IBM BS029ML Self Help Guide - Page 88
How do I prepare for WebSphere Portal Server LDAP security, LDAP security options, LookAside
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 88 highlights
Filtering group information: The default filter information provided with your LDAP server is very generic in nature and geared toward searching and entire directory. Custom filters should be used to drill down to the subset of users in the LDAP tree to reduce the number of LDAP calls and improve overall performance of your portal. LDAP security options Enabling a WebSphere Portal Server connection to an LDAP registry with realms Realms allow you to create group users from one or more LDAP Directory Information Trees and present them as a single entity to WebSphere Portal Server. Realms were introduced in WebSphere Portals Server Version 5.1, but support was limited to one registry. WebSphere Portal Sever V6 allows for the usage of multiple registries with realm enablement. Enabling WebSphere Portal Server connection to an LDAP Registry without realms When you enable security without realm support, only one user registry can be created. If your user information is contained in one LDAP, then you have the option of enabling security without realm support. For scalability and flexibility purposes, we recommend that you enable security with realm support. Note: At the time of the writing of this Redpaper, Web Content Management does not currently support WebSphere Portal Server environments with multiple realms. So you can either configure without realms or configure one realm in the WMM configuration files. Web Content Management is supported to use multiple registries, but they all need to be configured in the default realm. Planned support for multi-realms with WCM will be made available in a future release. LookAside LookAside is a repository that resides in the WebSphere Member Manager database. The purpose of LookAside is to provide the option to add additional attributes that do not correspond to a typical LDAP database. The LookAside option is available when configuring LDAP security with realms or without. Enabling LookAside can be done by setting the parameter LookAside=true in the wpconfig.properties file. Note: If you are planning to use Web Content Management, the LookAside database is required. 3.3.2 How do I prepare for WebSphere Portal Server LDAP security The following presents the general steps you should take before you perform the enable security process. 1. LDAP installation, configuration and validation: The installation and configuration of your LDAP server should be completed by this phase. Performance tuning should be completed according to the recommendations in the LDAP server's documentation and monitoring tools. A good way to test your LDAP configuration is to perform a search using the ldapsearch utility to confirm that your LDAP is operational. - Anonymous search: ldapsearch -s base -h ldaphostname "objectClass=*" - Using a Bind ID: ldapsearch -h ldaphostname -D "cn=wpsbind,o=co" -w "wpsbind" -s base "objectClass=*" 74 IBM WebSphere Portal V6 Self Help Guide