uid=wasadmin,cn=users,dc=webspherenotes,dc=com but not with wasadmin as user name. So i did some investigation it seems that the value of User Filter field on "Advanced Lightweight Directory Access Protocol(LDAP) user registry settings" page was not correct the value of objectclass was ePerson. When i changed it to inetOrgPerson it worked.
I think now i understand how to figure out what value to use for both User Filter, Group Filter and DN and how to verify those values.
Basic idea is that the value of DN should be equal to the context at which you want to start executing the search Ex. In my case i am using
dc=webspherenotes,dc=com as base DN and (&(uid=%v)(objectclass=inetOrgPerson)) as User filter and Now when i try to login into WAS with say wasadmin user, WAS will take the DN and start search at that location, it will take the user name that i used for login replace the %v in the user filter with that and search for
(&(uid=wasadmin)(objectclass=inetOrgPerson)). If the search is able to return one record then the password will be verified. You can try this manually using the LDAP browser like this.
You should be able to locate the wasadmin user record like this
Similarly when WAS wants to search for the groups it will take the group filter replace %v with the group name and search for it.
No comments:
Post a Comment