Standalone LDAP registry wizard settings

Use this security wizard page to provide the basic settings to connect the application server to an existing Lightweight Directory Access Protocol (LDAP) registry.

To view this security wizard page, click Security > Global security > Security configuration wizard. You can modify your LDAP registry configuration by completing the following steps:
  1. Click Security > Global security.
  2. Under User account repository, click the Available realm definitions drop-down list, select Standalone LDAP registry, and click Configure.

Primary administrative user name

Specifies the name of a user with administrative privileges that is defined in your user registry.

The user name is used to log onto the administrative console when administrative security is enabled. Versions 6.1 and later require an administrative user that is distinct from the server user identity so that administrative actions can be audited.
Attention: In WebSphere® Application Server, Version 6.x, a single user identity is required for both administrative access and internal process communication. When you migrate to Version 8.x, this identity is used as the server user identity. You need to specify another user for the administrative user identity.
[z/OS]Note: When you configure LDAP as a user registry and SAF is enabled, if the property com.ibm.security.SAF.authorization, is set to true, then the Primary administrative user name field is not displayed on the administrative console.

Type of LDAP server

Specifies the type of LDAP server to which you connect.

[AIX Solaris HP-UX Linux Windows][IBM i]IBM® SecureWay Directory Server is not supported.

[z/OS]IBM SecureWay Directory Server is supported by the application server for z/OS® as well as many other LDAP servers.

Host

Specifies the host ID (IP address or domain name service (DNS) name) of the LDAP server.

Port

Specifies the host port of the LDAP server.

If multiple application servers are installed and configured to run in the same single sign-on domain or if the application server interoperates with a previous version, it is important that the port number match all configurations. For example, if the LDAP port is explicitly specified as 389 in a Version 6.1 and later configuration, and a WebSphere Application Server at Version 8.x is going to interoperate with the Version 6.1 and later server, verify that port 389 is specified explicitly for the Version 8.x server.
Information Value
Default: 389
Type: Integer

Base distinguished name (DN)

Specifies the base distinguished name (DN) of the directory service, which indicates the starting point for LDAP searches of the directory service. In most cases, bind DN and bind password are needed. However, when anonymous bind can satisfy all of the required functions, bind DN and bind password are not needed.

For example, for a user with a DN of cn=John Doe , ou=Rochester, o=IBM, c=US, specify the Base DN as any of the following options: ou=Rochester, o=IBM, c=US or o=IBM, c=US or c=US. For authorization purposes, this field is case sensitive. This specification implies that if a token is received, for example, from another cell or Lotus® Domino®, the base DN in the server must match the base DN from the other cell or Lotus Domino server exactly.

Bind distinguished name (DN)

Specifies the DN for the application server to use when binding to the directory service.

If no name is specified, the application server binds anonymously. See the Base distinguished name (DN) field description for examples of distinguished names.

Bind password

Specifies the password for the application server to use when binding to the directory service.