Setting up LDAP
Contents
- Overview
- Required groups and users
- Portal administrator users
- Example of a customized directory structure
Overview
You can use the IBM Web Administration for iSeries wizards to configure LDAP with a WebSphere Portal instance. The wizard creates the necessary servers (HTTP and WAS), configures the server for Portal, configures the database for Portal, configures security (LDAP) for Portal, and deploys the portlets installed with the WebSphere Portal product.
You can also use the wizard to create a WebSphere Portal instance that does not use LDAP, and then use manual configuration tasks to connect the instance with LDAP.
Required groups and users
Before you can configure WebSphere Portal a minimum of one group and one user is required.
The required group is wpsadmins or an equivalent. The required user is a WebSphere Portal administrative user, traditionally wpsadmin. The wpsadmin can be a member of the wpsadmins group in the directory, but WebSphere Portal does not actually enforce that restriction.
| Required | WebSphere Portal administrative user (wpsadmin) | ||||
| Optional | If you choose to have WebSphere Portal configure IBM WAS security, specify a Security Server ID account name and password. This account is configured into WAS. It becomes the ID that is used to administer WAS. If this account is different from the following LDAP access accounts, then this account needs no special privileges in the LDAP directory. | ||||
| Optional: | An LDAP access account for WAS and, by extension, WebSphere Portal. This identity is used by WebSphere Portal to access the LDAP directory. If you keep the default values for the Bind Distinguished Name of WAS in the wpconfig.properties file, wpsbind will be used as the Bind Distinguished Name. The required privileges for this account in the directory are as follows:
|
If you use Domino Directory as the LDAP server, see Adding portal administrators to the Domino Directory for details on adding users with special permissions to the Domino Domain.
Portal administrator users
You can select an existing LDAP user to act as the portal administrator.
If you want to create a new user to administer the portal, create the user before continuing. To create a new user as the portal administrator, use the directory administration tools. Refer to the section appropriate to the directory server you are using for documentation on creating a new portal administrative user.
LDAP Relative Distinguished Name (RDN) prefixes, such as cn=, uid=, or ou=, should be entered in lowercase. Uppercase or mixed case can cause problems with subsequent case-sensitive queries of the WebSphere Member Management and WebSphere Portal databases.
Example of a customized directory structure
The following is an example of one possible custom LDAP structure. This varies from the defaults listed in the other LDAP setup topics in several ways. It is more complex than the other default example LDAP trees; that is, there are more layers of names between the root and the leaves. It is also wider, with users and groups scattered in different places throughout the tree. Also, users and groups are sibling objects under a common parent in the layout. However, WebSphere Portal can be configured to accept this LDAP directory layout. The example below helps you determine the appropriate values when configuring WebSphere Portal to work with the specific directory layout.
|
|
See also
- Set up IBM Directory Server
- Set up Domino Directory
- Set up Active Directory
- Set up Sun ONE
- Set up Novell eDirectory