LDAP directory server configuration

When Security Verify Access is configured to use an LDAP-based user registry, such as IBM®Tivoli® Directory Server, WebSEAL must be configured as an LDAP client so it can communicate with the LDAP server.

The location of the LDAP server and its configuration file ldap.conf is provided during Security Verify Access runtime configuration. A combination of stanza entries and values from the ldap.conf and the WebSEAL configuration file webseald.conf provides the appropriate information to WebSEAL as the LDAP client.

• WebSEAL determines that the configured user registry is an LDAP-based directory server.
• The following stanza entries in the [ldap] stanza of webseald.conf are valid:

  host
  port
  ssl-port
  max-search-size
  replica
  auth-using-compare
  cache-enabled
  prefer-readwrite-server
  ssl-enabled
  ssl-keyfile
  ssl-keyfile-dn
  timeout
  auth-timeout
  search-timeout
  default-policy-override-support
  user-and-group-in-same-suffix
  login-failures-persistent

• Additionally, the values for the following stanza entries in ldap.conf override any existing values in webseald.conf:

  host
  port
  ssl-port
  max-search-size
  replica

For information about the stanza entries, see the Web Reverse Proxy Stanza Reference topics in the IBM Knowledge Center.