IBM Support

WebSphere DataPower RBM configuration with Active Directory based LDAP

Technote (FAQ)


Question

Why am I unable to login to the console of IBM WebSphere DataPower SOA Appliances after configuring RBM with LDAP (Active Directory)?

Cause

Configuration with Active Directory (AD) is slightly different compared with other LDAP when using DataPower

Answer

While using Active Directory (AD), check the following:

  • AD, by default, doesn't allow only anonymous binding. Make sure you have anonymous binding enabled on AD.
  • Check for distinguishedName (DN) if need to be constructed to authenticate the user, instead SAMAccountName (SAM-Account-Name)
  • Check RBMPolicy to see if you have the Output credential as */*/*?Access=rwadx in stead of */*/*?Access=r+w+a+d+x. Although the latter works, you should use without the "+" sign.
  • Verify correct DN is being formed if user is a member of multiple group and group search is enabled. Try with user as member of only one group.
  • In the logs, if Authorization is failing, check to see if you have a case sensitivity issue.

For additional information, refer to the Administrator's Guide
Controlling user access to the appliance >
    Managing user access >
        Configuring RBM Settings>
          RBM using LDAP authentication

See the topic "RBM Using LDAP Authentication" in the Product Documentation specific to your appliance type and firmware.

Document information

More support for: IBM DataPower Gateways
General

Software version: 7.2, 7.5, 7.6

Operating system(s): Firmware

Software edition: Edition Independent

Reference #: 1320816

Modified date: 18 September 2009