Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows
Configure WebSphere Portal Express for LDAP Searches
This section describes procedures for configuring LDAP searches and using aliases in the LDAP user registry:
- Searching on LDAP user registry using LDAPSearch
- Using aliases in the LDAP user registry
- Using the ldapsearch utility to validate LDAP settings
Searching on LDAP user registry using LDAPSearch
The example LDAP configurations shown in this section are relatively simple and are intended to show you how to derive values for the wpconfig.properties file from the simple example directory setups. This does not mean that your LDAP user registry must be so simple. Your LDAP server could have unique settings that are very different from the default examples included in this topic, including different objectclasses for user and group objects and different directory tree layouts. Be sure to substitute settings that are appropriate for your specific LDAP configuration where necessary. You can use the ldapsearch utility to help you determine the correct settings for IBM® WebSphere® Portal Express to access your directory. Using the ldapsearch utility, you can search your user registry, specifying LDAP search bases, search filters, and other parameters in much the same way that WebSphere Portal Express will search the directory.
Use aliases in the LDAP user registry
The default configuration assumes that the LDAP user registry does not contain aliases. If your LDAP user registry contains aliases that are used during logon, perform the following procedure:
- Windows and Linux:
Use a text editor to open the file app_server_root/properties/jndi.properties .
- i5/OS:
Use a text editor to open the file jndi.properties located in your IBM WebSphere Application Server directory.
- Search for the property java.naming.ldap.derefAliases.
- Set the property value to always (java.naming.ldap.derefAliases=always).
Use the ldapsearch utility to validate LDAP settings
If you specify an LDAP suffix of dc=yourco,dc=com, a user suffix of cn=users, a user prefix of uid, and an objectclass of inetOrgPerson, and set the LDAP access identity for WebSphere Portal Express to wpsbind with the password wpsbind, then the ldapsearch command will perform an equivalent search to what WebSphere Portal Express will perform, for a user wpsadmin, is as follows:This command is shown on two lines but must be entered as one line.
ldapsearch -b "dc=yourco,dc=com" -h directory hostname -D "uid=wpsbind,cn=users,dc=yourco,dc=com" -w "wpsbind" "(&(uid=wpsadmin)(objectclass=inetOrgPerson))"
If you get back a listing of the attributes of the entry in the directory for wpsadmin, then you have the correct set of LDAP parameters set for your directory.
A complete description of the ldapsearch utility is beyond the scope of this document, but you can simply specify ldapsearch with no parameters on a command line to get a listing of the syntax for the utility.
Related information