aspose file tools*
The moose likes Security and the fly likes questions regarding LDAP repository & Websphere Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "questions regarding LDAP repository & Websphere" Watch "questions regarding LDAP repository & Websphere" New topic
Author

questions regarding LDAP repository & Websphere

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Hi,

I've configured Apache Directory with WebSphere Application Server & it seems to be working. I can login with a username & password which is present in Apache Directory. The questions I have are:
1. Apache Directory had a built in user uid=admin (DN: uid=admin,ou=system) - I used this user as a Primary Administrative User Name while configuring LDAP repository in WAS console - now the issue is that I can only login with this user. Although I've created other users at the same level in Apache Directory, they won't work...
2. The user id I have to use for login is uid=admin,ou=system which is DN (distinguished name), I was wondering if I could use just admin (uid) instead?

Thanks in advance.

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
This question seems specific to Websphere now.

I figured out answer for 2nd question. In Advanced Lightweight Directory Access Protocol (LDAP) user registry settings, there is a property called User Filter, it had following value previously -
(&(uid=%v)(objectclass=ePerson))

When I looked into Apache Directory, there was no object class with name ePerson, instead the object class name was person so I changed this value to -
(&(uid=%v)(objectclass=person))

Now I can use just 'admin' as username for login - no need for complete DN (uid=admin,ou=system).
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Can some mod please move this thread to Websphere forum? Thanks.

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Okay, now I could login with other users also. I'll tell you what did I do -

Go to Users and Groups > Administrative User Roles
Here, I added those users with appropriate roles (administrator or operator or whatever), these users has to be present in LDAP repository (else you can’t add them here).
Now I am able to login with other users also (which I’ve just added)…

This is fine but what I wanted was that I don’t use websphere admin console to add users – guess there should be some way to do all this in LDAP repository itself…


 
It is sorta covered in the JavaRanch Style Guide.
 
subject: questions regarding LDAP repository & Websphere