opends Archive

Websphere Application Server configuration with LDAP Server

 Security is a critical aspect of any distributed application model. Most of the firms have a centralized repository of the users in LDAP servers like Active Directory, Novell LDAP.

This post illustrates how you can configure authentication to the WebSphere Application server using an Open DS LDAP  commonly reffered as WebSphere LDAP configuration.

Open DS is a freeware and can be downloaded from the below site.

Steps to configure:

1.       Setting up the global security.

Global security configuration applies to the security policy for all administrative functions and is used as a default security policy for user applications. Security domains can be defined to override and customize the security policies for user applications.

Login to WebSphere 7 admin console, navigate to Security –> Global Security.


Global security settings

Global security settings

2.       Enable administrative security option.

3.       Configure user account repository.

Select “Standalone LDAP Registry” from the drop down of “User Account Repositoryà configure

4.       Define the LDAP configuration details in the next page.

Specify the below properties.

Primary administrative user name:  Specifies the name of a user with administrative privileges that is defined in your custom user registry

Type of LDAP Server: Since we are using Open DS for the illustration, select ‘Custom’ from the drop down.



Click on “Test Connection” button to check the ldap configuration settings. Save the changes

5.       Modify the Advanced LDAP User Registry Settings.

Define the User Filter to use (objectclass=inetOrgPerson), since it resonates to the LDAP user registry objectclass settings.

6.       Set the LDAP registry as Current realm definition.


7.       Restart the WebSphere Application server.

8.       Login into the admin console using the operator from the LDAP Server.


For further reading:



Wonders Team

Configuring OpenDS with Weblogic Server

Download Install and Configure OpenDS.

I used the following LDIF as BASE while installing OpenDS.

dn: dc=oracle,dc=com
dc: oracle
objectClass: domain
objectClass: top

dn: ou=TEST, dc=oracle,dc=com
ou: TEST
objectClass: organizationalUnit
objectClass: top

dn: cn=faisal,ou=TEST, dc=oracle,dc=com
uid: faisal
userPassword:: e1NTSEF9dnhBYUZKRzBONmwzWTdRMHBQRmdiczZrRHd5VUNwWCtCQTdlaHc9PQ
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
givenName: Faisal
sn: Khan
cn: faisal

dn: cn=testuser,ou=TEST, dc=oracle,dc=com
uid: testuser
userPassword:: e1NTSEF9YXpZckZodWpla1FjWUNqcFJDQlRUeFRjOGNPa0NtaTF1a1hqWUE9PQ
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
givenName: testuser
sn: testuser
cn: testuser

dn: cn=TestGroup,ou=TEST, dc=oracle,dc=com
description: TestGroup
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=faisal,ou=TEST,dc=oracle,dc=com
cn: TestGroup

Create an LDAP Authenticator.

Home >Summary of Security Realms >myrealm >Providers > Create New LDAPAuthenticator.


In the Provider Specific Tab provide the following details:

PORT : 1389
Principal : cn=faisal,ou=TEST, dc=oracle,dc=com
User Base DN : ou=TEST, dc=oracle,dc=com
Credentials : XXXXXXXXXXX
Group Base DN : ou=TEST, dc=oracle,dc=com

Leave the rest as default.

Now go to

Home >Summary of Security Realms >myrealm >Providers >Realm Roles
Expand Global Roles -> Expand Roles -> Click on View Role Conditions of the Admin Role -> Click on Add Conditions -> Select User in Predicate List -> Click Next -> In User Argument Name ADD faisal and FINISH -> Click Save

Change the control flag of the Default Authenticator as SUFFICIENT.

Log out and log in as faisal !


<sec:authentication-provider xsi:type=”wls:ldap-authenticatorType”>
<wls:principal>cn=faisal,ou=TEST, dc=oracle,dc=com</wls:principal>
<wls:user-base-dn>ou=TEST, dc=oracle,dc=com</wls:user-base-dn>
<wls:group-base-dn>ou=TEST, dc=oracle,dc=com</wls:group-base-dn>