Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository
Standalone LDAP registries
Overview
A Standalone LDAP registry performs authentication using an LDAP binding. User and group filters have filled-in values for supported LDAP servers.
IBM recommends moving from stand-alone LDAP registries to federated repositories, which support multiple user registries.
Planning
Know...
- Administrative user in the LDAP
- LDAP server host and port
- base distinguished name (DN)
- Bind DN and the bind password
We can choose any valid user in the registry that is searchable and have administrative privileges. This user is referred to as WAS security server ID, server ID, or server user ID, nd has special privileges when calling some protected internal methods. This ID and password are normally used to log into the admin console after security is turned on.
When security is enabled in the product, the primary administrative user name and password are authenticated with the registry during the product startup. If authentication fails, the server does not start. It is important to choose an ID and password that do not expire or change often. If the product server user ID or password need to change in the registry, make sure that the changes are performed when all the product servers are up and running.
When the changes are done in the registry, use the steps described in Configure LDAP user registries. Change the ID, password, and other configuration information, save, stop, and restart all the servers so that the new ID or password is used by the product. If any problems occur starting the product when security is enabled, disable security before the server can start up.
To avoid these problems, make sure that any changes in this panel are validated in the Global security panel. When the server is up, you can change the ID, password, and other configuration information and then enable security.
We can use the custom LDAP feature to support any LDAP server by setting up the correct configuration. However, support is not extended to these custom LDAP servers because many configuration possibilities exist.
The users and groups and security role mapping information is used by the configured authorization engine to perform access control decisions. Dynamic groups and nested group support for LDAP
Security failover among multiple LDAP servers
Federated repositories
Select a registry or repository
Use specific directory servers as the LDAP server
Configure LDAP user registries
Migrate a stand-alone LDAP repository to a federated repositories LDAP repository configuration
Standalone LDAP registry settings
Security: Resources for learning