Configure Domino Directory for realm support

Configure Domino Directory for realm support

+

Search Tips | Advanced Search

LDAP user registry
Lotus Domino server installation and server setup reference
Set up Domino Directory
Disable WAS global security
Configuring Domino Directory for realm support (Current task)
Additional LDAP configuration
Verify LDAP

Overview

These instructions apply to either a single server installation or a cluster environment. When setting up a cluster to use an LDAP server, it is only necessary to perform these steps on the primary node in the cluster.
These instructions configure WebSphere Portal to work with Lotus Domino as an LDAP server only. To configure WebSphere Portal for the collaborative features that require Lotus Domino Server, refer to...
Checklist of tasks: LDAP server for Lotus Collaborative Services

A configuration template might exist to support these instructions. See...
portal_server_root/config/helpers

If you do not want to use a configuration template, simply follow the instructions below.
These steps allow us to configure the LDAP server to use virtual portal and realm support.

Procedure

Ensure that the LDAP software is installed and any setup required by WebSphere Portal has been performed.

Before configuring the LDAP, disable security.

Locate...

wpconfig.properties
wpconfig_dbdomain.properties

...in the following directory and create a back up copy before changing any values...

Windows and UNIX
portal_server_root/config/

i5/OS
portal_server_root/config/

Edit the wpconfig.properties file and enter the values appropriate for the environment.
Note the following:

Do not change any settings other than those specified in these steps. For instructions on working with these files, see Configuration properties reference for a complete properties reference, including default values.

Use / instead of \ for all platforms.

Some values, shown in italics below, might need to be modified to the specific environment.

IBM WAS properties

Property Value
WasUserid The user ID for WAS security authentication.
Should be the fully qualified distinguished name of a current administrative user for the WAS. For LDAP configuration this value should not contain spaces.

Make sure to type the value in lower case, regardless of the case used in the distinguished name. If a value is specified for WasUserid, a value must also be specified for WasPassword. If WasUserid is left blank, WasPassword must also be left blank.

For LDAP configuration this value should not contain spaces.
Value type:
Alphanumeric text string

Example when using LDAP security:
cn=wpsbind,o=setgetweb.com

Example when using Custom User Registry:
wpsbind

Default:
ReplaceWithYourWASUserID

WasPassword The password for WAS security authentication.

If a value is specified for WasPassword, a value must also be specified for WasUserid. If WasPassword is left blank, WasUserid must also be left blank.
Value type:
Alphanumeric text string

Recommended:
Set this value according to your own environment.

Default:
ReplaceWithYourWASUserPwd

Portal configuration properties

WpsContentAdministrators, WpsDocReviewer, and PortalAdminGroupId should be different groups.

Property Value
PortalAdminId User ID for the WebSphere Portal administrator. Use fully qualified DN
For LDAP configuration this value should not contain spaces.
Make sure to type the value in lower case, regardless of the case used in the distinguished name.
Value type:
Alphanumeric text string, conforming to the LDAP distinguished name format

Examples for LDAP:
cn=portaladminid,o=setgetweb.com

Example for Custom User Registry:
uid=portaladminid

Windows and UNIX Default value:
none

i5/OS Default value:
uid=portaladminid,o=default organization

PortalAdminPwd The password for the WebSphere Portal administrator, as defined in the PortalAdminId property.
Value type:
Alphanumeric text string

Example:
yourportaladminpwd

Default:
none

PortalAdminGroupId The group ID for the group to which the WebSphere Portal administrator belongs.

