Example configurations of LDAP servers for IDS
Refer to this template if you are using an IBM Tivoli Directory Server (IDS).
This file describes a default configuration. For more advanced and specific
configurations, refer to the relevant WebSphere Application Server Liberty Base documentation at Configuring LDAP user registries in Liberty or to your LDAP administrator.
- IBM Directory Server
-
<server description="federated_basicLDAP"> <variable name="admin.group.name" value="Admins"/> <variable name="ldap.base.DN" value=""/> <variable name="ldap.port" value=""/> <variable name="ldap.host" value=""/> <variable name="ldap.adminDN" value=""/> <variable name="ldap.password" value=""/> <jndiEntry value="${admin.group.name}" jndiName="admin.group.name" /> <administrator-role> <group>${admin.group.name}</group> </administrator-role> <federatedRepository searchTimeout="20m"> <primaryRealm name="TWSRealm" allowOpIfRepoDown="true"> <participatingBaseEntry name="o=BasicRealm"/> <participatingBaseEntry name="${ldap.base.DN}"/> <uniqueGroupIdMapping inputProperty="uniqueName" outputProperty="uniqueName"/> <groupSecurityNameMapping inputProperty="cn" outputProperty="cn"/> <groupDisplayNameMapping inputProperty="cn" outputProperty="cn"/> <userDisplayNameMapping inputProperty="principalName" outputProperty="principalName"/> <userSecurityNameMapping inputProperty="principalName" outputProperty="principalName"/> <uniqueUserIdMapping inputProperty="uniqueName" outputProperty="uniqueName"/> </primaryRealm> </federatedRepository> <ldapRegistry baseDN="${ldap.base.DN}" ldapType="IBM Tivoli Directory Server" port="${ldap.port}" host="${ldap.host}" id="ldap" bindDN="${ldap.adminDN}" bindPassword="${ldap.password}" searchTimeout="20" sslEnabled="false" sslRef="twaSSLSettings" userFilter="(&(uid=%v)(objectclass=ePerson))" groupFilter="(&(cn=%v)(|(objectclass=groupOfNames) (objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))" userIdMap="*:uid" groupIdMap="*:cn" groupMemberIdMap="mycompany-allGroups:member; mycompany-allGroups:uniqueMember; groupOfNames:member; groupOfUniqueNames:uniqueMember"> <ldapEntityType name="Group"> <objectClass>groupOfNames</objectClass> </ldapEntityType> <ldapEntityType name="PersonAccount"> <objectClass>inetOrgPerson</objectClass> </ldapEntityType> <ldapEntityType name="OrgContainer"> <objectClass>organization</objectClass> <objectClass>organizationalUnit</objectClass> <objectClass>domain</objectClass> <objectClass>container</objectClass> </ldapEntityType> </ldapRegistry> basicRegistry id="basic" realm="BasicRealm"> user name="${user.twsuser.id}" password="${user.twsuser.password}"/> group name="${admin.group.name}"> member name="${user.twsuser.id}"/> </group> </basicRegistry> </server>