How to configure the WebSphere Application Server 3.5.x and 4.0.x security with Microsoft Active Directory as the LDAP server

Technote (FAQ)
Problem
It is possible to configure WebSphere® Application Server V3.5.x and V4.0.x global security to use the Microsoft® Active Directory as the LDAP server.
Cause
Microsoft Active Directory, by default, does not allow anonymous LDAP querying to see users. Only by binding with the Domain Name (DN) of an account that belongs to the Administrators group, can an LDAP client browse the Microsoft Active Directory.
Solution
Assuming the Microsoft Active Directory has not been changed from this default behavior, the following steps enable WebSphere Application Server security to work with Microsoft Active Directory as the LDAP server:
  1. Acquire the full DN and password of an account in the Administrators group.

    Hint: If the Microsoft Active Directory administrator created the account in the Users folder of the Active Directory Users and Computers Windows® NT control panel, the DN looks something like this:
    cn=admin username,cn=users,dc=ibm,dc=com


  2. Get the short logon name and password of any account in the Microsoft Active Directory server. It can be the short logon name of the one account in Step 1, or it can be a different one. This account need not have any special privileges.


  3. With the above information, configure the User Registry tab of the administrative console global security task with the following settings:
    Security Server ID: shortusername
    Security Server Password: shortusername password
    Directory Type: Active Directory
    Host: ldapserverhostname.ibm.com
    Base Distinguished Name: dc=ibm,dc=com
    Bind Distinguished Name: cn=admin username,cn=users,dc=ibm,dc=com
    Bind Password: admin username password



Note: Unlike most of the other LDAP servers, the default LDAP filter settings for the Microsoft Active Directory gets the shortusername from the sAMAccountName LDAP parameter rather than the uid LDAP parameter, which is default for most of the other LDAP servers configured in WebSphere Application Server.











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security
Operating system(s): Multi-Platform
Software version: 3.5, 4.0
Software edition: Edition Independent
Reference #: 1008134
IBM Group: Software Group
Modified date: 2004-08-30