LDAP user authentication

About this task

When connecting from the Dynamic Workload Console to the master domain manager using an LDAP user, you might not be able to access the views in the dynamic domain manager database.

Procedure

  1. Stop WebSphere Application Server Liberty on the master domain manager, as described in Application server - starting and stopping.
  2. Open the broker_role_mapping.xml file on the master domain manager. The file path varies depending on the operating system:
    On Windows operating systems
    <MDM_installation_directory>\usr\servers\engineServer\configDropins\defaults
    On UNIX operating systems
    <MDM_installation_directory>/usr/servers/engineServer/configDropins/defaults/
  3. Uncomment the <special-subject type="ALL_AUTHENTICATED_USERS"/> line for all roles: Operator, Submitter, and Configurator. This modification grants access to all authenticated users. For tighter security, administrators can map specific LDAP groups to these roles. The uncommented section looks like this: 
    <security-role id="operatorRole" name="Operator">
<special-subject type="ALL_AUTHENTICATED_USERS"/>
</security-role>
<security-role id="submitterRole" name="Submitter">
<special-subject type="ALL_AUTHENTICATED_USERS"/>
</security-role>
<security-role id="configuratorRole" name="Configurator">
<special-subject type="ALL_AUTHENTICATED_USERS"/>
</security-role>
  4. Restart WebSphere Application Server Liberty, as described in Application server - starting and stopping.