WebSphere Application Server security does not support "chase referrals" when querying LDAP registries
 Technote (troubleshooting)
 
Problem(Abstract)
You have configured an LDAP server to include users from another LDAP server. You can query LDAP from the command line using an ldapsearch utility, and the remote users are returned without any additional flags or options to the ldapsearch command. This is known as "chasing referrals". Referrals are entities used to redirect a client request to another LDAP server.

However, when you search for users or groups in the IBM® WebSphere® Application Server administrative console, only users in the immediate LDAP server are returned.
 
Cause
WebSphere Application Server does not support LDAP referrals before V6.1
 
Resolving the problem
WebSphere Application Server versions below V6.1 do not include referrals when querying LDAP servers for users or groups, and there is no setting available to administrators to enable this. This means, for example, that if an administrator enables security for "all authorized users", authorization will still fail for a user on a remote LDAP server, even though searching with an ldapsearch utility shows that it is a valid user ID.
A setting to enable referrals has been added to the LDAP configuration settings in V6.1. See the WebSphere Information Center.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 6.0.2
Software edition:
Reference #: 1066777
IBM Group: Software Group
Modified date: Jan 5, 2005