Steps to configure an Active Directory LDAP

 

+
Search Tips   |   Advanced Search

 

 

Overview

This procedure describes how to integrate WebSphere Portal v6 with an Active Directory LDAP.

Note that this example does not describe how to enable SSL between Active Directory and WebSphere Portal, which is required if you want to allow users to change their passwords using WebSphere Portal tools. With SSL disabled, users will have to use Active Directory tools to reset their passwords.

 

Procedure

  1. Review security planning

  2. Review databases planning

  3. Disable WAS security

  4. Install Active Directory.

  5. Create required groups and users in AD LDAP

  6. Verify Active Directory connectivity.

  7. When setting up an AD LDAP Server with a cluster, perform the configuration steps only on the primary node.

  8. If you will be using a Lookaside database and/or WCM, set the LookAside property to true.

    If you do not set this to true during configuration, we cannot use the Lookaside database or Web Content Management without reinstalling.

  9. Configure Active Directory LDAP w/o realm support

  10. Verify the connection between WebSphere Portal and the AD LDAP Server.

  11. If you encounter errors, troubleshoot.

  12. Enable security before adding documents to the DB2 Content Manager Runtime Edition repository.

    If you already have documents in the repository, ensure the following before enabling security:

    • All documents are unlocked
    • No drafts of these documents exist
    • These documents are not in workflows

    Documents that are locked by users that are not transferred to the new repository or users whose distinguished names change in the new repository will not be able to be unlocked. In addition to remaining locked, these documents might not be able to be removed. Any drafts created by these users or workflow processes initiated by these users will also be unrecoverable. Also, information such as the author, last modifier, and other user fields will be unrecoverable if they were previously set to users that did not transfer to the new repository or whose distinguished names changed.

    Document Manager and Personalization user fields, such as the author and last modifier, will be unrecoverable if they were set to users who did not transfer to the new LDAP repository.

  13. When WebSphere Portal is configured to use Cloudscape and multiple LDAP and/or Lookaside, only one server (either server1 or WebSphere_Portal) should be started. If both servers are running, WebSphere_Portal or server1 may not be able to access the database because the other server has the Cloudscape database locked.

 

Parent topic:

Choosing the user registry

 

Related reference:


Change Passwords
Member Manager and People Finder