Before you begin
For Using MS Active Directory server as the LDAP server below, note that to use Microsoft Active Directory as the LDAP server for authentication with WebSphere Application Server you must take specific steps. By default, Microsoft Active Directory does not permit anonymous LDAP queries. To create LDAP queries or to browse the directory, an LDAP client must bind to the LDAP server using the distinguished name (DN) of an account that belongs to the administrator group of the Windows system. A group membership search in the Active Directory is done by enumerating the memberof attribute possessed by a given user entry, rather than browsing through the member list in each group. If you change this default behavior to browse each group, you can change the Group Member ID Map field from memberof:member to group:member.Why and when to perform this task
Using IBM Tivoli Directory Server as the LDAP server
To use IBM Tivoli Directory Server (formerly IBM Directory Server), choose IBM Tivoli Directory Server as the directory type.
For supported directory servers, refer to the article, Supported directory services. The difference between these two types is group membership lookup. It is recommended that you choose the IBM Tivoli Directory Server for optimum performance during run time. In the IBM Tivoli Directory Server, the group membership is an operational attribute. With this attribute, a group membership lookup is done by enumerating the ibm-allGroups attribute for the entry, All group memberships, including the static groups, dynamic groups, and nested groups, can be returned with the ibm-allGroups attribute. WebSphere Application Server supports dynamic groups, nested groups, and static groups in IBM Tivoli Directory Server using the ibm-allGroups attribute. To utilize this attribute in a security authorization application, use a case-insensitive match so that attribute values returned by the ibm-allGroups attribute are all in uppercase.
If you must install IBM Tivoli Directory Server Version 5.2 and WebSphere Application Server Version 6.0.x on the same machine, consider the following information:
Using a Lotus Domino Enterprise Server as the LDAP server
User ID Map : person:shortname
Using Sun ONE Directory Server as the LDAP server
Using Microsoft Active Directory server as the LDAP server
To set up Microsoft Active Directory as your LDAP server, complete the following steps.
Steps for this task
cn=<adminUsername>, cn=users, dc=ibm,
dc=com
Related concepts
Locating a user's group memberships in Lightweight Directory Access
Protocol
Lightweight Directory Access Protocol
Related reference
Advanced Lightweight Directory Access Protocol user registry settings
Lightweight Directory Access Protocol settings