Example configurations of LDAP servers for IDS

Refer to this template if you are using an IBM Tivoli Directory Server (IDS). This file describes a default configuration. For more advanced and specific configurations, refer to the relevant WebSphere Application Server Liberty documentation, for example at Configuring LDAP user registries in Liberty or to your LDAP administrator.

IBM Directory Server

<server description="federated_basicLDAP">
	
	
	<variable name="admin.group.name" value="Admins"/>
	
	
	<variable name="ldap.base.DN" value=""/>
	
	
	<variable name="ldap.port" value=""/>
	
	
	<variable name="ldap.host" value=""/>
	
	
	<variable name="ldap.adminDN" value=""/>
	
	
	<variable name="ldap.password" value=""/>
	
	<jndiEntry value="${admin.group.name}" jndiName="admin.group.name" /> 
	
	
	<administrator-role>
	  <group>${admin.group.name}</group>
	</administrator-role>
	
	
	<federatedRepository searchTimeout="20m">
		 <primaryRealm name="TWSRealm" allowOpIfRepoDown="true">
	            <participatingBaseEntry name="o=BasicRealm"/>
	            <participatingBaseEntry name="${ldap.base.DN}"/>
	            <uniqueGroupIdMapping inputProperty="uniqueName" outputProperty="uniqueName"/>
				<groupSecurityNameMapping inputProperty="cn" outputProperty="cn"/>
				<groupDisplayNameMapping inputProperty="cn" outputProperty="cn"/>
				<userDisplayNameMapping inputProperty="principalName" outputProperty="principalName"/>
				<userSecurityNameMapping inputProperty="principalName" outputProperty="principalName"/>
				<uniqueUserIdMapping inputProperty="uniqueName" outputProperty="uniqueName"/>					            
	        </primaryRealm>
	 </federatedRepository>
	
	
	 <ldapRegistry 
	 	baseDN="${ldap.base.DN}" 
	 	ldapType="IBM Tivoli Directory Server"
		port="${ldap.port}" 
		host="${ldap.host}" 
		id="ldap" 
		bindDN="${ldap.adminDN}" 
		bindPassword="${ldap.password}" 
		searchTimeout="20"
		sslEnabled="false" 
		sslRef="twaSSLSettings"	    
	    userFilter="(&amp;(uid=%v)(objectclass=ePerson))" 
		groupFilter="(&amp;(cn=%v)(|(objectclass=groupOfNames)
			(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))"
		userIdMap="*:uid"
		groupIdMap="*:cn"
		groupMemberIdMap="mycompany-allGroups:member;
			mycompany-allGroups:uniqueMember;
			groupOfNames:member;
			groupOfUniqueNames:uniqueMember">
			<ldapEntityType name="Group">
					<objectClass>groupOfNames</objectClass>
				</ldapEntityType>
				<ldapEntityType name="PersonAccount">
					<objectClass>inetOrgPerson</objectClass>
				</ldapEntityType>
				<ldapEntityType name="OrgContainer">
					<objectClass>organization</objectClass>
					<objectClass>organizationalUnit</objectClass>
					<objectClass>domain</objectClass>
					<objectClass>container</objectClass>		
				</ldapEntityType>
			
		
        
	</ldapRegistry>	 
	basicRegistry id="basic" realm="BasicRealm">
	       
	       user name="${user.twsuser.id}" password="${user.twsuser.password}"/>
	       
	       group name="${admin.group.name}">
           		member name="${user.twsuser.id}"/>
            </group>
	       
	       
	 
	 
	 </basicRegistry>
		
</server>