Testing your LDAP configuration

To ensure that LDAP is working properly, complete the following test.


  1. Ensure that you configured HCL Commerce to use LDAP.
  2. If the HCL Commerce site administrator user, for example, wcsadmin, exists on the LDAP server but is not directly under the root organization in the LDAP server, the user should be deleted from the LDAP server to avoid data conflicts. However, if the user already exists in LDAP but is directly under root organization, then it does not have to be deleted, and authentication for this user will done using the password in LDAP. In most cases, the user does not already exist on the LDAP server, but only in HCL Commerce database. This user will automatically be synchronized to the LDAP server when the user first logs on to HCL Commerce.

    After the user is synchronized to the LDAP server, the LOGONID value in the USERREG database table for this user will be changed from the short name to the full DN format. For example, it will be changed from "wcsadmin" to "uid=wcsadmin,o=root organization". If for some reason you delete the user from the LDAP server after synchronization has already taken place, you need to update USERREG.LOGONID back to the short name format, and delete the entry for this member in the WMMMAP table. The WMMMAP table maps HCL Commerce members to the corresponding entry in Virtual Member Manager (LDAP).

  3. Login to Organization Administration Console with the HCL Commerce site administrator logon ID. For example, wcsadmin.
  4. Check your LDAP server to ensure that the HCL Commerce site administrator user appears under the root organization. Also check USERREG.LOGONID for this user to ensure it is in the DN format. For example, uid=wcsadmin,o=root organization.
  5. Log out from the Organization Administration Console. If this was the first time that the site administrator user was synchronized with LDAP, repeat steps 3 and 4 to ensure LDAP is configured correctly with HCL Commerce.
  6. Create a new user under the root organization on your LDAP server.
  7. Try to login to Organization Administration Console with the new user's short name. You should receive the following error:

    User does not have the proper authority to logon. This error indicates that the user ID was resolved, but does not have rights to access the Organization Administration Console.

    If you receive any other error message, then the authentication has failed and either the user creation was done incorrectly or the LDAP server is not configured correctly to work with HCL Commerce.

  8. Login to Organization Administration Console with your HCL Commerce site administrator user.
  9. Assign to the new user the Buyer Administrator role in the root organization.
  10. Logout from the Organization Administration Console
  11. Login to HCL Commerce Accelerator with the new user. A successful login indicates that LDAP is configured correctly to work with HCL Commerce.
  12. (Recommended) In the Organization Administration Console, remove the Buyer Administrator role from the new user. This step is for security precaution to prevent anyone from using the new user to make unauthorized changes to HCL Commerce.