ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/sec/secldaps.htm

27 lines
2.2 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Supported directory services</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h6><a name="secldaps"></a>Supported directory services</h6>
<p>WebSphere Application Server - Express security supports several different LDAP servers. For a list of supported servers, see <a href="http://www.ibm.com/software/webservers/appserv/doc/latest/prereq.html" target="_">WebSphere Application Server: Supported hardware and software</a> <img src="www.gif" width="19" height="15" alt="Link outside Information center"> (http://www.ibm.com/software/webservers/appserv/doc/latest/prereq.html).</p>
<p>It is expected that other LDAP server function as long as they follow the LDAP specification. Support is limited to these specified directory servers only. You can use any other directory server by using the custom directory type and by filling in the filters required for that directory. For more information, see <a href="seccldfi.htm">Configure LDAP search filters</a>.</p>
<p>To improve performance for LDAP searches, the default filters for IBM Directory Server, iPlanet Directory Server, and Active Directory have been defined such that when you search for a user, the result contains all the relevant information about the user (user ID, groups, and so on). As a result, the product does not call the LDAP server multiple times. This definition is possible only in directory types that support searches where the complete unser information is obtained.</p>
<p>Also, if you use the IBM Directory Server, enable the <strong>Ignore case</strong> flag in the administrative console. This flag is required because when the group information is obtained from the user object attributes, the case is not the same as the one that is obtained when you obtain the groups information directly. For the authorization to work in this case, perform a case insensitive check and also verify the requirement for the <strong>Ignore case</strong> flag.</p>
</body>
</html>