Configure a stand-alone LDAP user registry on i5/OS

Configure WebSphere Portal to use a standalone LDAP user registry to store all user account information for authorization.

In a single server environment the WebSphere_Portal and server1 servers can be either stopped or started.

In a clustered environment stop all appservers on the system including WebSphere_Portal and server1 and then start the nodeagent and deployment manager servers before starting the following task.

If rerunning the wp-modify-ldap-security task to change the LDAP repositories or because the task failed, choose a new name for the realm using the standalone.ldap.realm parameter or set ignoreDuplicateIDs=true in

Configure a standalone LDAP user registry

To help ensure correct properties are entered, use the helper file...

  1. Edit...


  2. Set the following parameters in under the VMM Stand-alone LDAP configuration heading:

  3. Set a value for the following required entity types parameters in under the LDAP entity types heading:

  4. Set a value for the following required group member parameters in under the Group member attributes heading:

  5. Set a value for the following required relative distinguished name (RDN) parameters in under the Default parent, RDN attribute heading:

  6. Save changes to

  7. If WCM is installed with the Intranet and Internet Site Templates, set the following parameters in under the Web Content Management attribute heading...

    • WcmContentAuthorsGroupId
    • WcmContentAuthorsGroupCN

  8. Run... validate-standalone-ldap -DWasPassword=password validate your LDAP server settings.

    Note that if you have not deleted the default file repository, WasPassword is the value entered during installation and not a value found in your LDAP user registry.

  9. Run... wp-modify-ldap-security -DWasPassword=password task, from profile_root/ConfigEngine, to set the standalone LDAP user registry.

    • Propagate the security changes:

      Option Description

      1. stopServer server1 -username admin_userid -password admin_password



      2. stopServer WebSphere_Portal -username admin_userid -password admin_password



      3. startServer server1



      4. startServer WebSphere_Portal




      1. stopManager-username admin_userid -password admin_password, from the DMGR_PROFILE/bin

      2. stopNode -username admin_userid -password admin_password from the profile_root/bin directory

      3. stopServer WebSphere_Portal -username admin_userid -password admin_password



      4. startManager, from the DMGR_PROFILE/bin

      5. startNode



      6. startServer WebSphere_Portal



    • Run... wp-validate-standalone-ldap-attribute-config -DWasPassword=password task, from...

          profile_root/ConfigEngine check that all defined attributes are available in the configured LDAP user registry.

        After configuring LDAP, you can adapt the attribute configuration

      • To ensure Intranet and Internet Site Templates libraries are correctly mapped, run Member Fixer to update member names used by WCM with corresponding members in the LDAP.

        Required if you ran configure-express when installing portal.

        1. Edit...


    • Add the following lines to the file:

      uid=xyzadmin,o=defaultWIMFileBasedRealm -> portal_admin_DN
      cn=contentauthors,o=defaultWIMFileBasedRealm -> content_authors_group_DN

      Replace portal_admin_DN with the distinguished name of the portal administrator and content_authors_group_DN with the distinguished name of the content authors group used during LDAP configuration.

    • Save changes and close the file.

    • Run... action-express-memberfixer -DmemberfixerRealm=realm_name -DPortalAdminPwd=password -DWasPassword=password task, located in profile_root/ConfigEngine.

        Where realm_name...

        LDAP Type Value
        Standalone Matches the value of standalone.ldap.realm in
        Federated Matches the value of federated.realm in

        If the value for federated.realm is empty, use defaultWIMFileBasedRealm.

  • If you have created any additional WCM libraries, run the Web content member fixer task to update the member names used by the libraries.

    Parent topic:

    Configure a stand-alone LDAP user registry on i5/OS

    Related tasks

    Adapting the attribute configuration
    Use the member fixer tool with IBM Lotus Web Content Management