Change LDAPUserFilter after executing enable-security-wmmur-ldap - Websphere

This is a discussion on Change LDAPUserFilter after executing enable-security-wmmur-ldap - Websphere ; Hi, all. I enable security by executing enable-security-wmmur-ldap. It's ok. Now I have to change LDAPUserFilter property. How I can to do it? Should I execute some configuration task?...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Change LDAPUserFilter after executing enable-security-wmmur-ldap

  1. Change LDAPUserFilter after executing enable-security-wmmur-ldap

    Hi, all.
    I enable security by executing enable-security-wmmur-ldap.
    It's ok. Now I have to change LDAPUserFilter property.
    How I can to do it? Should I execute some configuration task?

  2. Re: Change LDAPUserFilter after executingenable-security-wmmur-ldap

    When you are using WMMUR, LDAPUserFilter in wpconfig.properties is not really used. You need to make changes in wmm.xml. What kind of change do you want to make?

    -FF

    The postings on this site are my own and do not necessarily represent the positions, strategies or opinions of IBM.

  3. Re: Change LDAPUserFilter after executingenable-security-wmmur-ldap

    In my LDAP(it Active Directory) we have some disabled users their name equal to other user in other domain. For example

    CN=user1,CN=users,DC=company,DC=com - disabled user
    CN=user1,CN=users,DC=managers,DC=company,DC=com - enabled user

    Now user1 can't login to portal. Log message is

    {code}[7/16/09 17:07:48:946 MSD] 00000049 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is WMM-UR: Multiple users found with the security name "testuser_1"..{code}

    So I want to filter disabled user

    I found searchFilter attribute in

    {code}





    {code}

    Disabled user "testuser_1" don't match searchFilter(check in JExplorer tool) but exception still appear.

  4. Re: Change LDAPUserFilter after executingenable-security-wmmur-ldap

    I search testuser_1 in Administrative Portlet so when attribute searchFilter present
    I can found only one user, if I remove it, two user found. So filter work when I search user.
    How can I filter users who can login to portal?

  5. Re: Change LDAPUserFilter after executingenable-security-wmmur-ldap

    It's not a good idea to have the complicate searchfilter, especially the "negation", because it can have performance impact. If the user is disabled, can you just delete it? Or you can keep an LDIF of the user. When it's needed, create it with the LDIF.

    -FF

    The postings on this site are my own and do not necessarily represent the positions, strategies or opinions of IBM.

+ Reply to Thread