Setting up the LDAP for integration with IBM Web Content Manager

Set up a Lightweight Directory Access Protocol (LDAP) server to work between WebSphere Commerce and IBM Web Content Manager on your staging environment. LDAP is an application protocol that can be used to access directory services and information that is shared between the applications through the WebSphere Application Server.

WebSphere Commerce can be configured to use one or more LDAP servers as the master user repository instead of the WebSphere Commerce database. This configuration is typically done when multiple applications must share a common user repository. In this configuration, user and organization data in the WebSphere Commerce and IBM Web Content Manager databases are synchronized on the LDAP server.

Deprecated featureIf WebSphere Commerce is already integrated with WebSphere Portal, you can use the same LDAP configuration.

For more information about LDAP, see Configuring directory services (LDAP) with WebSphere Commerce.

Before you begin

Ensure that an existing LDAP server is installed and configured. To configure an LDAP server, see Preparing the LDAP server for use with WebSphere Commerce.
Ensure that the database is started.
Restart your WebSphere Commerce instance.

Procedure

Update the Solr server configuration file to set the authentication information to ensure that the integration single sign-on can be enabled.
1. On the WebSphere Commerce machine, go to the following directory:
  WC_eardir/xml/config/com.ibm.commerce.catalog-ext
2. Open the wc-search.xml file for editing.
3. Search for the string <_config:server name="AdvancedConfiguration_1">.
4. Update the file to include the user ID and encrypted password for the Solr WebSphere Application Server administrative user. Add the following code after the string that you found:
```
<_config:common-http 
  ....
  securityEnabled="true" adminUserId="Administrator" 
  adminUserPassword="<encryptedPassword>" />
```
5. Save and close the file.

Set up LDAP for WebSphere Commerce in the staging environment. Ensure that the administrative user and password that you specify in the following steps does not already exist on the LDAP server for federated repositories.

Start, or restart the WebSphere Commerce server.
Open the WebSphere Commerce Integration Wizard.
- WC_installdir/bin/WCIntegrationWizard.sh
- WC_installdir\bin\WCIntegrationWizard.bat
Verify the prerequisites. Click Next.
Select your WebSphere Commerce instance name. Enter and confirm your database password. Click Next.
Select WebSphere Application Server security with Federated Repositories as the integration task. Click Next.
Enter the information specific to your LDAP server to configure LDAP as the user repository for the WebSphere Commerce instance.
The following fields are available, depending on your LDAP server configuration:
- LDAP type
- LDAP host name
- LDAP port
- Enable SSL option
- Truststore file path (Java keystore format)
- Truststore password and verification
- LDAP administrator DN
- LDAP administrator password and verification
- WebSphere Commerce root organization DN
- WebSphere Commerce default organization DN
- User RDN prefix
- User object class
- Organization object class
- Organizational unit object class
For more information about these fields, see the WC_installdir/components/ldap/properties/vmm.properties file.
After you enter the information specific to your LDAP server, click Next.
Note: The LDAP administrator DN and password is not used at run time. The LDAP administrator DN is used only by the WebSphere Commerce Integration Wizard to ensure that the specified Default Organization and Root Organization exist on the LDAP server.
Enter the information specific to your LDAP server to configure WebSphere Application Server security for the WebSphere Commerce instance.
The following fields are available, depending on your LDAP server configuration:
- Realm name
- WebSphere Application Server primary administrative user. This is the user that you included in the wc-search.xml file in step 1
  Ensure that you specify a user that does not exist in any of the federated repositories (LDAP server or WebSphere Application Server file repository) to create the user in the WebSphere Application Server file repository: wasprofile\config\cells\localhost\fileRegistry.xml. This user ensures that the primary administrative user can log on to the WebSphere Application Server administrative console, even when the LDAP server is unavailable.
- WebSphere Application Server primary administrative user password and verification
- LDAP base DN
- LDAP bind DN
- LDAP bind DN password and verification
- LDAP user search filter string
For more information about these fields, see the WC_installdir/components/ldap/properties/vmm.properties file.
Click Next.
Click Next. Verify the summarized information.

Click Next.

A confirmation message displays:

WebSphere Commerce integration has successfully completed

Click Finish to complete the WebSphere Commerce Integration Wizard.
Verify that the configuration is complete.
Search for the "Feature 'ldap' enablement completed successfully." string in the log file:
- WC_installdir/instances/instance_name/logs/enableldap_timestamp.log
Restart the WebSphere Commerce server.
Set up LDAP for IBM Web Content Manager. Ensure that the administrative user and password that you specify in the following steps does not already exist on the LDAP server for federated repositories.
1. On the WebSphere Portal Server, open the file system for the WebSphere Application Server.
2. Navigate to the following directory:
  - /IBM/WebSphere/profile_name/ConfigEngine/properties
  - \IBM\WebSphere\profile_name\ConfigEngine\properties
3. Open the wkplc.properties file for editing.
4. Locate the WebSphere Application Server properties section in the file.
  Add the following property for the WebSphere Application Server password
```
WasPassword=your_password
```
5. Locate the WebSphere Portal configuration properties section in the file.
  Add the following property for the WebSphere Portal password
```
PortalAdminPwd=your_password
```
6. Locate the Federated security properties section in the file.
  Add the values for the following properties for the LDAP configuration:
  
  federated.ldap.id
  
  This value specifies a unique identifier for the repository within the cell. During an update, this value must match the ID of the repository to be updated. Characters that are not allowed in normal XML strings( & < > " ' ) cannot be used in the repository ID. This value should be no longer than 36 characters.
  
  federated.ldap.host
  
  This value specifies the host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name. During an update, this value must match the ID of the repository to be updated.
  
  federated.ldap.port
  
  This value specifies the LDAP server port.
  
  federated.ldap.bindDN
  
  This value specifies the distinguished name for the application server to use when binding to the LDAP repository.
  
  federated.ldap.bindPassword
  
  This value specifies the password for the application server to use when binding to the LDAP repository.
  
  federated.ldap.ldapServerType
  
  This value specifies the type of LDAP server to which you connect.
  
  federated.ldap.baseDN
  
  This value specifies the LDAP base entry.
7. Save and close the file.

Open a command-line utility. Go to the following directory:
- /IBM/WebSphere/profile_name/ConfigEngine/
- \IBM\WebSphere\profile_name\ConfigEngine\
Run the task command to enable LDAP for the WebSphere Portal and IBM Web Content Manager.
```
ConfigEngine.bat wp-create-ldap
```
Restart the WebSphere Portal Server.