Sie sind auf Seite 1von 11

WAS8555_Security_VMM.

ppt Page 1 of 11
This presentation describes the WebSphere

Application Server V8.5.5 Liberty profile


support for the ldapRegistry-3.0 feature, which uses an LDAP server as a user registry.
WAS8555_Security_VMM.ppt Page 2 of 11
Having just one active LDAP server from which to fetch results from can cause
performance problems and is a single point of failure. With the ldapRegistry-3.0 feature,
you can now perform read-only operations on two or more supported LDAP servers
through use of the user registry APIs. The 3.0 denotes that any server that supports LDAP
server V3.0 can be used.
WAS8555_Security_VMM.ppt Page 3 of 11
In large organizations, employee data can be located in more than one user registry. One
possible reason for this is that departments within the organization had different IT
solutions in the past. Another possible reason is an acquisition, where the acquired
company has a different user registry than the parent company.
Applications that need to search for user information across these different user registries
can make use of the ldapRegistry-3.0 feature and consolidate the results. After providing a
set of minimum configuration data, all searches can be run across two or more supported
user registries. The consolidated results are sent back to the calling component.
WAS8555_Security_VMM.ppt Page 4 of 11
This slide demonstrates how to configure a single LDAP server. The configuration is the
same in V8.5 and V8.5.5. The tags contextPool and ldapCache can be used to fine tune
the interaction with the LDAP server
For a complete list of the configuration options that were added in WebSphere Application
Server V8.5.5 Liberty profile, see the information center articles for the LDAP user registry.
WAS8555_Security_VMM.ppt Page 5 of 11
You can add two or more LDAP registry types and federate them. This slide provides an
example of how to federate IBM Tivoli Directory Server and Microsoft Active Directory
server. Add an ldapRegistry tag for each LDAP server that needs to be federated and
configure them. For more information on configuration, see the information center articles
for the LDAP user registry.
WAS8555_Security_VMM.ppt Page 6 of 11
Here is a quick demonstration. To configure the basic and advanced connection options
for one LDAP server, select the LDAP User Registry component in the Liberty tools, as
shown on the left half of this slide. To configure advanced scenarios, involving two or more
LDAP registries, select the User Registry Federation option, as shown on the right half of
this slide.
WAS8555_Security_VMM.ppt Page 7 of 11
Then add the LDAP User Registry components that need to be federated and configure
them. All queries are run and consolidated across all configured user registries.
Note that Eclipse IDE for Java EE Developers, Juno Sr2 is required. And the LDAP user
registry only supports read-only operations in version 8.5.5.
WAS8555_Security_VMM.ppt Page 8 of 11
In summary, in the WebSphere Application Server V8.5.5 Liberty profile, you can federate
two or more configured LDAP servers. The recommended way to enable this capability is
by using Liberty tools. Alternatively you can edit the server.xml file directly.
WAS8555_Security_VMM.ppt Page 9 of 11
See this reference for more information on the LDAP user registry.
WAS8555_Security_VMM.ppt Page 10 of 11
You can help improve the quality of IBM Education Assistant content by providing
feedback.
WAS8555_Security_VMM.ppt Page 11 of 11

Das könnte Ihnen auch gefallen