Use this page to configure Lightweight Directory Access Protocol (LDAP) settings when users and groups reside in an external LDAP directory.
To view this administrative console page, click Security > Global security. Under User registries, click LDAP.
When security is enabled and any of these properties change, go to the Global security panel and click Apply to validate the changes.
Configuration tab
Specifies the user ID that is used to run the WebSphere Application Server for security purposes.
Although this ID is not the LDAP administrator user ID, specify a valid entry in the LDAP directory located under the Base Distinguished Name.
Specifies the password corresponding to the security server ID.
Specifies the type of LDAP server to which you connect.
IBM SecureWay Directory Server is not supported.
For a list of supported LDAP servers, see "Supported directory services." in the documentation.
Specifies the host ID (IP address or domain name service (DNS) name) of the LDAP server.
Specifies the host port of the LDAP server.
Default: | 389 |
Specifies the base distinguished name of the directory service, indicating the starting point for LDAP searches of the directory service.
For example, for a user with a distinguished name (DN) of cn=John Doe, ou=Rochester, o=IBM, c=US, you can specify the base DN as (assuming a suffix of c=us): ou=Rochester, o=IBM, c=us. For authorization purposes, this field is case sensitive. This specification implies that if a token is received (for example, from another cell or Domino) the base DN in the server must match the base DN from the other cell or Domino server exactly. If case sensitivity is not a consideration for authorization, enable the Ignore case field. This field is required for all Lightweight Directory Access Protocol (LDAP) directories except for the Domino Directory, where this field is optional.
If you need to interoperate between WebSphere Application Server Version 5 and a Version 5.0.1 or later server, you must enter a normalized base distinguished name. A normalized base distinguished name does not contain spaces before or after commas and equal symbols. An example of a non-normalized base distinguished name is o = ibm, c = us or o=ibm, c=us. An example of a normalized base distinguished name is o=ibm,c=us. In WebSphere Application Server, Version 5.0.1 or later, the normalization occurs automatically during run time
Specifies the distinguished name for the application server to use when binding to the directory service.
If no name is specified, the application server binds anonymously. See the Base Distinguished Name field description for examples of distinguished names.
Specifies the password for the application server to use when binding to the directory service.
Specifies the timeout value in seconds for an Lightweight Directory Access Protocol (LDAP) server to respond before aborting a request.
Default: | 120 |
Specifies whether the server reuses the Lightweight Directory Access Protocol (LDAP) connection. Clear this option only in rare situations where a router is used to spray requests to multiple LDAP servers and when the router does not support affinity.
Default: | Enabled |
Range: | Enabled or Disabled |
Specifies that a case insensitive authorization check is performed when using the default authorization.
This field is required when IBM Tivoli Directory Server is selected as the LDAP directory server.
This field is required when Sun ONE Directory Server is selected as the LDAP directory server. For more information, see "Using specific directory servers as the LDAP server" in the documentation.
Otherwise, this field is optional and can be enabled when a case-sensitive authorization check is required. For example, use this field when the certificates and the certificate contents do not match the case used for the entry in the LDAP server. You can enable the Ignore case field when using single signon (SSO) between WebSphere Application Server and Lotus Domino.
Default: | Enabled |
Range: | Enabled or Disabled |
Specifies whether secure socket communication is enabled to the Lightweight Directory Access Protocol (LDAP) server. When enabled, the LDAP Secure Sockets Layer (SSL) settings are used, if specified.
Specifies the Secure Sockets Layer configuration to use for the Lightweight Directory Access Protocol (LDAP) connection. This configuration is used only when SSL is enabled for LDAP.
Default: | DefaultSSLSettings |
Related tasks
Using specific directory servers as the LDAP server
Related reference
Supported directory services