InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.0: General security properties >
6.6.18.0.7: Properties for configuring LDAP support
Key:
Applies to Java administrative console of Advanced Edition Version 4.0
Applies to Web administrative console of Advanced Single Server Edition Version 4.0
Applies to Application Client Resource Configuration Tool
Display these settings by selecting the LDAP radio button
located in the middle of the Authentication tab when LTPA is the selected
authentication mechanism.
Click the Advanced button to set advanced
LDAP properties. Click the SSL Configuration button to set
SSL properties for LDAP.
-
Base Distinguished Name
- The base distinguished name of the directory service,
indicating the starting point for LDAP searches of the directory service.
(See RFC 1779 for a discussion of this technique).
For example, for a user with a DN of
cn=John Doe, ou=Rochester, o=IBM, c=US , the base DN
can be specified as any of (assuming a suffix of c=us):
ou=Rochester, o=IBM, c=us
o=IBM, c=us
c=us
This field is not case sensitive.
This field is required for all LDAP directories except the
Domino Directory. If you are using the Domino Directory and
you specify a Base Distinguished Name, you will not be
able to grant permissions to individual Web users for resources
managed by your WebSphere application server.
-
Bind Distinguished Name
- The distinguished name for application server to use to bind to the directory service. If no name is specified, the application server binds anonymously. See the Base Distinguished Name field description for examples of distinguished names.
-
Bind Password
- The password for the application server to use to bind to the directory service
-
Directory Type
- The directory service product to use to locate information against which to
authenticate users and groups.
Modifications to the default values in the
advanced LDAP properties will cause this field value
to change to Custom.
-
Host
- The host ID (IP address or DNS name) of the LDAP server
-
Port
- The host port of the LDAP server. The port number will default to 389 if none is specified.
If multiple WebSphere application servers are installed and configured to run in the same
Single Sign On domain, or if the WebSphere application server will inter-operate with a previous
version of WebSphere application server, then it is important that the port number match in
all configurations.
For example, if the LDAP port is explicitly specified as 389 in a Version 3.5.x
configuration, and a Version 4.0 application server is going to inter-operate with the V3.5.x
server, then port 389 should also be specified explicitly for the Version 4.0 server. Note
that this is true even though the default port number is 389 -- if the port is specified
explicitly in one server configuration, it should be specified explicitly in all
server configurations.
-
Security Server ID
-
The user ID under which the server runs, for security purposes
If using LDAP or custom registry authentication (not available for Advanced Single
Server Edition), the following conditions apply:
- The user should be a valid user in the LDAP or custom registry
- The user should not be a root DN or administrator DN because those
users are not always in the directory in all LDAP implementations.
-
Security Server Password
- The password corresponding to the Security Server ID
|
|