Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Configure virtual member manager > Adapters > LDAP
Configure an LDAP server adapter
The LDAP adapter is configured using the console or the wsadmin commands. See the WebSphere administrative console documentation. If modify this configuration, you can manually edit the wimconfig.xml file, although this is not the preferred method.
About this task
The following code sample is an example of a basic wimconfig.xml file that has been configured to use the LDAP server LDAP1. We can modify the appropriate values that are shown in italic.
The suffixes need to already exist in the LDAP server before you can configure the LDAP repository adapter.
<config:repositories xsi:type="config:LdapRepositoryType" id="LDAP1" supportPaging="true" supportSorting="true" ldapServerType="IDS"> <config:baseEntries name="cn=users,dc=yourco,dc=com"/> <config:baseEntries name="cn=groups,dc=yourco,dc=com"/> <config:ldapServerConfiguration> <config:ldapServers bindDN="cn=root" bindPassword="{xor}Nj0y" sslEnabled="false"> <config:connections host="localhost" port="389"/> </config:ldapServers> </config:ldapServerConfiguration> <config:ldapEntityTypes name="PersonAccount"> <config:objectClasses>inetOrgPerson </config:objectClasses> <config:searchBases>cn=users,dc=yourco,dc=com </config:searchBases> </config:ldapEntityTypes> <config:ldapEntityTypes name="Group"> <config:objectClasses>groupOfNames </config:objectClasses> <config:searchBases>cn=groups,dc=yourco,dc=com </config:searchBases> </config:ldapEntityTypes> <config:ldapEntityTypes name="OrgContainer"> <config:rdnAttributes name="o" objectClass="organization"/> <config:rdnAttributes name="ou" objectClass="organizationalunit"/> <config:objectClasses>organization </config:objectClasses> <config:objectClasses>organizationalUnit </config:objectClasses> </config:ldapEntityTypes> <config:groupConfiguration> <config:memberAttributes dummyMember="uid=dummy" name="member" objectClass="groupOfNames"/> <config:membershipAttribute name=""/> </config:groupConfiguration> <config:attributeConfiguration> <config:attributes name="userPassword" propertyName="password"/> <config:attributes name="cn" propertyName="displayName"> <config:entityTypes>Group </config:entityTypes> </config:attributes> <config:attributes name="cn" propertyName="cn"> <config:entityTypes>Group </config:entityTypes> </config:attributes> <config:propertiesNotSupported name="homeAddress"/> <config:propertiesNotSupported name="businessAddress"/> </config:attributeConfiguration> <config:contextPool enabled="true" initPoolSize="1" maxPoolSize="10" poolTimeOut="0" prefPoolSize="5"/> <config:cacheConfiguration> <config:attributesCache cacheSize="4000" cacheTimeOut="1200" enabled="true" cacheDistPolicy="none"/> <config:searchResultsCache cacheSize="2000" cacheTimeOut="600" enabled="true" searchResultSizeLimit="1000" cacheDistPolicy="none"/> </config:cacheConfiguration> </config:repositories>Out-of-the-box, only groups in database repositories support the members from other repositories. File repositories and LDAP repositories, including Microsoft Active Directory with multiple domains, do not support members from other repositories.
For information about troubleshooting and how to enable trace and logs for virtual member manager, see Logs and trace. See also Migrate a stand-alone LDAP repository to a federated repositories LDAP repository configuration in the WAS information center.
Parent topic: LDAP