Specifies the name of a user with administrative privileges that is defined in your custom user registry.
Use this page to configure Lightweight Directory Access Protocol (LDAP) settings when users and groups reside in an external LDAP directory.
When security is enabled and any of these properties change, go to the Secure administration, applications, and infrastructure panel and click Apply to validate the changes.
WebSphere Application Server Version 6.1 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository.
However, if you are adding a Version 5.0.x or 6.0.x node to a Version 6.1 cell, you must ensure that the Version 5.x or Version 6.0.x server identity and password are defined in the repository for this cell. Enter the server user identity and password on this panel.
Specifies the name of a user with administrative privileges that is defined in your custom user registry.
Enables the application server to generate the server identity, which is recommended for environments that contain only Version 6.1 or later nodes. Automatically generated server identities are not stored in a user repository.
This internal server ID is generated by the runtime for each process and cannot be modified.
Default: | Enabled |
Specifies a user identity in the repository that is used for internal process communication. Cells that contain Version 5.x or 6.0.x nodes require a server user identity that is defined in the active user repository.
Default: | Enabled |
Specifies the user ID that is used to run the application server for security purposes.
Specifies the password that corresponds to the server ID.
Specifies the type of LDAP server to which you connect.
IBM SecureWay Directory Server is not supported.
Specifies the host port of the LDAP server.
Default: | 389 |
Type: | Integer |
Specifies the base distinguished name (DN) of the directory service, which indicates the starting point for LDAP searches of the directory service. In most cases, bind DN and bind password are needed. However, when anonymous bind can satisfy all of the required functions, bind DN and bind password are not needed.
For example, for a user with a DN of cn=John Doe , ou=Rochester, o=IBM, c=US, specify the Base DN as any of the following options: ou=Rochester, o=IBM, c=US or o=IBM c=US or c=US. For authorization purposes, this field is case sensitive. This specification implies that if a token is received, for example, from another cell or Lotus Domino, the base DN in the server must match the base DN from the other cell or Lotus Domino server exactly. If case sensitivity is not a consideration for authorization, enable the Ignore case for authorization option. This option is required for all Lightweight Directory Access Protocol (LDAP) directories, except for the Lotus Domino Directory, IBM Tivoli Directory Server V6.0, and Novell eDirectory, where this field is optional.
If you need to interoperate between the application server Version 5 and a Version 5.0.1 or later server, you must enter a normalized base DN. A normalized base DN does not contain spaces before or after commas and equal symbols. An example of a non-normalized base DN is o = ibm, c = us or o=ibm, c=us. An example of a normalized base DN is o=ibm,c=us. In WebSphere Application Server, Version 5.0.1 or later, the normalization occurs automatically during runtime.
Specifies the DN for the application server to use when binding to the directory service.
If no name is specified, the application server binds anonymously. See the Base distinguished name (DN) field description for examples of distinguished names.
Specifies the timeout value in seconds for a Lightweight Directory Access Protocol (LDAP) server to respond before stopping a request.
Default: | 120 |
Specifies whether the server reuses the LDAP connection. Clear this option only in rare situations where a router is used to distribute requests to multiple LDAP servers and when the router does not support affinity.
Default: | Enabled |
Range: | Enabled or Disabled |
If you are using WebSphere Edge Server for LDAP
failover, you must enable TCP resets with the Edge server. A TCP reset
causes the connection to immediately closed and a backup server to
failover. For more information, see "Sending TCP resets when server
is down" at http://www.ibm.com/software/webservers/appserv/doc/v50/ec/infocenter/edge/LBguide.htm#HDRRESETSERVER and the Edge Server
V2 - TCP Reset feature in PTF #2 described in: http://publibfp.dhe.ibm.com/epubs/pdf/i1032540.pdf
Specifies that a case insensitive authorization check is performed when using the default authorization.
This option is required when IBM Tivoli Directory Server is selected as the LDAP directory server.
This option is required when Sun ONE Directory Server is selected as the LDAP directory server. For more information, see "Using specific directory servers as the LDAP server" in the documentation.
This option is optional and can be enabled when a case-sensitive authorization check is required. For example, use this option when the certificates and the certificate contents do not match the case that is used for the entry in the LDAP server. You can enable the Ignore case for authorization option when using single sign-on (SSO) between the application server and Lotus Domino.
Default: | Enabled |
Range: | Enabled or Disabled |
Specifies whether secure socket communication is enabled to the Lightweight Directory Access Protocol (LDAP) server.
When enabled, the LDAP Secure Sockets Layer (SSL) settings are used, if specified.
Specifies that the selection of an SSL configuration is based upon the outbound topology view for the Java Naming and Directory Interface (JNDI) platform.
Centrally managed configurations support one location to maintain SSL configurations rather than spreading them across the configuration documents.
Default: | Enabled |
Specifies the SSL configuration alias to use for LDAP outbound SSL communications.
This option overrides the centrally managed configuration for the JNDI platform.