Prepare an Active Directory server
To use Active Directory as an LDAP user registry, install and set up the server so that it can communicate with IBM WebSphere Portal.
- To install and configure Active Directory:
- Install Windows Server version 2008 or 2012, which includes Active Directory. Refer to http://www.microsoft.com/windows2000/technologies/directory/ad/default.asp for information.
- Install the necessary Service Packs.
- Use the Windows Server documentation to install Internet Information Services (IIS). Use IIS to export server certificates. It must be installed before we install Certificate Services.
- Use the Windows Server documentation to install Certificate Services if you plan on using Active Directory over SSL.
- Create the WebSphere Portal administrative user:
- Create a user with the Windows administrative tools.
There is a 20 character limitation for the user account name.
- Set the password for the new user.
- Activate the new user with the Windows administrative tools. Set the msDS-UserAccountDisabled attribute to false.
- To enable SSL for Active Directory; this step sets passwords during sign-up and user creation:
- Install an Enterprise certificate authority on a Windows Domain Controller. It installs a certificate on a server or a third-party certificate on the Domain Controller.
- Click Start > All Programs > Administrative Tools > Active Directory Users and Computer.
- In the Active Directory Users and Computers window, right-click on the domain name and select Properties.
- In the Domain Properties dialog box, select the Group Policy tab.
- Select the Default Domain Policy group policy and then click Edit.
- Select Windows Settings under Computer Configuration.
- Select Security Settings and then select Public Key Policies.
- Select Automatic Certificate Request Settings.
- Use the wizard to add a policy for Domain Controllers.
When these requirements are complete, all domain controllers request a certificate and support LDAP over SSL with port 636.