Chasing referrals when querying LDAP

Technote (FAQ)
Problem
Does WebSphereŽ Application Server security chase referrals when querying its LDAP server for valid users?
Solution
Security administrators configure LDAP servers to include users from another LDAP server. When using the ldapsearch utility and querying LDAP from the command line, remote users are returned without additional flags or options to the ldapsearch command; for example, ldapsearch automatically chases referrals.

When an administrator searches for users or groups in the WebSphere Application Server administrative console, only users in the immediate LDAP server are returned.

Currently WebSphere Application Server does not include referrals when it queries LDAP servers for users or groups, and there is no setting available for administrators to enable this. This means, for example, that if an administrator enables security for "all authorized users," authorization continues to fail for a user on a remote LDAP server, even though ldapsearch shows that it is a valid ID.












Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security
Operating system(s): AIX, HPUX, Linux, Solaris, Windows
Software version: 3.5, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.4.1, 3.5.4.2, 3.5.5, 3.5.6, 3.5.7, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 5.0, 5.0.1, 5.0.2, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.2.4, 5.0.2.5
Software edition: Edition Independent
Reference #: 1005966
IBM Group: Software Group
Modified date: 2004-06-28