Make sure to type the value in lower case, regardless of the case used in the distinguished name.
Value type:
Alphanumeric text string, conforming to the LDAP distinguished name format

Examples for LDAP:
cn=wpsadmins

Example for Custom User Registry:
cn=wpsadmins,o=default organization

Default:
cn=wpsadmins,o=default organization

WpsContentAdministrators The group ID for the WebSphere Content Administrator group.
Value type:
Alphanumeric text string

Example values:

DEV (No security):
WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization

Member Manager User Repository database:
WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization

LDAP example values:
cn=wpsContentAdministrators

Default:
cn=wpsContentAdministrators,o=default organization

WpsContentAdministratorsShort The WebSphere Content Administrators group ID.
Value type:
Alphanumeric text string

Default:
wpsContentAdministrators

WpsDocReviewer The group ID for the WebSphere Document Reviewer group
Value type:
Alphanumeric text string

Example values:

DEV (No security):
WpsDocReviewer=cn=wpsDocReviewer,o=default organization

Database user registry:
WpsDocReviewer=cn=wpsDocReviewer,o=default organization

LDAP example values:
cn=wpsDocReviewer

Default:
cn=wpsDocReviewer,o=default organization

WpsDocReviewerShort The WebSphere Document Reviewer group ID.
Value type:
Alphanumeric text string

Default:
wpsDocReviewer

Database properties in wpconfig_dbdomain.properties

The following two properties are located in the wpconfig_dbdomain.properties file and are required when using a Lookaside database and/or federation.

Property Value
wmm.DbUser
The user ID for the database administrator.
For SQL Server and non-wmm databases only, unless you are the system administrator, the values for dbdomain.DbUser and dbdomain.DbSchema must be the same.
For Oracle and SQL Server servers, this value must be set to FEEDBACK, which corresponds to the user FEEDBACK in the database. If the user you are using is an administrative user that has authority over the FEEDBACK schema, the administrative user should be entered for the dbdomain.DbUser property.
Value type:
Alphanumeric text string

Default:

Release: db2admin

Community:
db2admin

Customization:
db2admin

JCR:
db2admin

WMM:
db2admin

Feedback:
db2admin

LikeMinds:
db2admin

Recommended:
wpsdbusr (for databases other than DB2 )

wmm.DbPassword
The password for the database administrator.
A value must be set for this property; it cannot be empty.
Value type:
Alphanumeric text string

Default value for all domains:
ReplaceWithYourDbAdminPwd

WebSphere Portal Security LTPA and SSO configuration

Property Value
LTPAPassword The password for the LTPA bind.
Value type:
Alphanumeric text string

Default:
none

LTPATimeout Number of minutes after which an LTPA token will expire.
Value type:
Numeric text string

Default:
120

SSODomainName Domain name for all allowable single signon host domains.

Enter the part of the domain that is common to all servers that participate in single signon. For example, if WebSphere Portal has the domain...
portal.us.ibm.com

...another server has the domain...
another_server.ibm.com

...enter...
ibm.com

To specify multiple domains, use a semicolon ; to separate each domain name. For example,...
your_co.com;ibm.com

Single signon (SSO) is achieved using a cookie that is sent to the browser during authentication. When connecting to other servers in the TCP/IP domain specified in the cookie, the browser sends the cookie. If no domain is set in the cookie, the browser will only send the cookie to the issuing server.
Value type:
Fully-qualified domain name

Default:
none

LDAP Properties Configuration

Property Value
LookAside We can either install with LDAP only or with LDAP using a Lookaside database. The purpose of a Lookaside database is to store attributes which cannot be stored in the LDAP server; this combination of LDAP plus a Lookaside database is needed to support the Database user registry.
To enable a Lookaside database, set this property to true. If you intend to use a Lookaside database, set this value before configuring security, as it cannot be configured after security is enabled.
Set Lookaside to true if you are using any of the following...

