WAS8555_Security_VMM.ppt Page 1 of 11

This presentation describes the WebSphere® Application Server V8.5.5 Liberty profile support for the ldapRegistry-3.0 feature, which uses an LDAP server as a user registry.

WAS8555_Security_VMM.ppt Page 2 of 11

Having just one active LDAP server from which to fetch results from can cause performance problems and is a single point of failure. With the ldapRegistry-3.0 feature, you can now perform read-only operations on two or more supported LDAP servers through use of the user registry APIs. The 3.0 denotes that any server that supports LDAP server V3.0 can be used.

WAS8555_Security_VMM.ppt Page 3 of 11

In large organizations, employee data can be located in more than one user registry. One possible reason for this is that departments within the organization had different IT solutions in the past. Another possible reason is an acquisition, where the acquired company has a different user registry than the parent company.

Applications that need to search for user information across these different user registries can make use of the ldapRegistry-3.0 feature and consolidate the results. After providing a set of minimum configuration data, all searches can be run across two or more supported user registries. The consolidated results are sent back to the calling component.

WAS8555_Security_VMM.ppt Page 4 of 11

This slide demonstrates how to configure a single LDAP server. The configuration is the same in V8.5 and V8.5.5. The tags contextPool and ldapCache can be used to fine tune the interaction with the LDAP server

For a complete list of the configuration options that were added in WebSphere Application Server V8.5.5 Liberty profile, see the information center articles for the LDAP user registry.

WAS8555_Security_VMM.ppt Page 5 of 11

You can add two or more LDAP registry types and federate them. This slide provides an example of how to federate IBM Tivoli Directory Server and Microsoft Active Directory server. Add an ldapRegistry tag for each LDAP server that needs to be federated and configure them. For more information on configuration, see the information center articles for the LDAP user registry.

WAS8555_Security_VMM.ppt Page 6 of 11

Here is a quick demonstration. To configure the basic and advanced connection options for one LDAP server, select the LDAP User Registry component in the Liberty tools, as shown on the left half of this slide. To configure advanced scenarios, involving two or more LDAP registries, select the User Registry Federation option, as shown on the right half of this slide.

WAS8555_Security_VMM.ppt Page 7 of 11

Then add the LDAP User Registry components that need to be federated and configure them. All queries are run and consolidated across all configured user registries.

Note that Eclipse IDE for Java EE Developers, Juno Sr2 is required. And the LDAP user registry only supports read-only operations in version 8.5.5.

WAS8555_Security_VMM.ppt Page 8 of 11

In summary, in the WebSphere Application Server V8.5.5 Liberty profile, you can federate two or more configured LDAP servers. The recommended way to enable this capability is by using Liberty tools. Alternatively you can edit the server.xml file directly.

WAS8555_Security_VMM.ppt Page 9 of 11

See this reference for more information on the LDAP user registry.

WAS8555_Security_VMM.ppt Page 10 of 11

You can help improve the quality of IBM Education Assistant content by providing feedback.

WAS8555_Security_VMM.ppt Page 11 of 11