FileNet P8 Application Engine, Version 5.0.+       Application server:  WebSphere Application Server     

Configuring stand-alone Lightweight Directory Access Protocol (LDAP)

To enable LDAP communication between Application Engine and Content Engine, you must configure settings on the WebSphere® Application Server. It is recommended that the LDAP configuration settings match those set on the application server where Content Engine is installed.

Important: If you are using WebSphere Application Server Network Deployment and Application Engine is to be deployed where Content Engine is deployed, you do not need to complete this task.

To configure stand-alone Lightweight Directory Access Protocol (LDAP):

  1. Open the WebSphere administrative console.
  2. Navigate to the security settings page.
    Option Description
    WebSphere Application Server 6.1

    Navigate to Security > Secure administration, applications, and infrastructure.

    WebSphere Application Server 7.0

    Navigate to Security > Global security.

  3. Disable security by using the following Security settings:
    • Disable (clear) the Enable Administrative Security flag.
    • Disable (clear) the Enable application security flag.
    • Disable (clear) the Java 2 security flag.
  4. From the bottom of the panel, in the dropdown list called Available realm definitions, select Standalone LDAP registry and click Configure.
  5. Configure the LDAP provider to exactly match the corresponding settings on the Content Engine application server.
    Tip: Open the WebSphere administrative console for Content Engine to the same panels to see and copy all settings.
    • Primary administrative user name
    • Select Automatically generated server identity.
    • Type
    • Host
    • Port
    • Base distinguished name (DN)
    • Bind distinguished name (DN)
    • Bind password
  6. Configure the LDAP user registry settings to exactly match the corresponding settings on the Content Engine application server.
    Tip: Open the WebSphere administrative console for Content Engine to the same panel to see and copy all settings.
    • User filter
    • Group filter
    • User ID map
    • Group member ID map
    • Certificate map mode
    • Certificate filter
  7. Save these settings.
  8. Next to Available realm definitions, ensure that Standalone LDAP registry is still selected, and click Set as current.
  9. Set the following Security flags:
    • Enable (select) the Enable Administrative Security flag.
    • Enable (select) the Enable application security flag.
    • Disable (clear) the Java 2 security flag.

    The IBM® FileNet® P8 Platform utilizes LDAP-based security, and does not support Java™ 2 security. Enabling Java 2 security will cause unexpected behavior.

  10. Save your changes to the master configuration.
  11. Restart the WebSphere instance.
  12. Test the connection on the Standalone LDAP registry page. If the test fails, correct the error before proceeding. If it passes, click OK to return to the previous page.


Feedback

Last updated: November 2010


© Copyright IBM Corporation 2010.
This information center is powered by Eclipse technology. (http://www.eclipse.org)