This week, I had to configure WAS v7 security with Microsoft Active Directory LDAP for a client. The process is quite simple.
From admin console, select Security > Global Security.
Click Security Configuration Wizard.
Check Enable application security, only if you will deploy a web application that uses J2EE security to authenticate users. Otherwise, leave it unchecked.
Select Standalone LDAP registry. Click Next.
I will now explain the fields that you will need to enter.
Primary administrative user name: This is a user that exists in the LDAP server. This user will become sort of a super user with complete administrative rights in the WebSphere cell. Later, you can give additional users and groups administrative rights. But, until then, you will need to log into admin console using this user.
Type of LDAP server: select Microsoft Active Directory.
Host: this is the host name or IP address of the LDAP server.
Port: the port the LDAP server is listening on. Always make sure that a connection can be made to the host name and port number. The default value of 389 should work in most cases.
Base distinguished name (DN): All users that will be used to log into WebSphere must belong to this DN. During authentication, this DN will be automatically appended to the search query.
Bind distinguished name (DN): This is the user that WebSphere will use to log into LDAP and do search queries during authentication. This user must have privilege to search the server for users and groups. For Active Directory, you will need to prefix the user ID with the domain and “\”.
Bind password: This is the password of the user used to bind to the LDAP server and do searches.
Click Next. WebSphere will attempt to connect to the LDAP server and validate various user ID and passwords entered in the screen. If all goes well, you should be able to click Finish and then save the configuration.