IWWCM
Common Mail portlet
Common Calendar portlet

Using a Lookaside database can slow down performance.
Value type:

true - LDAP + Lookaside database

false - LDAP only

Default:
false

WmmDefaultRealm Default realm of the Member Manager user registry configuration. Set this property before you enable security with either...
enable-security-wmmur-ldap

...or...
enable-security-wmmur-db

Value type:
Alphanumeric text string

Default:
portal

LDAPHostName
The host information for the LDAP server that WebSphere Portal will use.
Value type:
Fully qualified host.name of the LDAP server

Default:
yourldapserver.com

LDAPPort
The server port of the LDAP directory.
Value type:
Alphanumeric text string

Example:
389 for non-SSL or 636 for SSL

Default:
389

LDAPAdminUId
The user ID for the administrator of the LDAP directory.
Member Manager uses this ID to bind to the LDAP to retrieve users attributes, create new users and groups in the LDAP and update user attributes. This ID is not required to be the LDAP admin DN, but rather an ID with sufficient authority for the use cases just cited. If this property is omitted, the LDAP is accessed anonymously and read-only.
Make sure to type the value in lower case, regardless of the case used in the distinguished name.
Value type:
Alphanumeric text string, conforming to the LDAP distinguished name format. For example, cn=userid.

Default:
cn=root

LDAPAdminPwd
The password for the LDAP directory administrator, as defined in the LDAPAdminUId property. If the LDAPAdminUId is blank, this property must be blank as well.
Value type:
Alphanumeric text string

Default:
none

LDAPServerType
The type of LDAP Server to be used.
Value type:
DOMINO502

Default:
IBM _DIRECTORY_SERVER

Advanced LDAP Configuration

Property Value
LDAPSuffix
The LDAP Suffix.
This is the distinguished name of the node in the LDAP containing all user and group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal and all Portal groups.

If WAS configuration tasks. for example...
enable-security-ldap

...are used to activate WAS Security, this value will be used as the single Base Distinguished Name for the Application Server LDAP configuration. This value will be qualified with the LDAPUserSuffix and LDAPGroupSuffix values in order to configure Member Manager.
Set the value of the suffix to the exact case of the suffix as set in the LDAP directory. For example, if a users' DN in LDAP is returned as...
uid=tuser,CN=Users,DC=setgetweb,DC=com

...set this value to...
DC=setgetweb,DC=com

Using...
dc=setgetweb,dc=com

...will cause problems with awareness in portal.
Value type:
This value is null

Default:
dc=example,dc=com

LdapUserPrefix
The RDN prefix attribute name for user entries.
Value type:
cn

Default:
uid

LDAPUserSuffix
The DN suffix attribute name for user entries.
With LDAPSuffix appended to this value, it is the DN of the common root node in the LDAP containing all user information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal including the Portal admin users (for example, wpsadmin and wpsbind)

Make sure to type the value in lower case, regardless of the case used in the distinguished name.
Value type:
o=setgetweb.com

Default:
cn=users

LdapGroupPrefix The RDN prefix attribute name for group entries.
Value type:
cn

Default:
cn

LDAPGroupSuffix The DN suffix attribute name for group entries.
With LDAPSuffix appended to this value, it is the DN of the common root node in the LDAP containing all group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all group entries for the Portal including the Portal admin group (., wpsadmins).

Make sure to type the value in lower case, regardless of the case used in the distinguished name.
Value type:
this value is null

Default:
cn=groups

LDAPUserObjectClass The LDAP object class of the Portal users in your LDAP directory that will log into the Portal being configured.
Value type:
dominoPerson

Default:
inetOrgPerson

LDAPGroupObjectClass The LDAP object class of all the groups in your LDAP directory that the Portal will access.
Value type:
dominoGroup

Default:
groupOfUniqueNames

LDAPGroupMember The attribute name in the LDAP group object of the "membership" attribute.

