Windows cluster: Prepare an Active Directory Server

If you plan to use Active Directory as an LDAP user registry, install and set up the server so that it will communicate with WebSphere Portal.

To prepare Active Directory:

  1. To install and configure Active Directory:

    1. Install Windows 2000 or 2003 Server, which includes Active Directory. Refer to http://www.microsoft.com/windows2000/technologies/directory/ad/default.asp for information.

    2. Install required Service Packs.

    3. Required if using Active Directory 2000: Install Windows 2000 High Encryption Pack, which is required to enable SSL. Refer to Windows 2000 High Encryption Pack for information.

    4. To install Internet Information Services (IIS), which is required to export server certificates and must be installed before installing Certificate Services:

      1. Open the Control Panel and select Add/Remove Programs.

      2. Choose Add/Remove Windows Components.

      3. Choose the Internet Information Services (IIS) component and then click Next.

      4. Follow the instruction of the Windows Components Wizard. The Windows Server CD is needed.

    5. Use the following steps to install Certificate Services if you plan on using Active Directory over SSL:

      1. Open the Control Panel and select Add/Remove Programs.

      2. Choose Add/Remove Windows Components.

      3. Select Certificate Services and then click Next.

      4. Select Stand-alone root CA and then click Next. You can also choose other options depends on you needs.

      5. Fill in CA identifying information and then click Next.

      6. Follow the instruction of the Windows Components Wizard. The Windows Server CD is needed.

  2. Perform the following steps as a guide to create the WebSphere Portal administrative user:

    1. Create a new user with the Windows™ administrative tools.

        There is a 20 character limitation for the user account name.

    2. Set the password for the new user.

    3. Activate the new user with the Windows administrative tools. Set the msDS-UserAccountDisabled attribute to false.

  3. To enable SSL for Active Directory; this step is required to set passwords during sign up and user creation:

    1. Install an Enterprise Certificate Authority on a Windows 2000 Domain Controller, which installs a certificate on a server or install a third-party certificate on the Domain Controller.

    2. Click Start -> All Programs -> Administrative Tools -> Active Directory Users and Computer.

    3. In the Active Directory Users and Computers window, right-click on domain name and select Properties.

    4. In the Domain Properties dialog box, select the Group Policy tab.

    5. Select the Default Domain Policy group policy and then click Edit.

    6. Select Windows Settings under Computer Configuration.

    7. Select Security Settings and then select Public Key Policies.

    8. Select Automatic Certificate Request Settings.

    9. Use the wizard to add a policy for Domain Controllers.

        When these requirements are complete, all domain controllers request a certificate and support LDAP over SSL using port 636.


Parent

Prepare user registries

 


+

Search Tips   |   Advanced Search