Using LDAP on iSeries to authenticate a user

Hi,

We have a web application on Websphere 6.1 (running on a RedHat server), we wish to process the logon to the server initially using LDAP against an iSeries account, then once authenticated and session established on Websphere server - we use webservices (RPG programs using HTTP CGI) that require a login in the HTTP header to run.

I need to know if I can process a "user and password are valid" operation through LDAP, i have always used the AS400Connection java objects from IBM to check users and passwords before.

The IBM documentation regarding HTTP servers running LDAP appear to indicate a usage more suited to an address book or information lookup rather than as a loging checking mechanism.

Can anyone tell me what i need to do with LDAP to allow us to process log on authentication?

Many thanks
LVL 1
ProgrammingSmurfAsked:
Who is Participating?
 
Gary PattersonConnect With a Mentor VP Technology / Senior Consultant Commented:
Default configuration means the AS/400 LDAP server is started with it's default configuration as shipped from IBM.  Variations to default configuration can change behaviour.  If the code doesn't work, check with whoever configured your LDAP server and determine if LDAP config changes were made that interfere.

- Gary Patterson
0
 
Gary PattersonVP Technology / Senior Consultant Commented:
Assuming AS/400 LDAP is configured in it's default configuration, if all you want to do is verify that an AS/400 user id / password pair is valid via LDAP, just bind using a projected user and the correct password:

os400-profile=MYPROFILE,cn=accounts,os400-sys=my-system.acme.com

Basic sample Java code:

http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html

Unless you use SSL, this information flows in the clear.  

This also doesn't help you much if you have multiple applications, and you need to provide selective access to these applications to a group of users, or if you want to provide various application-level rights to users (view versus update).

The WAS 6.1 Security Redbook explains web application security (including LDAP) in detail:

http://www.redbooks.ibm.com/redbooks/pdfs/sg246316.pdf

- Gary Patterson
0
 
ProgrammingSmurfAuthor Commented:
Hi,

I am sorry for the late reply ...

When you say LDAP running in dft config - i can see the Directory server running which has (LDAP) in the text ... is this the same thing?

Thank you for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.