will not be able to create or update a user by using portal functions because of a misconfiguration.
WebSphere Portal can be configured to create the distinguished name (DN) for a user account created through WebSphere Portal interfaces (self-registration or the user management portlet create new user functions) by using the common name (cn) as the first Relative Distinguished Name (RDN) component. The default configuration of WebSphere Portal generates this attribute based on the surname and givenname attribute. The configuration is located in the puma.properties file

The following entry defines the user common name pattern and can be used to customize common name. In the pattern, you can define which attribute is used. Therefore the maximum amount of attributes has to be provided by puma.commonname.parts. See the following example for more details:
e.g.: firstname+" "+lastname puma.commonname = {0} {1} puma.commonname.parts = 2 puma.commonname.0 = firstname puma.commonname.1 = lastname

Verifying configuration

Access WebSphere Portal via http://hostname.yourco.com:port_number/wps/portal and verify that you can log in.
Configuring WebSphere Portal to work with an LDAP directory automatically enables WAS Global Security. Once security is enabled, type the fully qualified host.name when accessing WebSphere Portal and the WAS Administrative Console.

Security is enabled

Once you have enabled security with your LDAP directory, provide the user ID and password required for security authentication on WAS when you perform certain administrative tasks with WAS. For example, to stop the WebSphere Portal appserver, you would issue the following command:
stopServer WebSphere_Portal -user was_admin_userid -password was_admin_password

Next steps

You have completed this step. Continue to the next step by choosing the following topic:

Plan
Install Active Directory
Set up Active Directory
Set up Active Directory over SSL
Verifying

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

Field name	Description
Common Name	preferredLanguage
LDAP Display Name	preferredLanguage
Unique X500 Object ID	2.16.840.1.113730.3.1.39
Syntax	Unicode String

Property	Description	Recommended	Default
WasUserid	The user ID for WAS security authentication. This should be the fully qualified distinguished name (DN). For LDAP configuration this value should not contain spaces. If a value is specified for WasUserid, a value must also be specified for WasPassword. If WasUserid is left blank, WasPassword must also be left blank.	cn=wpsbind, cn=users, dc=yourco, dc=com	ReplaceWithYourWASUserId
WasPassword	The password for WAS security authentication. If a value is specified for WasPassword, a value must also be specified for WasUserid. If WasPassword is left blank, WasUserid must also be left blank.	<none>	ReplaceWithYourWASUserPwd

Property	Description	Recommended	Default
PortalAdminId	The user ID for the WebSphere Portal administrator. This should be the fully qualified distinguished name (DN). For LDAP configuration this value should not contain spaces.	cn=portaladminid, cn=users, dc=yourco, dc=com	uid=<portaladminid>, o=default organization
PortalAdminIdShort	The short form of the user ID for the WebSphere Portal administrator, as defined in the PortalAdminId property.	<none>	<portaladminid>
PortalAdminPwd	The password for the WebSphere Portal administrator, as defined in the PortalAdminId property.	<none>	<none>
PortalAdminGroupId	The group ID for the group to which the WebSphere Portal administrator belongs. The recommended value is only a guideline. Before setting this property, check the name of the group schema in your unique environment.	cn=wpsadmins, cn=groups, dc=yourco, dc=com	cn=wpsadmins, o=default organization
PortalAdminGroupIdShort	The short form of the group ID for the WebSphere Portal administrator, as defined in the PortalAdminGroupId property.	<none>	wpsadmins
WpsContentAdministrators	The group ID for the WebSphere Content Administrator group.	cn=wpsContentAdministrators, cn=groups, dc=yourco, dc=com	cn=wpsContentAdministrators, o=default organization
WpsContentAdministratorsShort	The WebSphere Content Administrators group ID.	<none>	wpsContentAdministrators
WpsDocReviewer	The group ID for the WebSphere Document Reviewer group.	cn=wpsDocReviewer, cn=groups, dc=yourco, dc=com	cn=wpsDocReviewer, o=default organization
WpsDocReviewerShort	The WebSphere Document Reviewer group ID.	wpsDocReviewer	wpsDocReviewer

Property	Description	Recommended	Default
DbUser	The user ID for the database administrator.	<none>	db2admin
DbPassword	The password for the database administrator.	<none>	ReplaceWithYourDbAdminPwd

