To configure a built-in, file-based repository in a federated
repository configuration, you must know the primary administrative
user name of the user who manages WebSphere® Application
Server resources and user accounts.
To configure an LDAP repository
in a federated repository configuration, you must know a valid user
name (ID), the user password, the server host and port and, if necessary,
the bind distinguished name (DN) and the bind password. You can choose
any valid user in the repository that is searchable. In some LDAP
servers, administrative users are not searchable and cannot be used
(for example, cn=root in SecureWay
®). This user is referred
to as a WebSphere Application Server
administrative
user name or
administrative ID in the documentation. Being
an administrative ID means a user has special privileges when calling
some protected internal methods. Normally, this ID and password are
used to log in to the administrative console after you turn on security.
You can use other users to log in if those users are part of the administrative
roles.
Important: By default, client
certificate login is not supported in a realm that includes a single
built-in, file-based repository or a single built-in, file-based repository
with other repositories. To enable support for certificate mapping
in the file-based repository, install WebSphere Application Server
fixpack version 7.0.0.23 or higher, and follow the procedure in the
topic, Enabling client certificate login support in a federated repositories
file-based repository.