InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.0: General security properties >
6.6.18.0.7: Properties for configuring LDAP support

6.6.18.0.7: Properties for configuring LDAP support

Key:
Property name in the Java-based administrative console Applies to Java administrative console of Advanced Edition Version 4.0
Property name in the Web-based administrative console Applies to Web administrative console of Advanced Single Server Edition Version 4.0
Property name in the application client resource configuration tool Applies to Application Client Resource Configuration Tool

Display these settings by selecting the LDAP radio button located in the middle of the Authentication tab when LTPA is the selected authentication mechanism.

Click the Advanced button to set advanced LDAP properties. Click the SSL Configuration button to set SSL properties for LDAP.

Base Distinguished Name  Property name in the Java-based administrative console
The base distinguished name of the directory service, indicating the starting point for LDAP searches of the directory service. (See RFC 1779 for a discussion of this technique). For example, for a user with a DN of cn=John Doe, ou=Rochester, o=IBM, c=US, the base DN can be specified as any of (assuming a suffix of c=us):
  • ou=Rochester, o=IBM, c=us
  • o=IBM, c=us
  • c=us
This field is not case sensitive.
Note   This field is required for all LDAP directories except the Domino Directory. If you are using the Domino Directory and you specify a Base Distinguished Name, you will not be able to grant permissions to individual Web users for resources managed by your WebSphere application server.
Bind Distinguished Name  Property name in the Java-based administrative console
The distinguished name for application server to use to bind to the directory service. If no name is specified, the application server binds anonymously. See the Base Distinguished Name field description for examples of distinguished names.
Bind Password  Property name in the Java-based administrative console
The password for the application server to use to bind to the directory service
Directory Type  Property name in the Java-based administrative console
The directory service product to use to locate information against which to authenticate users and groups.

Modifications to the default values in the advanced LDAP properties will cause this field value to change to Custom.

Host  Property name in the Java-based administrative console
The host ID (IP address or DNS name) of the LDAP server
Port  Property name in the Java-based administrative console
The host port of the LDAP server. The port number will default to 389 if none is specified.

If multiple WebSphere application servers are installed and configured to run in the same Single Sign On domain, or if the WebSphere application server will inter-operate with a previous version of WebSphere application server, then it is important that the port number match in all configurations.

For example, if the LDAP port is explicitly specified as 389 in a Version 3.5.x configuration, and a Version 4.0 application server is going to inter-operate with the V3.5.x server, then port 389 should also be specified explicitly for the Version 4.0 server. Note that this is true even though the default port number is 389 -- if the port is specified explicitly in one server configuration, it should be specified explicitly in all server configurations.

Security Server ID  Property name in the Java-based administrative console
The user ID under which the server runs, for security purposes

If using LDAP or custom registry authentication (not available for Advanced Single Server Edition), the following conditions apply:

  • The user should be a valid user in the LDAP or custom registry
  • The user should not be a root DN or administrator DN because those users are not always in the directory in all LDAP implementations.
Security Server Password  Property name in the Java-based administrative console
The password corresponding to the Security Server ID
Go to previous article: Custom properties for custom user registry Go to next article: Properties for Select Users/Groups window

 

 
Go to previous article: Custom properties for custom user registry Go to next article: Properties for Select Users/Groups window