Advanced Edition of IBM WebSphere Application Server Applies only to Windows systems

InfoCenter Home >
5: Securing applications >
5.3: Security task overview >
5.3.6: Using Microsoft Active Directory as an LDAP Server <- you are here

5.3.6: Using Microsoft Active Directory as an LDAP Server

To use Microsoft Active Directory as the LDAP server for authentication with WebSphere Application Server, there are some specific steps you must take. By default, Microsoft Active Directory does not allow anonymous LDAP queries. To make LDAP queries or browse the directory, an LDAP client must bind to the LDAP server using the distinguished name (DN) of an account that belongs to the Administrator group of the Windows system.

To set up Microsoft Active Directoy as your LDAP server, follow this procedure:

  1. Determine the full DN and password of an account in the Administrators group. For example, if the Active Directory administrator creates an account in the Users folder of the Active Directory Users and Computers Windows NT/2000 control panel and the DNS domain is ibm.com, the resulting DN has the following structure:
    cn=<adminUsername>, cn=users, dc=ibm, dc=com
  2. Determine the short name and password of any account in the Microsoft Active Directory. This does not have to be the same account as used in the previous step.
  3. Use the WebSphere Application Server administrative console to set up the information needed to use Microsoft Active Directory:
    1. Start the administrative server for the domain, if necessary.
    2. Start the administrative console, if necessary.
    3. On the administrative console, click Wizards.
    4. Select the Configure Global Security Settings task.
    5. Click the User Registry tab and set the following fields as described:
      • Security Server ID: the short name of the account chosen in step 2.
      • Security Server Password: the password of the account chosen in step 2.
      • Directory Type: Active Directory
      • Host: The DNS name of the machine running Microsoft Active Directory
      • Base Distinguished Name: the domain components of the DN of the account chosen in step 1. For example:
        dc=ibm, dc=com
      • Bind Distinguished Name: the full DN of the account chosen in step 1. For example:
        cn=<adminUsername>, cn=users, dc=ibm, dc=com
      • Bind Password: the password of the account chosen in step 1.
    6. Click OK button to save the changes.
    7. Stop and restart the administrative server to make the changes take effect.
Go to previous article: LTPA calls across WebSphere domains Go to next article: Programmatic and custom login

 

Go to previous article: LTPA calls across WebSphere domains Go to next article: Programmatic and custom login