Configure WebSphere Portal for LDAP Searches
- Search on LDAP user registry using LDAPSearch
- Use aliases in the LDAP user registry
- Use the ldapsearch utility to validate LDAP settings
Searching on LDAP user registry using LDAPSearch
The example LDAP configurations shown in this section are relatively simple and are intended to show you how to derive values for the wpconfig.properties file from the simple example directory setups. This does not mean that the LDAP user registry must be so simple. Our LDAP server could have unique settings that are very different from the default examples included in this topic, including different objectclasses for user and group objects and different directory tree layouts. Be sure to substitute settings that are appropriate for the specific LDAP configuration where necessary. Use the ldapsearch utility to help you determine the correct settings for IBM WebSphere Portal to access the directory. Using the ldapsearch utility, we can search the user registry, specifying LDAP search bases, search filters, and other parameters in much the same way that WebSphere Portal will search the directory.
Use aliases in the LDAP user registry
The default configuration assumes that the LDAP user registry does not contain aliases. If the LDAP user registry contains aliases that are used during logon, perform the following procedure:
Edit...
was_root/properties/jndi.properties
- Search for the property...
java.naming.ldap.derefAliases
- Set the property value to always...
(java.naming.ldap.derefAliases=always)
Use the ldapsearch utility to validate LDAP settings
If you specify an LDAP suffix of dc=yourco,dc=com, a user suffix of cn=users, a user prefix of uid, and an objectclass of inetOrgPerson, and set the LDAP access identity for WebSphere Portal to wpsbind with the password wpsbind, then the ldapsearch command will perform an equivalent search to what WebSphere Portal will perform, for a user wpsadmin, is as follows:
ldapsearch -b "dc=yourco,dc=com" -h directory hostname -D "uid=wpsbind,cn=users,dc=yourco,dc=com" -w "wpsbind" "(&(uid=wpsadmin)(objectclass=inetOrgPerson))"If you get back a listing of the attributes of the entry in the directory for wpsadmin, then you have the correct set of LDAP parameters set for the directory.
A complete description of the ldapsearch utility is beyond the scope of this document, but we can simply specify ldapsearch with no parameters on a command line to get a listing of the syntax for the utility.
Related information
Parent Topic
Additional LDAP configuration