Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

---

 

Set up Microsoft Active Directory

Use this information to set up Microsoft^® Active Directory as your LDAP server.

IBM^® WebSphere^® Portal Express has been tested to support Active Directory. See the WebSphere Portal Express requirements for supported versions. You must perform special configuration steps to enable Active Directory to work with WebSphere Portal Express. Use the following topics as a guide to configuring your directory server.

This topic includes the following sections:

• Creating a new user as the portal administrator

• Active Directory and SSL

• Example of the Active Directory structure

 

Before you begin

Active Directory should be installed and configured before you install WebSphere Portal Express.

 

Create a new user as the portal administrator

Use the following steps as a guide if the portal administrative user does not exist in the directory:

Active Directory has a limitation of 20 characters for the user account name; for example, uid or cn. If you create a user with more than 20 characters, you will receive the following error:

EJPSG0015E: Data Backend Problem com.ibm.websphere.wmm.exception.WMMSystemException: 
The following Naming Exception occurred during processing: 
"javax.naming.NamingException: [LDAP: error code 80 - 00000523: SysErr: DSID-031A0B4C, problem 22 (Invalid argument), data 0]; 
remaining name 'cn=yournamefirstname_lastname,dc=yourco'; resolved object com.sun.jndi.ldap.LdapCtx@6b9c4ac9".

1. Use the Windows administrative tools to create a new user to be the first portal administrative user.

2. Set the password for the new portal administrative user you created.

3. Activate the portal administrative user account using the Windows administrative tools.

4. Use the installation program to install WebSphere Portal Express. Enter the attributes specific to your Active Directory settings.

 

Active Directory and SSL

If you set up WebSphere Portal Express with Active Directory as the user registry, you need to configure Active Directory with SSL enabled. If you use Active Directory without SSL enabled, you cannot set passwords in sign up or user creation correctly. You would need to manually reset passwords on Active Directory. However, it is recommended that you first get LDAP (non-SSL) successfully working before setting up LDAP over SSL. This allows you to verify that the directory is responding to LDAP requests before setting it up for SSL.

The following is an outline of requirements for setting up SSL on a Windows 2000 Domain Controller using the Microsoft Enterprise Certificate Authority:

1. Install an Enterprise Certificate Authority on a Windows 2000 Domain Controller, which installs a certificate on a server or install a third-party certificate on the Domain Controller.

2. Click Start > All Programs > Administrative Tools > Active Directory Users and Computer.

3. In the Active Directory Users and Computers window, right-click on your domain name and select Properties.

4. In the Domain Properties dialog box, select the Group Policy tab.

5. Select the Default Domain Policy group policy and then click Edit.

6. Select Windows Settings under Computer Configuration.

7. Select Security Settings and then select Public Key Policies.

8. Select Automatic Certificate Request Settings.

9. Use the wizard to add a policy for Domain Controllers.

   When these requirements are complete, all domain controllers request a certificate and support LDAP over SSL using port 636.

 

Example of the Active Directory structure

The following schema is an example for Active Directory and is referenced throughout the documentation for consistency. The example below is designed to help you determine the appropriate values when configuring WebSphere Portal Express to work with your specific directory layout. The values shown match the default values for this LDAP. If you have an existing schema that varies from this example, replace the example values with your values. For instance, cn is shown as the group prefix; replace cn with the group prefix for your schema.

LDAP suffix="dc=yourco,dc=com" user prefix="uid" user suffix="cn=users" group prefix="cn" group suffix="cn=groups" Portal administrator DN="uid=wpsadmin,cn=users,dc=yourco,dc=com" Portal administrator group="cn=wpsadmins,cn=groups,dc=yourco,dc=com"

 

Related information

• Windows 2000 server

• Windows 2003 server

 

Parent topic:

Active Directory

 

Previous topic

Creating required LDAP users and groups

 

Next topic

Disabling global security

---