WebSphere

 

Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

 

Plan for LDAP

 

+

Search Tips   |   Advanced Search

 

You can configure WebSphere Portal Express to use an LDAP user registry to store user information and to authenticate users.

You can install the LDAP server on the same machine as WebSphere Portal Express or on a remote machine. Installing the LDAP server on a remote machine can improve performance.

When setting up an LDAP server with a cluster, perform the configuration steps only on the primary node. Additional LDAP configuration for secondary nodes is described as part of the cluster installation process in Setting up a cluster.

See Collaborative Services and user authentication for information. If you plan to use the collaboration features, you may want to use Domino® Directory for your LDAP server.

For i5/OS Only Tivoli Directory Server and Domino Directory LDAP servers are supported locally.

If you plan to use the Lookaside database and/or Web Content Management, set the Lookaside property to true; otherwise, set the Lookaside property to false.

If you plan to use a Lookaside database or Web Content Management, set the Lookaside property to true when configuring your LDAP. If you do not set this to true during configuration, you cannot use the Lookaside database or Web Content Management without reinstalling.

IBM recommends that you enable security before adding documents to the DB2 Content Manager Runtime Edition repository. If you already have documents in the repository, ensure the following before enabling security:

Documents that are locked by users that are not transferred to the new repository or users whose distinguished names change in the new repository will not be able to be unlocked. In addition to remaining locked, these documents might not be able to be removed. Any drafts created by these users or workflow processes initiated by these users will also be unrecoverable. Also, information such as the author, last modifier, and other user fields will be unrecoverable if they were previously set to users that did not transfer to the new repository or whose distinguished names changed.

Document Manager and Personalization user fields, such as the author and last modifier, will be unrecoverable if they were set to users who did not transfer to the new LDAP repository.

 

Example of a customized directory structure

The following is an example of one possible custom LDAP structure. This varies from the defaults listed in the other LDAP setup topics in several ways. It is more complex than the other default example LDAP trees; that is, there are more layers of names between the root and the leaves. It is also wider, with users and groups scattered in different places throughout the tree. Also, users and groups are sibling objects under a common parent in the layout. However, WebSphere Portal Express can be configured to accept this LDAP user registry layout. The example below helps you determine the appropriate values when configuring WebSphere Portal Express to work with your specific directory layout.

Custom LDAP structure

  • LDAP suffix="o=ibm" or for a US-only portal, this value could be "ou=raleigh,o=ibm"

  • user prefix="uid"

  • user suffix="o=ibm" or for a US-only portal, this value could be "ou=raleigh,o=ibm"

  • group prefix="cn"

  • group suffix="o=ibm" or for a US-only portal,"ou=raleigh,o=ibm"

  • Portal administrator DN="uid=hsmith,ou=portlets,ou=raleigh,o=ibm"

  • Portal administrator group="cn=group1,ou=portlets,ou=raleigh,o=ibm"

 

Parent topic:

LDAP user registry