Value type:
member

Default:
uniqueMember

LDAPUserFilter
The filter used by WAS for finding users in the LDAP.
Value type:
(&(|(cn=%v)(uid=%v))(|(objectclass=dominoPerson)(objectclass=inetOrgPerson)))

Default:
(&(uid=%v)(objectclass=inetOrgPerson))

LDAPGroupFilter
The filter used by WAS for finding groups in the LDAP.
Value type:
(&(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))

Default:
(&(cn=%v)(objectclass=groupOfUniqueNames))

IWWCM Properties

Property Value
WcmAdminGroupId
The group ID for the Web Content Management Administrators group. The fully qualified distinguished name of a current administrative user for the WAS. For LDAP configuration this value should not contain spaces.
Value type:
Alphanumeric text string

Example values:

DEV (No security):
WcmAdminGroupId=cn=wcmadmins,o=default organization

Database user registry:
WcmAdminGroupId=cn=wcmadmins,o=default organization

LDAP example values:
cn=wcmadmins

Default:
cn=wcmadmins,o=default organization

WcmAdminGroupIdShort The Web Content Management Administrators group ID.
Value type:
Alphanumeric text string

Default:
wcmadmins

Optional: If you installed WAS as part of the WebSphere Portal installation and you plan to use SSO, ensure that the following property in wpconfig.properties has the recommended value and not the default value.
WebSphere Portal uses Form-based login for authentication, which requires SSO to be enabled; otherwise, you will be no longer able to login to WebSphere Portal.
If you installed WebSphere Portal onto a pre-existing profile of WAS, skip this step. Any pre-existing settings for WAS SSO are automatically detected and preserved when you run the appropriate task to configure security.

WebSphere Portal Security LTPA and SSO Configuration

Property Value
SSORequiresSSL
The property that specifies that Single Sign-On function is enabled only when requests are over HTTPS SSL connections.
Value type:
true, false

Default:
false

Save the file.

Stop the WebSphere Portal server:
# cd was_profile_root/bin
# ./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

i5/OS:
# cd app_server_root/bin
# stopServer WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password

If this is a clustered environment, ensure the deployment manager and all node agents are active.

Run the appropriate configuration task for the specific operating system:
# cd portal_server_root/config # ./WPSconfig.sh validate-wmmur-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password

i5/OS:
# cd portal_server_root/config # WPSconfig.sh -profileName profile_root validate-wmmur-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password

Perform this step only if you are in a clustered environment and use the LookAside feature
If you enabled security using the LDAP user registry with realm support, the Member Manager Datasource definitions will automatically be created on the Deployment Manager cell. All nodes need to define a WebSphere environment variable for the JdbcClassPath.
The nodes which have WebSphere Portal installed will already have this environment variable defined. When defining the environment variable, ensure that the name matches...
DBTYPE_JDBC_DRIVER_CLASSPATH

Perform these steps only if you installed WebSphere Portal on a pre-existing WAS profile which did not have Global Security enabled.

If this is a cluster environment, stop all cluster members

Enable security...
./WPSconfig.sh enable-security-wmmur-ldap -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password -DLTPAPassword=password -DLDAPAdminPwd=password

i5/OS:
WPSconfig.sh -profileName profile_root enable-security-wmmur-ldap -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password -DLTPAPassword=password -DLDAPAdminPwd=password

Check the output for any error messages before proceeding with any additional tasks. If the configuration task fails, verify the values in the wpconfig.properties file. Before running the task again, be sure to stop the WebSphere Portal server.
To stop the server follow these steps:

If this is a clustered environment, ensure the deployment manager and all node agents are active.
# cd was_profile_root/bin #
./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

i5/OS:
# cd app_server_root/bin #
stopServer WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password

Set the userRegistryRealm property in the Administrative Console of WAS:
This step is only required for z/OS and IBM Lotus Domino with single signon.

In the Administrative Console of WAS, select...
Security | Global Security | User Registry | Custom | Custom Properties

Add the userRegistryRealm key with the value yourname, where this is the name of the security realm used within the WAS cell to uniquely identify the user based on their origin source. For example, the LDAP implementation of WAS uses the LDAP server name and the used port as the origin source, such as ldap.nameofyourcompany.com:389.

Save the changes.

