Supported directory services

WebSphere Application Server security supports several different Lightweight Directory Access Protocol (LDAP) servers. For a list of supported LDAP servers, refer to the Supported hardware, software and APIs prerequisite Web site in the Security: Resources for learning article.

It is expected that other LDAP servers follow the LDAP specification function. Support is limited to these specific directory servers only. Use any other directory server by using the custom directory type in the list and by filling in the filters required for that directory.

To improve performance for LDAP searches, the default filters for IBM Tivoli Directory Server, Sun ONE, and Active Directory are defined such that when you search for a user, the result contains all the relevant information about the user (user ID, groups, and so on). As a result, the product does not call the LDAP server multiple times. This definition is possible only in these directory types, which support searches where the complete user information is obtained.

If you use the IBM Directory Server, select the Ignore case for authorization option. This option is required because when the group information is obtained from the user object attributes, the case is not the same as when you get the group information directly. For the authorization to work in this case, perform a case insensitive check and verify the requirement for the Ignore case flag.


 

See Also


Security: Resources for learning