LDAP directory server configuration

When ISAM is configured to use an LDAP-based user registry, such as IBM Tivoli Directory Server, WebSEAL must be configured as an LDAP client so it can communicate with the LDAP server. The location of the LDAP server and its configuration file ldap.conf is provided during ISAM runtime configuration. A combination of stanza entries and values from the ldap.conf and the WebSEAL configuration file webseald.conf provides the appropriate information to WebSEAL as the LDAP client.

• WebSEAL determines the configured user registry is an LDAP-based directory server.

• The following stanza entries in the [ldap] stanza of webseald.conf are valid:
  host port
  ssl-port
  max-search-size
  replica
  auth-using-compare
  cache-enabled
  prefer-readwrite-server
  ssl-enabled
  ssl-keyfile
  ssl-keyfile-dn
  timeout
  auth-timeout
  search-timeout
  default-policy-override-support
  user-and-group-in-same-suffix
  login-failures-persistent

• Additionally, the values for the following stanza entries in ldap.conf override any existing values in webseald.conf:
  host
  port
  ssl-port
  max-search-size
  replica

For information about the stanza entries, see the web reverse proxy Stanza Reference topics in the IBM Knowledge Center.

Parent topic: Web server configuration

Related concepts

• Content caching
• Communication protocol configuration
• IPv4 and IPv6 overview
• IPv6: Compatibility support
• IP levels for credential attributes
• WebSEAL worker thread configuration
• WebSEAL worker threads
• Global allocation of worker threads for junctions
• Per-junction allocation of worker threads for junctions
• HTTP data compression
• WebSEAL data handling by using UTF-8
• UTF-8 dependency on user registry configuration
• UTF-8 data conversion issues
• UTF-8 impact on authentication
• UTF-8 impact on authorization (dynamic URL)
• Encoding type usage
• UTF-8 support for uniform resource locators
• UTF-8 support in POST body information (forms)
• UTF-8 support in query strings
• UTF-8 encoding of tokens for cross domain single signon
• UTF-8 encoding of tokens for e-community single signon
• UTF-8 encoding of cookies for failover authentication
• UTF-8 encoding of cookies for LTPA authentication
• UTF-8 encoding in junction requests
• Validation of character encoding in request data
• Set system environment variables
• Cross-Origin Resource Sharing (CORS) Support

Related tasks

• Specify the WebSEAL host name
• Modify the configuration file settings
• Configure WebSEAL for IPv6 and IPv4 requests

Related reference

• IPv6: Upgrade notes
• Allocation view of worker threads for junctions
• Supported wildcard pattern matching characters