Configure WebSphere Commerce for use with Microsoft Active Directory

To prepare WebSphere Commerce for Microsoft Windows 2000 Active Directory or Microsoft Windows Server 2003 Active Directory, complete the following steps.

  1. Export the certificate created for the domain controller with the Certificate Export Wizard. Ensure that you export the certificate in Base-64 encoded format. For instructions on starting the Certificate Export Wizard and exporting a certificate, refer to your Windows documentation.

  2. Copy the exported certificate file to the WebSphere Commerce machine.

  3. On the WebSphere Commerce machine, add the exported certificate for the domain controller to the list of valid signer certificates for WAS by completing the following steps:

    1. Start the IBM Key Management console by running the following program: WAS_installdir/bin/ikeyman.bat

    2. Select Key Database File > Open.

    3. Complete the Open dialog as follows and click OK:

      Key database Type: JKS File Name: cacerts Location: WAS_installdir/java/jre/lib/security You will be prompted for a password to access the file. The default password for the CACERTS file is changeit.

    4. Add the certificate to list of signer certificates by clicking Add and completing the Add CA's Certificate from a File dialog. When prompted for a label, give the certificate a meaningful label, such as the name of the Active Directory machine.

    5. Exit the IBM Key Management console by selecting Key Database File > Exit.

  4. Complete the following steps:

    1. Back up the WC_eardir /xml/ldap/ldapentry.xml file.

    2. Rename the WC_eardir /xml/ldap/ldapentry_ad.xml file to WC_eardir /xml/ldap/ldapentry.xml.

    3. Open the WC_eardir /xml/ldap/ldapentry.xml in a text editor.

      Ignore the <code>ldapocs</code> and <code>ldapbase</code> tags in the file. These tags are no longer used.

  5. Complete the following steps:

    1. Search for the following tag:

      < map > < objectAttribute attrName="logonPawssword /> <ldapAttribute name="userPassword" operation="replace" flow="wcsToLdap />

    2. Above the < map > tag insert the following tags and contents:

      < map > <objectAttribute attrName="sAMAccountName"/ > <ldapAttribute name="sAMAccountName" operation="replace" flow="wcsToLdap"/ > </map > <map > <objectAttribute attrName="userAccountControl"/ > <ldapAttribute name="userAccountControl" operation="replace" flow="wcsToLdap"/ > </map >

  6. Complete the following steps

    1. Search for the following entry:

      < entry entryName="Organization" > < ldapsetting > < ldaprdn rdnName="ou" keyAttrName="orgEntityName" keyObjName="Organization"/ >

    2. Replace this entry with the following information:

      < entry entryName="Organization" > < ldapsetting > < ldaprdn rdnName="o" keyAttrName="orgEntityName" keyObjName="Organization"/ >

 

Related Concepts


Directory services and WebSphere Commerce

 

Related tasks


Configure directory services (LDAP) with WebSphere Commerce
Updating starter store archives when using non-default distinguished names
Enabling LDAP in the Configuration Manager
Enabling WebSphere Commerce Payments for use with LDAP