When you try to enable global security with ldap authentication you get the following error when configuring your ldap repository (IBM Directory Server): The administrative user ID does not exist in the user repository. Reason: The bind user must be searchable. This means that an ldapsearch with this user as bind user must return his own entry. If this does not work, you have to add an aclEntry: vi change-was7101-aclentry.ldif dn: uid=was7101,cn=mygroup,cn=admusr,o=mycomp aclentry: access-id:UID=WAS7101,CN=MYGROUP,CN=ADMUSR,O=MYCOMP:normal:rsc $ ldapmodify -h myhost -x -D "cn=root" -w ******* -f change-was7101-aclentry.ldif modifying entry "uid=was7101,cn=mygroup,cn=admusr,o=mycomp" Now user was7101 can do an ldapsearch to find itself and therefore you can use it to configure you LDAP repository. This article gave me the hint: http://www-01.ibm.com/support/docview.wss?rs=767&uid=swg21219253
Kommentare