In our lab, we use Domino Directory Server as the LDAP users repository. If you want to use an existing LDAP Server other then Domino, make sure that it is V3 LDAP compliant.
Determine which Lightweight Directory Access Protocol (LDAP) attributes you want to use as the identifiers for IBM Connections users. Ensure that you have installed a supported LDAP directory.
file, and then run the populate_from_dns_files.bat
: For information about a limitation in environments with a Turkish locale, see the Base entry comparison for Turkish locale
To prepare to configure your LDAP directory with IBM WebSphere Application Server, complete the following steps:
- Identify LDAP attributes to use for the following roles. If no corresponding attribute exists, create one. You can use an attribute for multiple purposes. For example, you can use the mail attribute to perform the login and messaging tasks.
Collect the following information about your LDAP directory before configuring it for WebSphere Application Server:
- Display name
The cn LDAP attribute is used to display a person's name in the product user interface. Ensure that the value you use in the cn attribute is suitable for use as a display name.
- Log in
Determine the attributes that you want the users to use to log in to IBM Connections. For example, uid.
Note: The login name must be unique in the LDAP directory.
(Optional) Determine which attribute to use to define the email address of a use. The email address must be unique in the LDAP directory. If a user does not have an email address and does not have an LDAP attribute that represents the email address, that user cannot receive notifications.
- Global unique identifier (GUID)
Determine which attribute to use as the unique identifier of each user and group in the organization. This value must be unique across the organization.
- Directory Type: Identifies and selects a directory service from the available vendors and versions.
- Primary host name
- Bind distinguished name
- Bind password
- Certificate mapping
- Certificate filter, if applicable.
- LDAP entity types or classes: Identifies and selects LDAP object classes. For example, select the LDAP inetOrgPerson object class for the Person Account entity, or the LDAP groupOfUniqueNames object class for the Group entity.
- Search base: Identifies and selects the distinguished name (DN) of the LDAP subtree as the search scope, for example, select o=ibm.com to allow all directory objects underneath this subtree node to be searched. Examples for the Group Search, use the following LDAP attributesor: Group, OrgContainer, PersonAccount, or inetOrgPerson.
First you have to install an IBM Domino Server on designated machine, following the steps below:
- Choose a name for the server. Refer to the name that you created based on your structure.
- Identify the function of the server - for example, will it be a mail server or application server? On our lab we are using as mail server, the function of the server determines which tasks to enable during configuration.
- Decide whether the server is part of an existing Domino domain or is the first server in a new Domino domain.
- Our lab Domino is the first in a Domino domain, do the following:
- Install the server program files.
- Use the Domino server setup program to set up the server
- Complete network-related setup.
- Create organization certifier IDs and organizational unit certifier IDs as required by the hierarchical name scheme.
- Distribute certifier IDs to administrators.
- Implement Domino security.
- Perform additional configuration procedures, based on the type of services, tasks, and programs that you want to run on this server.
After the Domino installation, you have to setting up the LDAP service on Domino
Follow these steps to set up a server to run LDAP service:
- The LDAP task runs automatically on the administration server for the primary Domino Directory. On other servers in the domain, if configured, run the LDAP task manually
- If your organization uses more than one Global Domain document, specify the on that the LDAP services uses to return Internet address to LDAP clients. Open the Global Domain document. In the "Use as default Global Domain" field, choose Yes.
- To check whether you set up the LDAP service correctly, use an LDAP search utility such as ldapsearch provided with Domino, to issue a query to the LDAP service.
example from a group search: ldapsearch -D -w -b "o=itso" -s sub "(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))" dn
You have installed and enabled Domino to run LDAP services.