Test your LDAP configuration

To ensure that LDAP is working properly, complete the following test.

  1. Ensure that you prepare WebSphere Commerce to use LDAP

  2. If the WebSphere Commerce site administrator user ID, for example wcsadmin, exists on the LDAP server but is not directly under the root organization in the LDAP server, the user should be deleted from the LDAP server to avoid data conflicts. However, if the user already exists in LDAP but is directly under root organization, then it does not have to be deleted, and authentication for this user will done using the password in LDAP. In most cases, the user does not already exist on the LDAP server, but only in WebSphere Commerce database. This user will automatically be synchronized to the LDAP server when the user first logs on to WebSphere Commerce.

    After the user is synchronized to the LDAP server, the LOGONID value in the USERREG database table for this user will be changed from the short name to the full DN format. For example, it will be changed from "wcsadmin" to "uid=wcsadmin,o=root organization". If for some reason you delete the user from the LDAP server after synchronization has already taken place, update USERREG.LOGONID back to the short name format.

  3. Login to Organization Administration Console with your WebSphere Commerce Administrator ID.

  4. Check your LDAP server to ensure that the WebSphere Commerce Administrator ID appears under the root organization. If the WebSphere Commerce Administrator ID appears under the root organization on your LDAP server, LDAP is configured correctly to work with WebSphere Commerce.

  5. Log out from the WebSphere Commerce Organization Administration Console.

    Repeat step 1 to 3 to ensure if the LDAP is configured correctly.

  6. Create a new user under the "root organization" organization on your LDAP server.

    When you use IBM Lotus Domino V6 LDAP Services, ensure that the user name is created in the following format: uid=<user_name>/<root DN>

  7. Try to login to Organization Administration Console with the new user ID. You should receive the following error:

    User does not have the proper authority to logon. This error indicates that the user ID was resolved, but does not have rights to access the WebSphere Commerce Organization Administration Console.

    If you receive any other error message, then the authentication has failed and either the user creation was done incorrectly or the LDAP server is not configured correctly to work with WebSphere Commerce.

  8. Login to Organization Administration Console with your WebSphere Commerce Administrator ID.

  9. Assign to the new user ID the Site Administrator role in the root organization.

  10. Logout from the WebSphere Commerce Organization Administration Console

  11. Login to WebSphere Commerce Accelerator with the new user ID. A successful login indicates that LDAP is configured correctly to work with WebSphere Commerce.

  12. (Recommended) In the WebSphere Commerce Organization Administration Console, remove the site administration role from the new user ID. This step is for security precaution to prevent anyone from using the new ID to make unauthorized changes to WebSphere Commerce.

 

Related Concepts


Directory services and WebSphere Commerce

 

Related tasks


Configure directory services (LDAP) with WebSphere Commerce