|
Problem |
If you have configured an LDAP server to include users
from another LDAP server, you can query LDAP from the command line using
the ldapsearch utility, and the remote users are returned without any
additional flags or options to the ldapsearch command, this is referred to
as "chasing referrals."
However, when you search for users or groups in the WebSphere
administrative console, only users in the immediate LDAP server are
returned.
Does WebSphere security chase referrals when querying its LDAP server for
valid users? |
|
Cause |
WebSphere does not support LDAP referrels. |
|
Solution |
Currently WebSphere does not include referrals when it
queries LDAP servers for users or groups, and there is no setting
available to administrators to enable this. This means, for example, that
if an administrator enables security for "all authorized users",
authorization will still fail for a user on a remote LDAP server, even
though ldapsearch shows that it is a valid id.
Inclusion of referrals has been requested as future enhancement
(feature request #92192). Customers who need this capability should
contact their IBM marketing representative and state their business
need.
|
|
|
|
|
|
|