Before you begin
To use LDAP as the user registry, you need to know a valid user name (ID), the user password, the server host and port, the base distinguished name (DN) and if necessary the bind DN and the bind password. You can choose any valid user in the registry that is searchable. In some LDAP servers, the administrative users are not searchable and cannot be used (for example, cn=root in SecureWay). This user is referred to as WebSphere Application Server security server ID, server ID, or server user ID in the documentation. Being a server ID means a user has special privileges when calling some protected internal methods. Normally, this ID and password is used to log into the administrative console once security is turned on. You can use other users to log in if those users are part of the administrative roles.
Perform the following steps to select LDAP as the user registry.
Why and when to perform this task
You need to start the administrative console by specifying URL: http://server_hostname:9090/adminSteps for this task
In WebSphere Application Server, Version
5.0.1 or later, the distinguished name is normalized according to the Lightweight
Directory Access Protocol (LDAP) specification. In WebSphere Application
Server, Version 5, the distinguished name is not normalized. Normalization
consists of removing spaces in the base distinguished name before or after
commas and equal symbols. If you do not enter a normalized base distinguished
name for this field and WebSphere Application Version 5.0.1 or later sends
a security token to a version 5 server, the request is rejected during authorization
because the distinguished names do not match. An example of a non-normalized
base distinguished name is o = ibm, c = us or o=ibm, c=us.
An example of a normalized base distinguished name is o=ibm,c=us.
To interoperate between WebSphere Application Server Version 5 and later versions,
you must enter a normalized base distinguished name in the Base Distinguished
Name field. In WebSphere Application Server, Version 5.0.1 or later, the normalization
occurs automatically during run time.
This field is required for all LDAP directories except for the Domino Directory, where it is optional.