Specifying Your LDAP Server Settings

The first step in configuring WebSphere for secure client authentication is to configure the connection with an LDAP server. This action defines the security infrastructure against which WebSphere will validate user names and passwords.

Note: To enable Secure LDAP (LDAPS) connection, you must do additional configuration as documented here: https://www.ibm.com/support/pages/how-setup-ssl-connection-between-websphere-application-server-and-ldap-server

  1. Determine whether or not you need to alter the LDAP and global security options:

    • If you are enabling security for the first time in an environment that is currently open (non-secure), proceed to step 2.

    • If you are installing the SIMULIA Execution Engine for the first time, proceed to step 2.

    • If you are updating a previous installation of the SIMULIA Execution Engine on an application server instance that already has client authentication enabled, proceed to Assigning Users to Roles. All other settings described in Specifying Your LDAP Server Settings and Enabling Global Security in WebSphere should be unchanged and do not need to be altered.

  2. Verify that the WebSphere Application Server is running and that you are logged in to the console.

    For more information, see Starting WebSphere and Determining Server Port Numbers.

  3. On the left side of the console, click Security.
  4. Click Global security.

    The Global security screen appears.

  5. From the Available realm definitions list, select Standalone LDAP registry.
  6. Click Set as current.
  7. Click Configure.
  8. In the Primary administrative user name text box, type the user name (for example, seeadmin).
  9. Verify that Automatically generated server identity is selected.
  10. From the Type of LDAP server list, select the type of server to be used.

    This setting determines the type of LDAP server to be used (for example, Active Directory).

  11. In the Host text box, type the name of the LDAP server host machine.

    The fully qualified host name is not required, unless the WebSphere host machine needs a fully qualified name to reach the LDAP server. The short host name is adequate if that's all that is needed to ping the LDAP server.

  12. In the Port text box, type the port number of the LDAP server host (for example, 389).
  13. In the Base distinguished name (DN) text box, specify the necessary information.

    This information represents the starting point in the LDAP tree from which searches should be made for users. Contact your local system administrator for the proper settings.

  14. In the Bind distinguished name (DN) text box, specify the necessary information.

    This setting identifies a specific user in the LDAP directory that is to be used by the WebSphere server when binding with the LDAP server. This setting may be the same user as used to start the WebSphere server or some other user defined in LDAP. It does not need to be the same as the Primary administrative user name. It is specified as a distinguished LDAP name. Contact your local system administrator for the proper settings.

  15. In the Bind password text box, type the password for the Bind distinguished name LDAP user specified in the previous step.

    The remainder of the settings can use their default values.

  16. Click Apply to save the LDAP settings.

    You may have to scroll down to see this button.

  17. Click Test connection at the top of the right side of the console.

    A message appears if the test was successful. If WebSphere is unable to validate the LDAP settings, carefully check the spelling and case of all entries.

  18. Click OK.

    You are returned to the Global security screen.