Table of Contents
Advertisement
Filtering group information: The default filter information provided with your LDAP server is
very generic in nature and geared toward searching and entire directory. Custom filters
should be used to drill down to the subset of users in the LDAP tree to reduce the number
of LDAP calls and improve overall performance of your portal.
LDAP security options
Enabling a WebSphere Portal Server connection to an LDAP registry with realms
Realms allow you to create group users from one or more LDAP Directory Information
Trees and present them as a single entity to WebSphere Portal Server. Realms were
introduced in WebSphere Portals Server Version 5.1, but support was limited to one
registry. WebSphere Portal Sever V6 allows for the usage of multiple registries with realm
enablement.
Enabling WebSphere Portal Server connection to an LDAP Registry without realms
When you enable security without realm support, only one user registry can be created. If
your user information is contained in one LDAP, then you have the option of enabling
security without realm support. For scalability and flexibility purposes, we recommend that
you enable security with realm support.
Note: At the time of the writing of this Redpaper, Web Content Management does not
currently support WebSphere Portal Server environments with multiple realms. So you can
either configure without realms or configure one realm in the WMM configuration files. Web
Content Management is supported to use multiple registries, but they all need to be
configured in the default realm. Planned support for multi-realms with WCM will be made
available in a future release.
LookAside
LookAside is a repository that resides in the WebSphere Member Manager database. The
purpose of LookAside is to provide the option to add additional attributes that do not
correspond to a typical LDAP database. The LookAside option is available when configuring
LDAP security with realms or without. Enabling LookAside can be done by setting the
parameter LookAside=true in the wpconfig.properties file.
Note: If you are planning to use Web Content Management, the LookAside database is
required.
3.3.2 How do I prepare for WebSphere Portal Server LDAP security
The following presents the general steps you should take before you perform the enable
security process.
1. LDAP installation, configuration and validation: The installation and configuration of your
LDAP server should be completed by this phase. Performance tuning should be
completed according to the recommendations in the LDAP server's documentation and
monitoring tools. A good way to test your LDAP configuration is to perform a search using
the ldapsearch utility to confirm that your LDAP is operational.
– Anonymous search:
ldapsearch -s base -h ldaphostname "objectClass=*"
– Using a Bind ID:
ldapsearch -h ldaphostname -D "cn=wpsbind,o=co" -w "wpsbind" -s base
"objectClass=*"
74
IBM WebSphere Portal V6 Self Help Guide
Advertisement
Table of Contents
Troubleshooting
