WebSphere security does not support "chase referrals" when querying LDAP registries

Technote (FAQ)
Problem
If you have configured an LDAP server to include users from another LDAP server, you can query LDAP from the command line using the ldapsearch utility, and the remote users are returned without any additional flags or options to the ldapsearch command, this is referred to as "chasing referrals."

However, when you search for users or groups in the WebSphere administrative console, only users in the immediate LDAP server are returned.

Does WebSphere security chase referrals when querying its LDAP server for valid users?
Cause
WebSphere does not support LDAP referrels.
Solution
Currently WebSphere does not include referrals when it queries LDAP servers for users or groups, and there is no setting available to administrators to enable this. This means, for example, that if an administrator enables security for "all authorized users", authorization will still fail for a user on a remote LDAP server, even though ldapsearch shows that it is a valid id.

Inclusion of referrals has been requested as future enhancement (feature request #92192). Customers who need this capability should contact their IBM marketing representative and state their business need.












Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security
Operating system(s): AIX, HPUX, Linux, Multi-Platform, Solaris, Windows
Software version: 3.5, 4.0, 5.0, 5.1
Software edition: Advanced, Base, Network Deployment, Single Server
Reference #: 1066777
IBM Group: Software Group
Modified date: 2005-01-05