If you are using LDAP over SSL, refer to Setting up LDAP over SSL and select the appropriate SSL topic. Ensure the LDAP is properly configured.

Start the WebSphere Portal server:
# cd was_profile_root/bin
# ./startServer.sh WebSphere_Portal

i5/OS:
# app_server_root/bin
# startServer WebSphere_Portal -profileName profile_root

Enter the following commands to restart server1 and WebSphere_Portal server. If you are running with security enabled on WAS, specify a user ID and password for security authentication when entering the commands.
If this is a clustered environment, stop and start all deployment manager servers and the deployment manager.
# cd was_profile_root/bin
# ./stopServer.sh server1 -user admin_userid -password admin_password
# ./startServer.sh server1
# ./startServer.sh WebSphere_Portal

i5/OS:
# cd app_server_root/bin
# stopServer -profileName profile_root -user admin_userid -password admin_password
# startServer -profileName profile_root
# startServer WebSphere_Portal -profileName profile_root

Perform this step only if you installed WebSphere Portal on a pre-existing profile of WAS, do one of the following:

This step only applies to Windows and UNIX.

If you disabled Global Security before installing: Manually reactivate Global Security. From the WAS Administrative Console, select...
Security | Global Security

Make the appropriate selections and click OK. Restart WebSphere Portal.

If you installed WebSphere Portal without configuring it during installation: Use the procedure below to manually deploy portlets.
Cluster note: If you are installing WebSphere Portal on a WAS node that is part of managed cell, this step is only required if you are installing on the primary node. It is not necessary to deploy portlets if you are installing on a secondary node.

Ensure that WebSphere Portal is running.
# cd portal_server_root/config
# ./WPSconfig.sh portlets -DPortalAdminPwd=password

Perform this step only if you installed WebSphere Portal into a pre-existing SSO environment. Because you will not be given the option to import the existing token file, perform the following steps:

To import the SSO token:

In the WAS Administrative Console, select...

Security | Global Security | Authentication | Authentication mechanisms | LTPA

Enter the LTPA token password in the Password field.

Enter the password again in the Confirm password field.

In the Key File Name field, enter the LTPA token file.

Click Import Keys.

Click Save.

To set the SSO Domain:

In the WAS Administrative Console, select...
Security | Global Security | Authentication | Authentication mechanisms | LTPA | Single Signon

Enter the domain name in the Domain Name field.

Click OK.

Perform this step only if common name (CN) is the Relative Distinguished Name (RDN) attribute of the distinguished name and you want to allow users or portal administrators to modify directory attributes through self-care screens or the user management portlet. Set the following property value in Puma service
user.sync.remove.attributes=cn,CN

WebSphere Portal can be configured to create the CN for a user account created through WebSphere Portal interfaces (self-registration or the user management portlet create new user functions). The default configuration of WebSphere Portal generates this attribute based on the surname (sn) and givenname attribute. The configuration is also located in WP PumaService in the WAS Administrative Console. Modify the Puma service, by following steps described in Setting configuration properties
The following entry defines the user common name pattern and can be used to customize common name. In the pattern, we can define which attribute is used. Therefore the maximum amount of attributes has to be provided by puma.commonname.parts. See the following example for more details:
For example: firstname+" "+lastname puma.commonname = {0} {1} puma.commonname.parts = 2 puma.commonname.0 = givenName puma.commonname.1 = sn

This function is not available if the CN attribute is the RDN attribute.

Use the information in Using multiple realms and user registries to configure portal to multiple realms.

Verifying configuration

Access WebSphere Portal using http://hostname.nameofyourcompany.com:port/wps/portal and verify that we can log in.

Configuring WebSphere Portal to work with an LDAP directory automatically enables WAS Global Security. Once security is enabled, type the fully qualified host name when accessing WebSphere Portal and the WAS Administrative Console.

