Table of Contents
Advertisement
Note: Performing LDAP searches using an utility is one of the initial ways to troubleshoot
directory problems. If you do not receive results and have confirmed that the problem is not
user based (typos or extra spaces), it may indicate an underlying problem with the LDAP
directory or network. Resolve these issues before proceeding with the enablement of
directory security.
2. LDAP Design: While it is possible to set up WebSphere Portal Server with only one user
and one group, this is not advisable. The LDAP Schema Design and Directory Information
Tree (DIT) should ideally be thoughtfully planned and agreed to by all stake holders in your
organization before you even attempt installation, and certainly before this phase in your
deployment. Changing the LDAP Schema design during mid- or post-deployment could
have unintended consequences.
3. LDAP requirements for WebSphere Portal Server: Before you can perform the connection
to your user registry, the elements for user and group membership must be met.
WebSphere Portal Server requires a minimum of one user and group to be created in
LDAP before you can connect to it:
– wpsadmin (Portal Administration User)
– wpsadmins
It is recommended that the wpsadmin user be a member of the wpsadmins group. If you
are going to be using features such as Portal Document Manager (PDM) and WebSphere
Content Management (WCM), we recommend creating the following groups ahead of
time:
– wasadmin (WebSphere Administration User; required if it will be different from the
wpsadmin ID. The wasadmin user and wasadminGroup should be set ahead of time
regardless of whether features such as PDM and WCM are utilized in your
deployment.)
– wpsContentAdminstrators
– wpsDocReviewer
– WcmAdminGroupId
Once all the users and groups are created, perform queries through the ldapsearch utility to
validate the membership information used later to enable LDAP security.
4. Connectivity check (PING): From the server in which you will enable security, perform a
ping test to verify the connection to your LDAP host(s). In addition to confirming that there
is no packet loss, you should also verify that the round trip time is acceptable from
destination to host based on your organization's topology. Intermittent connectivity failures
to your LDAP can cause not only your enablement of security task to fail, but can degrade
the performance of WebSphere Portal Server. You should resolve all connectivity issues
before attempting to run the enablement of security targets.
5. Connectivity check (TELNET): The next test that you should run from your WebSphere
Portal Server(s) is to verify that you can telnet to the ports that are open and accessible
from your LDAP Server(s). The default LDAP ports are 389 and 636. Port 636 is the
default port used for Secure Socket Layer (SSL) connections. When performing the initial
enablement of security for your user registry, the recommended sequence is to enable
security connecting to the non-SSL port (389), then, after validating that your portal is able
to connect to your LDAP successfully (link to the validation steps), follow the post
configuration steps to connect your LDAP through SSL.
Chapter 3. WebSphere Portal installation
75
Advertisement
Table of Contents
Troubleshooting
