Testing your LDAP configuration
To ensure that LDAP is working properly, complete the following test.
Procedure
- Ensure that you configured WebSphere Commerce to use LDAP.
- If the WebSphere Commerce site administrator user, for
example, wcsadmin, exists on the LDAP server but is not directly under
the root organization in the LDAP server, the user should be deleted
from the LDAP server to avoid data conflicts. However, if the user
already exists in LDAP but is directly under root organization, then
it does not have to be deleted, and authentication for this user will
done using the password in LDAP. In most cases, the user does not
already exist on the LDAP server, but only in WebSphere Commerce database.
This user will automatically be synchronized to the LDAP server when
the user first logs on to WebSphere Commerce.
After the user is synchronized to the LDAP server, the LOGONID value in the USERREG database table for this user will be changed from the short name to the full DN format. For example, it will be changed from "wcsadmin" to "uid=wcsadmin,o=root organization". If for some reason you delete the user from the LDAP server after synchronization has already taken place, you need to update USERREG.LOGONID back to the short name format, and delete the entry for this member in the WMMMAP table. The WMMMAP table maps WebSphere Commerce members to the corresponding entry in Virtual Member Manager (LDAP).
- Login to Organization Administration Console with the WebSphere Commerce site administrator logon ID. For example, wcsadmin.
- Check your LDAP server to ensure that the WebSphere Commerce site administrator user appears under the root organization. Also check USERREG.LOGONID for this user to ensure it is in the DN format. For example, uid=wcsadmin,o=root organization.
- Log out from the Organization Administration Console. If this was the first time that the site administrator user was synchronized with LDAP, repeat steps 3 and 4 to ensure LDAP is configured correctly with WebSphere Commerce.
- Create a new user under the root organization on your LDAP server.
- Try to login to Organization
Administration Console with the new user's short name. You
should receive the following error:
User does not have the proper authority to logon. This error indicates that the user ID was resolved, but does not have rights to access the Organization Administration Console.
If you receive any other error message, then the authentication has failed and either the user creation was done incorrectly or the LDAP server is not configured correctly to work with WebSphere Commerce.
- Login to Organization Administration Console with your WebSphere Commerce site administrator user.
- Assign to the new user the Buyer Administrator role in the root organization.
- Logout from the Organization Administration Console
- Login to WebSphere Commerce Accelerator with the new user. A successful login indicates that LDAP is configured correctly to work with WebSphere Commerce.
- (Recommended) In the Organization Administration Console, remove the Buyer Administrator role from the new user. This step is for security precaution to prevent anyone from using the new user to make unauthorized changes to WebSphere Commerce.