Monday, 5 January 2015

How to configure WebSphere to authenticate against Windows Active Directory [AD]

Hello All,

Here we are performing the activity for configuring the Windows Active directory (LDAP) with websphere Application Server, this is a windows environment. we can apply the same procedure for any othe type of LDAP configuration with Websphere Application Server.

1.       Login to the WAS admin https://hostname:9043/ibm/console/ as an existing admin

2.       Click on Security -> Global security

3.       Choose standalone ldap registry in the pull down window for ‘Available realm definitions’ then click configure.

4.       Put in the following parameters:

Primary administrative user name: adminid_from_AD
Type of LDAP server: Microsoft Active Directory
Host: primary_domain_controller.corp.dom
Base dn: dc=corp,dc=dom
Bind dn: cn=adminid_from_AD,ou=users,dc=corp,dc=dom
Enter password
Hit test to test the connection and then ok.

5.       At the top hits save.

6.       Go to Administrative group roles, hit add, change the search string to the name of the group that will be WAS admins and click add, then save.

7.       Change the “federated directories” to the “standalone ldap registry” in the “available real definitions” drop-box. Click “set as current

8.       Check “enable application security” under Application Security

9.       Click apply and then save

10.   Reinstall the Websphere service.[For Windows Environment]
On the WAS Server run the following in the command prompt (correct names as appropriate):

D:\IBM\WebSphere\AppServer\bin\WASService.exe -remove WASNode01
D:\IBM\WebSphere\AppServer\bin\WASService.exe -add WASNode01 -servername server1 -profilepath "...\WebSphere\AppServer\profiles\AppSrv01" -configroot "...\WebSphere\AppServer\profiles\AppSrv01\config" -logroot "...\WebSphere\AppServer\profiles\AppSrv01\logs\server1" -logFile "...\WebSphere\AppServer\profiles\AppSrv01\logs\server1\WASNode01 Service.log" -washome "...\WebSphere\AppServer" -restart false -stopArgs "-username adminid_from_AD -password passwordhere " -starttype automatic –encodeparams

11.   Restart WAS.

12.   Verify that you can login as yourself to the WebSphere admin console


Hope this will work for you also..

"Effort only fully releases its reward after a person refuses to quit.”

 Regards,
 Akhilesh B. Humbe

Popular Posts