Administer > Manage instances > WCS instance > Configure directory services (LDAP) with WebSphere Commerce


Federate two LDAP servers with a common root organization

All users and organizations reside on a single LDAP server by default. If you have a requirement that shoppers and internal users exist on separate LDAP servers, you can follow this example to setup this configuration. In this example, B2C shoppers exist under the default organization which resides on LDAP server 1, and internal users that manage the site exist under the seller organization which resides on LDAP server 2.


Procedure

  1. On a single LDAP server, create the following organization structure and user:

    o=root organization

    • o=seller organization (for administrators)

    • o=default organization (for B2C shoppers)

  2. Open the WebSphere Commerce integration wizard and specify the following LDAP values:

    • root organization: o=root organization

    • default organization: o=default organization,o=root organization

    • base DN: o=default organization,o=root organization

    Do not restart the WebSphere Commerce server yet.

  3. Login to Organization Administration Console with the WebSphere Commerce site administrator logon ID. For example, wcsadmin.

  4. Create a new user with logonId admin under o=seller organization,o=root organization. Give the new admin user the Site Administrator role for Root Organization.

    This new admin user will be the new site administrator, used instead of wcsadmin, once federated repositories is configured to point to two base entries.

  5. Verify the admin user can successfully login to Organization Administration Console.

  6. From the WebSphere Application Server administration console, create a second LDAP repository using LDAP server 2, where o=seller organization,o=root organization is the base entry. Include this second LDAP repository in the realm that already includes the first LDAP repository and the file-based repository.

    See Configure a single built-in, file-based repository and one or more Lightweight Directory Access Protocol repositories in a federated repository configuration for more information.

  7. Save the changes in the WebSphere Application Server administration console.

    The realm in wimconfig.xml should now include the following two base entries:

    LDAP1

    <config:baseEntries name="o=default organization,o=root organization" nameInRepository="o=default organization,o=root organization"/>

    LDAP2

    <config:baseEntries name="o=seller organization,o=root organization" nameInRepository="o=seller organization,o=root organization"/>

  8. Modify WC_INSTALL/xml/config/wc-server.xml to specify that Root Organization in the WebSphere Commerce database should not be synchronized with LDAP, since it is above the base entries defined in the WebSphere Application Server federated repositories:

    1. Find the SyncOrganizationExclusionList element.

    2. Add any organization DN values that exist in WebSphere Commerce database, but are above the base entries. For example, Root Organization:

      <SyncOrganizationExclusionList display="false">     
      <Org DN="o=root organization"/>
      </SyncOrganizationExclusionList>
      

  9. Modify WC_INSTALL/xml/config/wc-server.xml to specify the LDAP DNs of the search bases (base entries) to be used during Logon, SSO and UserRegistrationAdd. These DNs should be under the root organization:

    1. Find the MemberSubSystem element.

    2. Add the following sub element inside, specifying the base entry LDAP DNs. These DNs should be under the LDAP Root Organization:

      <SearchBases display="false"> 
          
      <Org DN="o=default organization,o=root organization"/> 
          
      <Org DN="o=seller organization,o=root organziation"/> 
      </SearchBases> 
      

  10. Run UpdateEAR to propagate the wc-server.xml changes to the EAR.

  11. Restart the WebSphere Commerce Server.

  12. Try to login to Organization Administration Console using the new admin user. The admin user should be able to manage all the organizations as well as the users that are descendants of the base entry organizations.

    Registered shoppers should be able to register and logon to consumer direct stores. Guest users should also be able to place orders in a consumer direct store.


Previous topic: Test the LDAP configuration


+

Search Tips   |   Advanced Search