Using wsadmin to enable an LDAP Federated Repository in WebSphere Application Server 8.5

This article is somewhat of an aide memoire for me, allow me to remember how to enable WebSphere Application Server to talk to an LDAP server, without needing to use a GUI :-)

I pulled this together using my own WAS 8.5 VM running on RHEL 6.3, as ever, and a remote LDAP ( albeit IBM Tivoli Directory Server rather than Microsoft Active Directory ).

Start wsadmin client

$ cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin

$ ./wsadmin.sh -lang jython

List existing repositories

wsadmin> AdminTask.listIdMgrRepositories()

should return: -

'{InternalFileRepository={repositoryType=File, host=LocalHost}}'

Configure the Administrative User Registry ( assume that we're keeping the WAS admin in file-based registry )

wsadmin> AdminTask.configureAdminWIMUserRegistry('[-realmName defaultWIMFileBasedRealm -verifyRegistry false ]')

Add the LDAP server

wsadmin> AdminTask.createIdMgrLDAPRepository('[-default true -id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -supportChangeLog none -certificateFilter -loginProperties uid]') 

wsadmin> AdminTask.addIdMgrLDAPServer('[-id LDAP1 -host bluepages.ibm.com -port 389 -bindDN uid=8817222GB,c=gb,ou=bluepages,o=ibm.com -bindPassword passw0rd! -referal ignore -sslEnabled false -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter]')

wsadmin> AdminTask.updateIdMgrLDAPRepository('[-id LDAP1 -loginProperties [""]]')

wsadmin> AdminTask.updateIdMgrLDAPRepository('[-id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter -supportChangeLog none -loginProperties uid]')

Add the Base Entries

wsadmin> AdminTask.addIdMgrRepositoryBaseEntry('[-id LDAP1 -name o=ibm.com -nameInRepository o=ibm.com]')

wsadmin> AdminTask.addIdMgrRealmBaseEntry('[-name defaultWIMFileBasedRealm -baseEntry o=ibm.com]') 

Validate the Admin Name ( wasadmin in file-based registry )

wsadmin> AdminTask.validateAdminName('[-registryType WIMUserRegistry -adminUser wasadmin ]')

Enable Global Security and set Federated Repositories to be default

wsadmin> AdminTask.setAdminActiveSecuritySettings('[-activeUserRegistry WIMUserRegistry -enableGlobalSecurity true]')

Set the LDAP search filters

wsadmin> AdminTask.updateIdMgrLDAPEntityType('[-id LDAP1 -name PersonAccount -objectClasses inetOrgPerson -searchBases ou=bluepages,o=ibm.com -searchFilter ]') 

Save changes

wsadmin> AdminConfig.save()

Validate changes

wsadmin> AdminTask.listIdMgrRepositories()

should return: -

'{InternalFileRepository={repositoryType=File, host=LocalHost}, LDAP1={repositoryType=LDAP, specificRepositoryType=IDS, host=bluepages.ibm.com}}'

wsadmin> AdminTask.listIdMgrRepositoryBaseEntries('[-id LDAP1]')

should return: -

'{o=ibm.com=o=ibm.com}'

That's it, that's all she wrote :-)