Administer > Manage instances > WCS instance
Configure directory services (LDAP) with WebSphere Commerce
WebSphere Commerce can be configured to use one or more LDAP servers as the master user repository instead of the WebSphere Commerce database. This is typically done when multiple applications need to share a common user repository.
In this configuration, user and organization data in the WebSphere Commerce database is synchronized with data on the LDAP server. When a lookup is done, the data on the LDAP server is considered the master copy, so it will be used to update the WebSphere Commerce database if the LDAP data is more recent than the time of the last synchronization.
When a create or update operation is done, the information will be propagated to both the database and the LDAP server. However, a user's password is only stored on the LDAP server.
IBM recommends that the organization structure and distinguished names on the LDAP server match what is in WebSphere Commerce database. If the DNs do not match, provide an implementation of LDAPIntegrationCmd.java that handles the mapping between the LDAP DNs and the WebSphere Commerce database DNs, by implementing the getCommerceDN() and getLDAPDN() methods.
WebSphere Commerce requires the Root Organization (-2001) be the common ancestor of all other organizations, and the Default Organization (-2000) exist directly under the Root Organization.
To use WebSphere Commerce with LDAP, WebSphere Application Server Administrative Security must be enabled and configured to use Federated Repositories. The Federated Repositories feature is implemented using another WebSphere Application Server component called Virtual Member Manager (VMM). com.ibm.commerce.member.syncbeans.VMMProxy is used by WebSphere Commerce to call VMM APIs to interact with the LDAP server.
Before you begin
Ensure that you understand the content in Directory services and WebSphere Commerce.
Procedure
- Prepare the LDAP server for use with WebSphere Commerce
The steps on this page describe how to prepare an LDAP server to use with WebSphere Commerce.
- Optional: Set up LDAP over SSL
You can configure WebSphere Application Server and WebSphere Commerce to access the LDAP directory over SSL to ensure the confidentiality of the data, for example passwords, exchanged between WebSphere Application Server, the WebSphere Commerce Server, and the LDAP server. This is mandatory for some LDAP servers, for example Microsoft Active Directory and Novell eDirectory. Configuring LDAP over SSL is a separate operation from configuring the HTTP Server to accept incoming browser requests over HTTPS.
- Enable security with federated repositories
To use WebSphere Commerce with LDAP configure WebSphere Application Server Administrative Security with Federated Repositories. The WebSphere Commerce Integration Wizard can be used to configure this. The federated repositories consist of one or more LDAP servers and a built-in, file-based repository.
- Replication for LDAP
The ldapentry.xml file is used to configure which attributes are synchronized between the LDAP server and the WebSphere Commerce database. Some commonly used attributes are specified by default. The actual synchronization is done by synchronization beans.
- Optional: Enable WebSphere Commerce Payments for use with LDAP
When WebSphere Commerce Payments is enabled for use with LDAP, keep the password for the WebSphere Commerce Site Administrator in the WebSphere Commerce database synchronized with the LDAP password for the WebSphere Commerce Site Administrator. You will not be able to access the WebSphere Commerce Payments console or the WebSphere Commerce Payments function in the WebSphere Commerce Accelerator if you do not keep the two passwords synchronized.To keep the password synchronized, change the password in the WebSphere Commerce Site Administrator for the WebSphere Commerce database whenever you change the LDAP password for the WebSphere Commerce Site Administrator.
- Test the LDAP configuration
To ensure that LDAP is working properly, complete the following test.
Related tasks
Federate two LDAP servers with a common root organization
Related reference