Table of Contents
Advertisement
System requirements
It is important to conduct a preliminary review of your system hardware and software in both
new and existing LDAP infrastructures to ensure that they meet the supported levels for
WebSphere Portal Server. The InfoCenter is routinely updated with specific versions and
recommended compatible levels of configuration, If you are considering an upgrade to your
LDAP implementation, we advise you to refer to 3.1.1, "How do I prepare my system for
before
installation" on page 56
Performance and availability
WebSphere Portal Server provides you with the option of installing the LDAP server on the
same server that WebSphere Portal Server will be housed; however, if performance is of
utmost importance for your portal application(s), we recommend that you provide a separate
physical server for your LDAP.
High Availability: Single LDAP servers provide a single point of failure and therefore are
not a feasible option for deployment on an enterprise scale. For many environments, high
availability is not a option or exception. The goal of high availability without performance
impact are challenges organizations continue to face. High availability for the LDAP server
is best achieved by having an LDAP proxy that will forward back-end requests.
WebSphere Portal Server provides the option of configuring fail-over capability natively
through the WebSphere Member Manager component. If you plan to configure
WebSphere Portal Server for LDAP failover, you should enable security with realms and
modify the wmm.xml as part of the post configuration steps in the InfoCenter. By default,
the Reuse connection parameter should be enabled in the WebSphere Application Server
console, or failover will not occur successfully should the primary server suffer an outage.
LDAP Schema Design: While it is possible to set up WebSphere Portal Server with only
one user and one group, this is not advisable. The LDAP Schema Design and Directory
Information Tree (DIT) should ideally be thoughtfully planned and agreed to by all stake
holders in your organization before you even attempt installation, and certainly before this
phase in your deployment. Improper design of your LDAP Schema can affect the lookup
performance in your LDAP, which will directly affect your portal implementation.
Read-Only LDAP: LDAP uses existing users in your registry, meaning the users and
groups will need to be created before they can access the portal. Authentication with
read-only LDAP is performed using LDAP binding. Connection to a read-only LDAP
WebSphere Portal Server requires an LDAP bind ID with the ability to read and search for
the users in the subset of the DIT.
LDAP that allow write permissions: Allows users to create and modify their personal
attributes in a directory. When write access is allowed, WebSphere Portal Server users
can use such features as Self Registration and self-care to register accounts for
themselves. Write privileges to the LDAP requires an LDAP bind ID to be created with the
ability to write and search for the users in the subset of the DIT.
Note: In both instances, the LDAP Bind ID created for use with WebSphere Portal Server
does not need to be the root ID for the directory server; in fact, it should not be.
LDAP Servers are oriented toward read-only operations and assume that information will
be read from the LDAP server more than it is updated. Write operations will naturally be
more expensive then read-only operations as a result and may require infrastructure
changes to accommodate the cost. Review the documentation for your LDAP Server for
discussion topics in this area.
attempting an upgrade of your environment.
Chapter 3. WebSphere Portal installation
73
Advertisement
Table of Contents
Troubleshooting
