суббота, 13 декабря 2008 г.

Global security in WAS 6.1over Active Directory

We need security over Active Directory in our enterprise application wich works on WebSphere Application Server v 6.1.x. When we test our application we use OpenDS(https://opends.dev.java.net/) to emulate Active Directory. But we must replace OpenDS with Active Directory. Every LDAP server has specific parameters. For fast test, I use ldapsearch from OpenDS. I spent more then two hours to get success result.

Success command is: ldapsearch.bat -b "dc=domain,dc=com" -D "cn=username,cn=users,dc=domain,dc=com" "(&(|(cn=username)(samAccountName=username))(objectclass=user))".

When I get user with username username, I move this settings to WebSphere Application Server. Also, user should be in group Domain Administrator.

We must set next settings in WAS(sorry me, but name of parameters are not exact, because I have russian version of WAS):

Administrator username: username

Host: localhost(or other if AD server installed on other host)

LDAP Server Type: Active Directory

Base DN: dc=domain, dc=com

Other DN: cn=username,cn=users,dc=domain,dc=com

Password for connect: domain password for user

In next step we should set filters(Additional Parameters for LDAP registry):

User Filter: (&(|(cn=%v)(samAccountName=%v))(objectclass=user))

Group Filter: (&(cn=%v)(objectcategory=group))

ID user map: user:sAMAccountName

ID group map: *:cn

And now you can set current global security as autonomous LDAP registry!

1 комментарий:

Анонимный комментирует...
Этот комментарий был удален администратором блога.

Most popular