LDAP directory server configuration
When Security Verify Access is configured to use an LDAP-based user registry, such as IBM®Tivoli® Directory Server, WebSEAL must be configured as an LDAP client so it can communicate with the LDAP server.
The location of the LDAP server and its configuration
file ldap.conf
is provided during Security Verify Access runtime
configuration. A combination of stanza entries and values from the ldap.conf
and
the WebSEAL configuration file webseald.conf
provides
the appropriate information to WebSEAL as the LDAP client.
- WebSEAL determines that the configured user registry is an LDAP-based directory server.
- The following stanza entries in the [ldap] stanza
of
webseald.conf
are valid:host port ssl-port max-search-size replica auth-using-compare cache-enabled prefer-readwrite-server ssl-enabled ssl-keyfile ssl-keyfile-dn timeout auth-timeout search-timeout default-policy-override-support user-and-group-in-same-suffix login-failures-persistent
- Additionally, the values for the following stanza entries in
ldap.conf
override any existing values inwebseald.conf
:host port ssl-port max-search-size replica
For information about the stanza entries, see the Web Reverse Proxy Stanza Reference topics in the IBM Knowledge Center.