Not able to login with users short name

When i was trying to setup the Stand-alone LDAP Registry, i was able to setup the registry but i was not able to login into WAS with Users short name. Ex. I was able to login with uid=wasadmin,cn=users,dc=webspherenotes,dc=com but not with wasadmin as user name.

So i did some investigation it seems that the value of User Filter field on "Advanced Lightweight Directory Access Protocol(LDAP) user registry settings" page was not correct the value of objectclass was ePerson. When i changed it to inetOrgPerson it worked.

I think now i understand how to figure out what value to use for both User Filter, Group Filter and DN and how to verify those values.

Basic idea is that the value of DN should be equal to the context at which you want to start executing the search Ex. In my case i am using dc=webspherenotes,dc=com as base DN and (&(uid=%v)(objectclass=inetOrgPerson)) as User filter and as group filter.

Now when i try to login into WAS with say wasadmin user, WAS will take the DN and start search at that location, it will take the user name that i used for login replace the %v in the user filter with that and search for (&(uid=wasadmin)(objectclass=inetOrgPerson)). If the search is able to return one record then the password will be verified. You can try this manually using the LDAP browser like this.



You should be able to locate the wasadmin user record like this



Similarly when WAS wants to search for the groups it will take the group filter replace %v with the group name and search for it.

No comments: