Configuring a new LDAP server

If you do not have an existing LDAP server configured for WebSphere/390, these are the steps necessary to configure a new LDAP server:
  1. Install the WebSphere naming schema
  2. Add a new suffix
  3. Build the system name space root node (containerdn)
  4. Build the legacyRoot node below the name space root node (noderootrdn)
  5. Optionally, apply security measures at the CICS region level.
In order to perform many of the steps you are likely to need access to a LDAP principal that has suitable authority on your LDAP server to create new entries at the root level.

When these steps are completed, you can determine the values of the system properties that are needed in your JVM properties files to enable CICS to operate with the LDAP server, and add these system properties to all the relevant JVM properties files.

The steps in the following example enable you to configure an LDAP server with the following values for the system properties in your JVM properties files:
com.ibm.cics.ejs.nameserver=ldap://wibble.ibm.com:389 
com.ibm.ws.naming.ldap.containerdn=ibm-wsnTree=t1,o=WASNaming,c=US 
com.ibm.ws.naming.ldap.noderootrdn=ibm-wsnName=legacyRoot,ibm-wsnName=PLEX2,
      ibm-wsnName=domainRoots 
java.naming.security.authentication=simple
java.naming.security.principal=cn=CICSSystems,c=US 
java.naming.security.credentials=secret 
Similar values are given for the example system properties in the CICS-supplied sample JVM properties files.