Configuring Microsoft Windows Server Active Directory for use with WebSphere Commerce

If you use Microsoft Windows Server Active Directory, complete the steps on this page.

Before you begin

  • Ensure that WebSphere Commerce is installed and configured.
  • Ensure the following Microsoft Windows Server components are installed:
    • Active Directory
    • Internet Information Services (IIS)
    • Certificate Services for Enterprise Root Certificate Authority (CA)
  • Ensure that the Microsoft Windows Server Active Directory administrator has Domain Administrator user rights.
  • Ensure that Certificate Services has been properly configured to download a base-64 encoded CA certificate.
  • Microsoft Windows Server Active Directory requires SSL to be configured to communicate with your WebSphere Commerce server.
Note: Active Directory 2008 by default has requirements around the complexity of user passwords, for example:
  • Passwords cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters.
  • Passwords must be at least six characters in length.
  • Passwords must contain characters from three of the following four categories:
    • English uppercase characters (A through Z).
    • English lowercase characters (a through z).
    • Base 10 digits (0 through 9).
    • Non-alphabetic characters (for example, !, $, #, %).
See Microsoft's Domain Policy Settings page for more information.

In addition, in Active Directory 2003 and 2008, when a user's password is changed, the old password is still active (along with the new password) for some time. See Microsoft's Article 906305 for more information.

Procedure

  1. Choose or create a domain controller or organization in your LDAP server that you would like to map to the Root Organization in WebSphere Commerce, for example: 
    dc=domain,dc=ibm,dc=com
  2. Choose or create an organization directly under the Root Organization to be mapped to the Default Organization in WebSphere Commerce. For example: 
    o=default organization,dc=domain,dc=ibm,dc=com
  3. Restart the Directory Server. You can customize these names to match your own settings. Refer to the documentation for your version of Microsoft Active Directory for instructions on how to complete these tasks.
  4. If your member hierarchy has an organizational entity of type "o" (organization) under another organizational entity of type "o", then you must ensure that the Microsoft Active Directory schema has been configured to support this. Some of the WebSphere Commerce store models create organizations under organizations. Complete the following steps:
    1. Open a command line and run the following command: mmc /a
    2. Select File from menu > Add/Remove Snap-in...
    3. Click Add... > Active Directory Schema > Add > Close and click OK.
    4. Expand Active Directory Schema > Classes
    5. Right click on organization and select Properties.
    6. Select the Relationship tab > Add Superior > Organization > OK > OK.
    7. Exit the Console.