This article is somewhat of an aide memoire for me, allow me to remember how to enable WebSphere Application Server to talk to an LDAP server, without needing to use a GUI :-)
![]()
I pulled this together using my own WAS 8.5 VM running on RHEL 6.3, as ever, and a remote LDAP ( albeit IBM Tivoli Directory Server rather than Microsoft Active Directory ).
Start wsadmin client
$ cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
$ ./wsadmin.sh -lang jython
List existing repositories
wsadmin> AdminTask.listIdMgrRepositories()
should return: -
'{InternalFileRepository={repositoryType=File, host=LocalHost}}'
Configure the Administrative User Registry ( assume that we're keeping the WAS admin in file-based registry )
wsadmin> AdminTask.configureAdminWIMUserRegistry('[-realmName defaultWIMFileBasedRealm -verifyRegistry false ]')
Add the LDAP server
wsadmin> AdminTask.createIdMgrLDAPRepository('[-default true -id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -supportChangeLog none -certificateFilter -loginProperties uid]')
wsadmin> AdminTask.addIdMgrLDAPServer('[-id LDAP1 -host bluepages.ibm.com -port 389 -bindDN uid=8817222GB,c=gb,ou=bluepages,o=ibm.com -bindPassword passw0rd! -referal ignore -sslEnabled false -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter]')
wsadmin> AdminTask.updateIdMgrLDAPRepository('[-id LDAP1 -loginProperties [""]]')
wsadmin> AdminTask.updateIdMgrLDAPRepository('[-id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter -supportChangeLog none -loginProperties uid]')
Add the Base Entries
wsadmin> AdminTask.addIdMgrRepositoryBaseEntry('[-id LDAP1 -name o=ibm.com -nameInRepository o=ibm.com]')
wsadmin> AdminTask.addIdMgrRealmBaseEntry('[-name defaultWIMFileBasedRealm -baseEntry o=ibm.com]')
Validate the Admin Name ( wasadmin in file-based registry )
wsadmin> AdminTask.validateAdminName('[-registryType WIMUserRegistry -adminUser wasadmin ]')
Enable Global Security and set Federated Repositories to be default
wsadmin> AdminTask.setAdminActiveSecuritySettings('[-activeUserRegistry WIMUserRegistry -enableGlobalSecurity true]')
Set the LDAP search filters
wsadmin> AdminTask.updateIdMgrLDAPEntityType('[-id LDAP1 -name PersonAccount -objectClasses inetOrgPerson -searchBases ou=bluepages,o=ibm.com -searchFilter ]')
Save changes
wsadmin> AdminConfig.save()
Validate changes
wsadmin> AdminTask.listIdMgrRepositories()
should return: -
'{InternalFileRepository={repositoryType=File, host=LocalHost}, LDAP1={repositoryType=LDAP, specificRepositoryType=IDS, host=bluepages.ibm.com}}'
wsadmin> AdminTask.listIdMgrRepositoryBaseEntries('[-id LDAP1]')
should return: -
'{o=ibm.com=o=ibm.com}'
That's it, that's all she wrote :-)
