FileNet P8 Content Engine, Version 5.0.+              

Configuring Content Engine application server authentication (LDAP) settings

You must configure the Content Engine application server's authentication settings. These settings define the (LDAP) repository and search mechanism, which the application server uses to authenticate a user requesting Content Engine service.

Important: Be aware that the changes you make to directory service provider settings overwrite the global security settings in the application server where Content Engine is to be deployed. Run the Configure LDAP task only if you need to change the security settings.

Be sure that you have available the Installation and Upgrade Worksheet that was completed during your planning activities.

If you plan to configure Content Engine to use the directory server's e-mail attribute or, for Active Directory, the userPrincipalName (UPN) to be the user short name used for login, then you must perform additional configuration steps and enter specific values for your LDAP settings. For detailed steps, see the IBM® FileNet® P8 help topic Security > IBM FileNet P8 security > How to... > Configure Content Engine to use e-mail or UPN for login.

Restriction: JBoss Application Server only. Do not use Configuration Manager to configure multiple LDAP realms.

Manual procedures to configure multiple realms for application server authentication can be found in the IBM FileNet P8 help topic Security > IBM FileNet P8 Security > How to... > Configure multiple realms.

To configure the LDAP settings:

  1. Open your completed Installation and Upgrade Worksheet file.
    Tip: In the worksheet file, verify that the Data > Filter > AutoFilter command is enabled. To view only Configuration Manager values, filter by CM: Configure LDAP in the Installation or Configuration Program column.
  2. If your configuration profile is not open in Configuration Manager, open the profile.
  3. Enter property values for the LDAP provider:
    1. Right-click Configure LDAP in the profile pane, and select Edit Selected Task.
    2. Enter the property values for your LDAP provider, by referring to the values from your worksheet.
  4. Optional: (WebSphere® and WebLogic only) Click Test LDAP Connection to test the connection to the directory service provider by using the directory service bind user name, host name, port number, and password that you provided.
  5. Click File > Save to save your changes.
  6. Ensure that the task is enabled. When the task is disabled, the task name includes the text (disabled). To enable the task, select Configure LDAP (disabled) in the profile pane, and then either right-click and choose Enable Selected Task from the context menu, or click the Enable the Selected Task icon in the task toolbar.
  7. Apply the LDAP property settings by right-clicking Configure LDAP in the profile pane and selecting Run Task. Running the configuration task can take several minutes. The task execution status messages are displayed in the console pane below the LDAP properties.
  8. Close the Configure LDAP task pane.

Oracle WebLogic Server only. When you run the Configure LDAP task, the weblogic.security.providers.authentication.DefaultAuthenticator.ControlFlag value is set to SUFFICIENT for authenticating users.



Feedback

Last updated: November 2010


© Copyright IBM Corporation 2010.
This information center is powered by Eclipse technology. (http://www.eclipse.org)