InfoCenter Home >
5: Securing applications >
5.3: Security task overview >
5.3.6: Using Microsoft Active Directory as an LDAP Server <- you are here
To use Microsoft Active Directory as the LDAP server for authentication
with WebSphere Application Server, there are some specific steps you must
take. By default, Microsoft Active Directory does not allow
anonymous LDAP queries. To make LDAP queries or browse the
directory, an LDAP client must bind to the LDAP server using
the distinguished name (DN) of an account that belongs to the
Administrator group of the Windows system.
To set up Microsoft Active Directoy as your LDAP server, follow
this procedure:
- Determine the full DN and password of an account in the
Administrators group. For example, if the Active Directory
administrator creates an account in the Users folder of
the Active Directory Users and Computers Windows NT/2000
control panel and the DNS domain is ibm.com, the resulting
DN has the following structure:
cn=<adminUsername>, cn=users, dc=ibm, dc=com
- Determine the short name and password of any account in
the Microsoft Active Directory. This does not have to be
the same account as used in the previous step.
- Use the WebSphere Application Server administrative console to set up
the information needed to use Microsoft Active Directory:
- Start the administrative server for the domain,
if necessary.
- Start the administrative console, if necessary.
- On the administrative console, click Wizards.
- Select the Configure Global Security Settings task.
- Click the User Registry tab and set the following
fields as described:
- Security Server ID: the short name of the
account chosen in step 2.
- Security Server Password: the password of the
account chosen in step 2.
- Directory Type: Active Directory
- Host: The DNS name of the machine running
Microsoft Active Directory
- Base Distinguished Name: the domain components
of the DN of the account chosen in step 1. For example:
dc=ibm, dc=com
- Bind Distinguished Name: the full DN of the
account chosen in step 1. For example:
cn=<adminUsername>, cn=users, dc=ibm, dc=com
- Bind Password: the password of the
account chosen in step 1.
- Click OK button to save the changes.
- Stop and restart the administrative server
to make the changes take effect.
|
|