Security administrators configure LDAP servers to include
users from another LDAP server. When using the ldapsearch utility
and querying LDAP from the command line, remote users are returned without
additional flags or options to the ldapsearch command; for example,
ldapsearch automatically chases referrals.
When an administrator searches for users or groups in the WebSphere
Application Server administrative console, only users in the immediate
LDAP server are returned.
Currently WebSphere Application Server does not include referrals when
it queries LDAP servers for users or groups, and there is no setting
available for administrators to enable this. This means, for example, that
if an administrator enables security for "all authorized users,"
authorization continues to fail for a user on a remote LDAP server, even
though ldapsearch shows that it is a valid ID.
|