|
| Problem | It is possible to configure WebSphere® Application Server V3.5.x and V4.0.x global security to use the Microsoft® Active Directory as the LDAP server. | | Cause | Microsoft Active Directory, by default, does not allow anonymous LDAP querying to see users. Only by binding with the Domain Name (DN) of an account that belongs to the Administrators group, can an LDAP client browse the Microsoft Active Directory. | | Solution | Assuming the Microsoft Active Directory has not been changed from this default behavior, the following steps enable WebSphere Application Server security to work with Microsoft Active Directory as the LDAP server:
- Acquire the full DN and password of an account in the Administrators group.
Hint: If the Microsoft Active Directory administrator created the account in the Users folder of the Active Directory Users and Computers Windows® NT control panel, the DN looks something like this: cn=admin username,cn=users,dc=ibm,dc=com
- Get the short logon name and password of any account in the Microsoft Active Directory server. It can be the short logon name of the one account in Step 1, or it can be a different one. This account need not have any special privileges.
- With the above information, configure the User Registry tab of the administrative console global security task with the following settings:
Security Server ID: shortusername
Security Server Password: shortusername password
Directory Type: Active Directory
Host: ldapserverhostname.ibm.com
Base Distinguished Name: dc=ibm,dc=com
Bind Distinguished Name: cn=admin username,cn=users,dc=ibm,dc=com
Bind Password: admin username password
Note: Unlike most of the other LDAP servers, the default LDAP filter settings for the Microsoft Active Directory gets the shortusername from the sAMAccountName LDAP parameter rather than the uid LDAP parameter, which is default for most of the other LDAP servers configured in WebSphere Application Server. | |
| |
| |
|
Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security Operating system(s): Multi-Platform Software version: 3.5, 4.0 Software edition: Edition Independent Reference #: 1008134 IBM Group: Software Group Modified date: 2004-08-30
(C) Copyright IBM Corporation 2000, 2004. All Rights Reserved.
|