6.6.18.8: Use Microsoft Active Directory as the LDAP server to authenticate WebSphere Application Server as the LDAP server, there are several specific steps you must complete. By default, Microsoft Active Directory does not allow an anonymous LDAP query. To make an LDAP query or browse directory, the LDAP client must use a proprietary name (DN) of an account to the LDAP server, which belongs to the "Administrator" group of the Windows system.
To set Microsoft Active Directory to your LDAP server, follow the following procedures:
Determine the full DN and passwords of the account in the Administrators group. For example, if the Active Directory administrator creates an account in the "User" folder of the Active Directory user with the computer "Windows NT / 2000 Control Panel, and the DNS domain is IBM.com, the result DN has the following structure: CN = < AdminuserName>, CN = Users, DC = IBM, DC = COM determines the short name and password of any account in Microsoft Active Directory. It does not have to be the same as the account used in the previous step. Use the WebSphere Application Server management console to set the information you need to use Microsoft Active Directory:
Start the management server in this domain if necessary. Start the management console when necessary. On the Management Console, click the console in the console menu bar -> Security Center. Select the authentication tab page. Among them, select "Lightweight Third Party Certification" (LTPA) as an authentication mechanism. Enter the following information in the LSAP Set field:
Safety Server Identity: A short name security server password of the account selected in step 2: Password catalog type of the account selected in step 2: Active Directory Host: The DNS name of the machine running Microsoft Active Directory is basically Name: The domain components of the account DN selected in step 1. For example: DC = IBM, DC = COM Binding Excellent Name: The full DN of the account selected in step 1. For example: CN =