Security is enabled

Once you have enabled security with the LDAP directory, provide the user ID and password required for security authentication on WAS when you perform certain administrative tasks with WAS. For example, to stop the WebSphere Portal application server, you would issue the following command:

./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

i5/OS:

stopServer WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password

Switching the login LDAP attribute

To switch the login LDAP attribute from the default (uid) to another LDAP attribute (such as emailAddress):

Open the WAS Administrative Console.

Go to...
Security | Global Security | User Registry | Custom | Custom Properties

If wmmUserSecurityNameAttr already exists, select it. Otherwise click New.

If not already set, set Name as wmmUserSecurityNameAttr and Value to the attribute you would like, such as emailAddress.

Attribute names are found in portal_server_root/wmm/wmmLDAPServerAttributes.xml,

Save the changes.

Open...
portal_server_root/wmm/wmm.xml

...and set userSecurityNameAttribute to the attribute you would like to be used as login the attribute. Using the example in Step 4, the setting would look like...
userSecurityNameAttribute="emailAddress"

Save the file and restart PortalServer.

Next steps

You have completed this step. Continue to the next step by choosing the following topic:

Using multiple realms and user registries

Verifying LDAP

Parent Topic
Configuring LDAP for realm support

Property	Value
PortalAdminId	User ID for the WebSphere Portal administrator. Use fully qualified DN For LDAP configuration this value should not contain spaces. Make sure to type the value in lower case, regardless of the case used in the distinguished name. Value type: Alphanumeric text string, conforming to the LDAP distinguished name format Examples for LDAP: cn=portaladminid,o=setgetweb.com Example for Custom User Registry: uid=portaladminid Windows and UNIX Default value: none i5/OS Default value: uid=portaladminid,o=default organization
PortalAdminPwd	The password for the WebSphere Portal administrator, as defined in the PortalAdminId property. Value type: Alphanumeric text string Example: yourportaladminpwd Default: none
PortalAdminGroupId	The group ID for the group to which the WebSphere Portal administrator belongs. Make sure to type the value in lower case, regardless of the case used in the distinguished name. Value type: Alphanumeric text string, conforming to the LDAP distinguished name format Examples for LDAP: cn=wpsadmins Example for Custom User Registry: cn=wpsadmins,o=default organization Default: cn=wpsadmins,o=default organization
WpsContentAdministrators	The group ID for the WebSphere Content Administrator group. Value type: Alphanumeric text string Example values: DEV (No security): WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization Member Manager User Repository database: WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization LDAP example values: cn=wpsContentAdministrators Default: cn=wpsContentAdministrators,o=default organization
WpsContentAdministratorsShort	The WebSphere Content Administrators group ID. Value type: Alphanumeric text string Default: wpsContentAdministrators
WpsDocReviewer	The group ID for the WebSphere Document Reviewer group Value type: Alphanumeric text string Example values: DEV (No security): WpsDocReviewer=cn=wpsDocReviewer,o=default organization Database user registry: WpsDocReviewer=cn=wpsDocReviewer,o=default organization LDAP example values: cn=wpsDocReviewer Default: cn=wpsDocReviewer,o=default organization
WpsDocReviewerShort	The WebSphere Document Reviewer group ID. Value type: Alphanumeric text string Default: wpsDocReviewer

