Use these steps to configure the WebSphere® Application Server administrative
console to add objects of the accessGroup class to the list of object
classes
that represent user registry groups.
About this task
You can use the WebSphere Application Server administrative
console
to specify security policies for applications that run in the WebSphere Application
Server environment. You can also use the WebSphere Application
Server administrative
console to specify security policies for other web resources, based
on the
entities that are stored in the user registry. Tivoli® Access
Manager adds the accessGroup
object class to the registry. Tivoli Access Manager administrators
can use the pdadmin utility, which is available only on the policy
server
host in the PD.RTE fileset, to create new groups. These new groups
are added
to the registry as the accessGroup object class.
The WebSphere Application
Server administrative console is not configured by default to recognize
objects
of the accessGroup class as user registry groups. You can configure
the WebSphere Application
Server administrative console to add this object class to the list
of object
classes that represent user registry groups. To do this configuration,
complete
the following instructions:
Procedure
- From the WebSphere Application Server
administrative console,
access the advanced settings for configuring security by clicking Security >
Global security.
- Under User account repository, click the Available realm
definitions drop-down
list, select Standalone LDAP registry, and click Configure.
- Under Additional properties, click Advanced Lightweight
Directory
Access Protocol (LDAP) user registry settings.
-
Modify the Group Filter field. Add the following entry:
(objectclass=accessGroup)
The Group Filter field looks like the following example:
(&(cn=%w)(|(objectclass=groupOfNames)
(objectclass=groupOfUniqueNames)
(objectclass=accessGroup)))
- Modify the Group
Member ID Map field. Add the following
entry:
accessGroup:member
. The Group
Member
ID Map field looks like the following example:
groupOfNames:member;groupOfUniqueNames:uniqueMember;
accessGroup:member
- Stop
and restart WebSphere Application Server.