Creating an LDAP authorization realm

Create an LDAP authorization realm to use an external LDAP server for authorization.

Procedure

  1. Click Manage Security, go to the Authorization Realms tab, and click Add New to open the New Authorization Realm pane.
  2. Type a name in the Name field.
  3. Specify the following parameters
    Table 1. LDAP properties
    Field Description
    Group Search Base Directory that is used for group searches, such as ou=employees,dc=mydomain,dc=com.
    Group Search Filter LDAP filter expression that is used when you search for user entries. The name is substituted in place of 0 in the pattern, such as uid={0}. If that is not part of the DN pattern, wrap the value in parenthesis, such as ud=(0).
    Group Name Attribute Directory name that is used to bind to LDAP for searches, such as cn=Manager,dc=mycompany,dc=com. If not specified, an anonymous connection is made. Required if the LDAP server cannot be anonymously accessed.
    Search Group Subtree Subtrees (if any) are searched if checked.
    The first time an unknown user attempts to log on, LDAP authorization realms are searched in an attempt to identify the user. If the user is found, a corresponding user ID is created in IBM® UrbanCode Release. In addition, if the user is part of an LDAP group, that group is imported as well.

Feedback