Using Microsoft Active Directory for authentication
WebSphere® Application Server supports the Microsoft Active Directory. Many installations use the Microsoft Active Directory as their primary component for managing user authentication and user data. Authenticating a user across multiple repositories or across a distributed Lightweight Directory Access Protocol (LDAP), such as a Microsoft Active Directory forest can be challenging. In any search of the whole registry, if there is more than one match at run time, authentication fails because ambiguous matches result.
About this task
Authenticating users across trees or forests can be
a difficult task and the following steps should be performed.
Note: You must ensure that the Microsoft Windows Computer
Browser Service is enabled in your operating system when the following
conditions are true:
- Your primary domain is managed by Microsoft Active Directory.
- The Primary Domain Controller (PDC) exists in a different subnet from WebSphere Application Server.
- You set the user registry for WebSphere Application Server to local OS and not Lightweight Directory Access Protocol (LDAP).
Procedure
Results
What to do next
Avoid trouble: When you select any
of these scenarios, consult appropriate Microsoft Active Directory information
to completely understand any implications the scenarios might have
on your configuation planning.