1. IBM WebSphere Portal for IBM i for Power Systems Guide
  2. Configuring a Standalone LDAP User Registry on IBMi

Configuring a Standalone LDAP User Registry on IBMi

If you plan to use a Tivoli Directory Server as an LDAP user registry, you must install and set up the server so that it will communicate with IBM® WebSphere® Portal.

Perform the following steps to prepare Tivoli Directory Server:

  1. Customize the LDAP directory servers settings using the Directory Services Configuration Wizard. You must have *ALLOBJ and*IOSYSCFG special authority to use the wizard. Go to IBM System i and i5/OS Information Center, select the appropriate Information Center version and navigate to e-business and Web serving -> Security and IBM Tivoli Directory Server for i5/OS (LDAP) -> IBM Tivoli Directory Server for i5/OS (LDAP) for information.

    Note: Due to a restriction in Tivoli Directory Server, users or groups must not contain a Turkish uppercase dotted I or lowercase dotted i in the DN as this will prevent correct retrieval of that user or group.

  2. Perform the following steps to create the WebSphere Portal administrative user:

    1. Optional: Perform the following steps to create a new directory suffix:

      • Go to IBM System i and i5/OS Information Center, select the appropriate Information Center version and navigate to Networking -> TCP/IP applications, protocols, and services -> IBM Directory Server for IBM i (LDAP) -> Administering Directory Server -> General administration tasks -> Adding and Removing Directory Server suffixes for information.

      • Stop and restart the LDAP server.

    2. Open the appropriate LDIF file, located in the root directory of the CD setup, with a text editor:

      Use the PortalUsers.ldif file as a working example and adapted appropriately to work with your LDAP server. Use the ContentUsers.ldif file for the DB2 for i® Content Manager group and user IDs if you configured DB2 for i Content Manager.

    3. Replace every dc=yourco,dc=com with your suffix.

    4. Replace any prefixes and suffixes that are unique to your LDAP server.

    5. You can specify user names other than wpsadmin and wpsbind. For security reasons, specify nontrivial passwords for these administrator accounts.

    6. Optional: If using IBM Tivoli® Access Manager Version 5.1, set the objectclasses to accessGroup. If using Tivoli Access Manager Version 6, set the objectclasses to groupOfNames.

    7. Save your changes.

    8. Follow the instructions provided with your directory server to import the LDIF file.

    9. Stop and restart the LDAP server.