Property	Description	Recommended	Default
Lookaside	Specifies if a Lookaside database is to be used in combination with the LDAP server. A Lookaside database stores attributes which cannot be stored in your LDAP server. This combination of LDAP plus a Lookaside database is needed to support Member Manager, however, using a Lookaside database can slow down performance.To enable the LDAP + Lookaside database combination, set this property to true. This value cannot be configured after security is enabled. If you intend to use a Lookaside database, set this value before configuring security.	false	false
LDAPHostName	The host information for the LDAP server that WebSphere Portal will use; for example, yourserver.yourcompany.com.	<none>	yourldapserver.com
LDAPPort	The server port of the LDAP directory.	(non-SSL): 389	389
LDAPAdminUId	The LDAP administrator id.	<none>	cn=root
LDAPAdminPwd	The LDAP administrator password. If the LDAPAdminUId is blank, this property must be blank as well.	<none>	<none>
LDAPServerType	Type of LDAP Server to be used.	ACTIVE_DIRECTORY	IBM_DIRECTORY_SERVER
LDAPBindID	The user ID for LDAP Bind authentication. This user ID is used by WAS to bind to the LDAP to retrieve user attributes required for authentication. If this property is omitted, the LDAP is access anonymously and is then read-only.	bind_user	cn=wpsbind, cn=users, dc=yourco, dc=com
LDAPBindPassword	Password for LDAP Bind authentication. If the LDAPBindID is blank, this property must be blank as well.	bind_password	WmmSystemId
The fully-qualified distinguished name (DN) of a user in the LDAP. This DN is stored in the credential vault for PUMA's use to access the Member Manager EJB. The Member Manager EJB is secured by WAS Security starting with WebSphere Portal 5.1. An authenticated security context is now established before WebSphere Portal can access Member Manager. This value should not contain spaces and must not contain any suffixes in the custom user registry case.	cn=wmmsystemid, cn=users, dc=yourco, dc=com	<none>
WmmSystemIdPassword	Password for WmmSystemId.	<none>	<none>

Property	Description	Recommended	Default
LDAPSuffix	The LDAP Suffix. Choose a value appropriate for your LDAP server. This is the distinguished name (DN) of the node in the LDAP containing all user and group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal and all Portal groups. If WAS configuration tasks (e.g., enable-security-ldap) are used to activate WAS Security, this value will be used as the single Base Distinguished Name for the Application Server LDAP configuration. This value will be qualified with the LDAPUserSuffix and LDAPGroupSuffix values in order to configure Member Manager.	dc=yourco, dc=com	dc=yourco, dc=com
LdapUserPrefix	RDN prefix attribute name for user entries.	cn	uid
LDAPUserSuffix	The DN suffix attribute name for user entries. Choose the value appropriate for your LDAP server. With the "LDAPSuffix" appended to this value, it is the DN of the common root node in the LDAP containing all user information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal including the Portal admin users (e.g., wpsadmin and wpsbind).	cn=users	cn=users
LdapGroupPrefix	RDN prefix attribute name for user entries.	cn	cn
LDAPGroupSuffix	The DN suffix attribute name for group entries. Choose a value appropriate for your LDAP server. With the "LDAPSuffix" appended to this value, it is the DN of the common root node in the LDAP containing all group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all group entries for the Portal including the Portal admin group (e.g., wpsadmins).	cn=groups	cn=groups
LDAPUserObjectClass	The LDAP object class of the Portal users in your LDAP directory that will log into the Portal being configured.	user	inetOrgPerson
LDAPGroupObjectClass	The LDAP object class of all the groups in your LDAP directory that the Portal will access.	group	groupOfUniqueNames
LDAPGroupMember	The attribute name in the LDAP group object of the "membership" attribute. Choose a value appropriate for your LDAP server.	member	uniqueMember
LDAPUserFilter	The filter used by WAS for finding users in the LDAP.	(&(\|(cn=%v)(samAccountName=%v))(objectclass=user)) (&(uid=%v)(objectclass=inetOrgPerson))
LDAPGroupFilter	The filter used by WAS for finding groups in the LDAP.	(&(cn=%v)(objectclass=group))	(&(cn=%v)(objectclass=groupOfUniqueNames))
LDAPsslEnabled	Specifies whether secure socket communications is enabled to the LDAP server.	(non-SSL): false (SSL): true	false