WebSphere DataPower RBM configuration with Active Directory based LDAP
Why am I unable to login to the console of IBM WebSphere DataPower SOA Appliances after configuring RBM with LDAP (Active Directory)?
Configuration with Active Directory (AD) is slightly different compared with other LDAP when using DataPower
While using Active Directory (AD), check the following:
- AD, by default, doesn't allow only anonymous binding. Make sure you have anonymous binding enabled on AD.
- Check for distinguishedName (DN) if need to be constructed to authenticate the user, instead SAMAccountName (SAM-Account-Name)
- Check RBMPolicy to see if you have the Output credential as */*/*?Access=rwadx in stead of */*/*?Access=r+w+a+d+x. Although the latter works, you should use without the "+" sign.
- Verify correct DN is being formed if user is a member of multiple group and group search is enabled. Try with user as member of only one group.
- In the logs, if Authorization is failing, check to see if you have a case sensitivity issue.
For additional information, refer to the Administrator's Guide
Controlling user access to the appliance >
Managing user access >
Configuring RBM Settings>
RBM using LDAP authentication
See the topic "RBM Using LDAP Authentication" in the Product Documentation specific to your appliance type and firmware.
More support for:
IBM DataPower Gateways
Software version: 7.2, 7.5, 7.6
Operating system(s): Firmware
Software edition: Edition Independent
Reference #: 1320816
Modified date: 18 September 2009