Windows stand-alone: Configure WebSphere Portal to use a user registry
You can configure a stand-alone LDAP user registry or you can add LDAP user registries and/or database user registries to the default federated repository. After configuring user registry, you can add realms for Virtual Portals or a lookaside database to store attributes that cannot be stored in the LDAP user registry.
Prior to configuring security, use the IBM WAS backupConfig task to create and store a backup of the portal configuration; see backupConfig command for information.
Prerequisites
Configure WebSphere Portal to use a databasePerform the following tasks to configure WebSphere Portal to use a user registry:
1. Prepare user registries
Install and setup an LDAP server as a user registry to store user information and authenticate users in high availability production environment.
2. Choose the user registry model
Choose between securing IBM WebSphere Portal with a standalone LDAP user registry or by adding LDAP user registries and/or database user registries to the default federated repository.
3. Adapt the attribute configuration
After installing IBM WebSphere Portal and configuring LDAP user registries, you will need to adapt the attribute configuration to match the configured LDAP server(s) and business needs. However, you do not need to perform these steps if you are using either a database user registry or the default federated file-based repository for out-of-box installations.
4. Configure WebSphere Portal to use dynamic groups
By default, WebSphere Portal is enabled for static groups. However, the Virtual Member Manager (VMM) allows users to be members of either static or dynamic groups. Static groups are those where a persistent binding exists between a group and its members. Dynamic groups are those where a search query is defined to retrieve the members of a group. If you have LDAP server configured to use dynamic groups, complete the steps in this task for WebSphere Portal to use dynamic group queries when you setup LDAP server.
5. Enable referrals for LDAP user registry
Referrals redirect object requests from one LDAP server to another when objects do not exist or cannot be located in a particular directory tree. You should enable referrals if environment has more than one user registry existing on multiple servers or domains.
Parent
Set up a stand-alone server on Windows
Previous
Prepare a remote Web server
Next topic
Tune the servers
Manage the user registry on Windows