Standalone LDAP registry wizard settings
Use the security wizard page to provide the basic settings to connect the appserver to an existing LDAP registry.
Security | Secure administration, applications, and infrastructure | Security configuration wizardTo modify the LDAP registry configuration go to...
Security | Security administration, applications, and infrastructure | User account repository | Available realm definitions | Standalone LDAP registry | Configure...and set...
- Primary administrative user name
- Name of a user with administrative privileges that is defined in your custom user registry. The user name is used to log onto the console when administrative security is enabled. V6.1 requires an administrative user that is distinct from the server user identity so that administrative actions can be audited.
In WAS, Versions 5.x and 6.0.x, a single user identity is required for both administrative access and internal process communication. When migrating to V6.1, this identity is used as the server user identity. We need to specify another user for the administrative user identity.
- Type of LDAP server
Type of LDAP server to which you connect.
IBM SecureWay Directory Server is not supported.
- Host
Specify the host ID (IP address or DNS name) of the LDAP server.
- Port
Specify the host port of the LDAP server. If multiple appservers are installed and configured to run in the same single sign-on domain or if the appserver interoperates with a previous version, it is important that the port number match all configurations. For example, if the LDAP port is explicitly specified as 389 in a V4.0.x configuration, and a WAS at V5 is going to interoperate with the V4.0.x server, verify that port 389 is specified explicitly for the V5 server.
Default: 389 Type: Integer
- Base distinguished name (DN)
- Base distinguished name (DN) of the directory service, which indicates the starting point for LDAP searches of the directory service. In most cases, bind DN and bind password are needed. However, when anonymous bind can satisfy all of the required functions, bind DN and bind password are not needed.
For example, for a user with a DN of cn=John Doe , ou=Rochester, o=IBM, c=US, specify the Base DN as any of the following options: ou=Rochester, o=IBM, c=US or o=IBM, c=US or c=US. For authorization purposes, this field is case sensitive. This specification implies that if a token is received, for example, from another cell or Lotus Domino, the base DN in the server must match the base DN from the other cell or Lotus Domino server exactly.
If interoperate between the appserver V5 and a V5.0.1 or later server, enter a normalized base DN. A normalized base DN does not contain spaces before or after commas and equal symbols. An example of a non-normalized base DN is o = ibm, c = us or o=ibm, c=us. An example of a normalized base DN is o=ibm,c=us. In WAS, V5.0.1 or later, the normalization occurs automatically during run time.
- Bind distinguished name (DN)
Specify the DN for the appserver to use when binding to the directory service.
If no name is specified, the appserver binds anonymously. See the Base distinguished name (DN) field description for examples of distinguished names.
- Bind password
Password for the appserver to use when binding to the directory service.
Related tasks
Use specific directory servers as the LDAP server
Configure LDAP user registries
Related Reference
Standalone LDAP registry settings
Reference topic