Property	Value
LookAside	We can either install with LDAP only or with LDAP using a Lookaside database. The purpose of a Lookaside database is to store attributes which cannot be stored in the LDAP server; this combination of LDAP plus a Lookaside database is needed to support the Database user registry. To enable a Lookaside database, set this property to true. If you intend to use a Lookaside database, set this value before configuring security, as it cannot be configured after security is enabled. Set Lookaside to true if you are using any of the following... IWWCM Common Mail portlet Common Calendar portlet Using a Lookaside database can slow down performance. Value type: true - LDAP + Lookaside database false - LDAP only Default: false
WmmDefaultRealm	Default realm of the Member Manager user registry configuration. Set this property before you enable security with either... enable-security-wmmur-ldap ...or... enable-security-wmmur-db Value type: Alphanumeric text string Default: portal
LDAPHostName	The host information for the LDAP server that WebSphere Portal will use. Value type: Fully qualified host.name of the LDAP server Default: yourldapserver.com
LDAPPort	The server port of the LDAP directory. Value type: Alphanumeric text string Example: 389 for non-SSL or 636 for SSL Default: 389
LDAPAdminUId	The user ID for the administrator of the LDAP directory. Member Manager uses this ID to bind to the LDAP to retrieve users attributes, create new users and groups in the LDAP and update user attributes. This ID is not required to be the LDAP admin DN, but rather an ID with sufficient authority for the use cases just cited. If this property is omitted, the LDAP is accessed anonymously and read-only. Make sure to type the value in lower case, regardless of the case used in the distinguished name. Value type: Alphanumeric text string, conforming to the LDAP distinguished name format. For example, cn=userid. Default: cn=root
LDAPAdminPwd	The password for the LDAP directory administrator, as defined in the LDAPAdminUId property. If the LDAPAdminUId is blank, this property must be blank as well. Value type: Alphanumeric text string Default: none
LDAPServerType	The type of LDAP Server to be used. Value type: DOMINO502 Default: IBM _DIRECTORY_SERVER

Property	Value
LDAPSuffix	The LDAP Suffix. This is the distinguished name of the node in the LDAP containing all user and group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal and all Portal groups. If WAS configuration tasks. for example... enable-security-ldap ...are used to activate WAS Security, this value will be used as the single Base Distinguished Name for the Application Server LDAP configuration. This value will be qualified with the LDAPUserSuffix and LDAPGroupSuffix values in order to configure Member Manager. Set the value of the suffix to the exact case of the suffix as set in the LDAP directory. For example, if a users' DN in LDAP is returned as... uid=tuser,CN=Users,DC=setgetweb,DC=com ...set this value to... DC=setgetweb,DC=com Using... dc=setgetweb,dc=com ...will cause problems with awareness in portal. Value type: This value is null Default: dc=example,dc=com
LdapUserPrefix	The RDN prefix attribute name for user entries. Value type: cn Default: uid
LDAPUserSuffix	The DN suffix attribute name for user entries. With LDAPSuffix appended to this value, it is the DN of the common root node in the LDAP containing all user information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal including the Portal admin users (for example, wpsadmin and wpsbind) Make sure to type the value in lower case, regardless of the case used in the distinguished name. Value type: o=setgetweb.com Default: cn=users
LdapGroupPrefix	The RDN prefix attribute name for group entries. Value type: cn Default: cn
LDAPGroupSuffix	The DN suffix attribute name for group entries. With LDAPSuffix appended to this value, it is the DN of the common root node in the LDAP containing all group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all group entries for the Portal including the Portal admin group (., wpsadmins). Make sure to type the value in lower case, regardless of the case used in the distinguished name. Value type: this value is null Default: cn=groups
LDAPUserObjectClass	The LDAP object class of the Portal users in your LDAP directory that will log into the Portal being configured. Value type: dominoPerson Default: inetOrgPerson
LDAPGroupObjectClass	The LDAP object class of all the groups in your LDAP directory that the Portal will access. Value type: dominoGroup Default: groupOfUniqueNames
LDAPGroupMember	The attribute name in the LDAP group object of the "membership" attribute. Value type: member Default: uniqueMember
LDAPUserFilter	The filter used by WAS for finding users in the LDAP. Value type: (&(\|(cn=%v)(uid=%v))(\|(objectclass=dominoPerson)(objectclass=inetOrgPerson))) Default: (&(uid=%v)(objectclass=inetOrgPerson))
LDAPGroupFilter	The filter used by WAS for finding groups in the LDAP. Value type: (&(cn=%v)(\|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))) Default: (&(cn=%v)(objectclass=groupOfUniqueNames))