Using LDAP on iSeries to authenticate a user

Hi,

We have a web application on Websphere 6.1 (running on a RedHat server), we wish to process the logon to the server initially using LDAP against an iSeries account, then once authenticated and session established on Websphere server - we use webservices (RPG programs using HTTP CGI) that require a login in the HTTP header to run.

I need to know if I can process a "user and password are valid" operation through LDAP, i have always used the AS400Connection java objects from IBM to check users and passwords before.

The IBM documentation regarding HTTP servers running LDAP appear to indicate a usage more suited to an address book or information lookup rather than as a loging checking mechanism.

Can anyone tell me what i need to do with LDAP to allow us to process log on authentication?

Many thanks
LVL 1
ProgrammingSmurfAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gary PattersonVP Technology / Senior Consultant Commented:
Assuming AS/400 LDAP is configured in it's default configuration, if all you want to do is verify that an AS/400 user id / password pair is valid via LDAP, just bind using a projected user and the correct password:

os400-profile=MYPROFILE,cn=accounts,os400-sys=my-system.acme.com

Basic sample Java code:

http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html

Unless you use SSL, this information flows in the clear.  

This also doesn't help you much if you have multiple applications, and you need to provide selective access to these applications to a group of users, or if you want to provide various application-level rights to users (view versus update).

The WAS 6.1 Security Redbook explains web application security (including LDAP) in detail:

http://www.redbooks.ibm.com/redbooks/pdfs/sg246316.pdf

- Gary Patterson
0
ProgrammingSmurfAuthor Commented:
Hi,

I am sorry for the late reply ...

When you say LDAP running in dft config - i can see the Directory server running which has (LDAP) in the text ... is this the same thing?

Thank you for your help.
0
Gary PattersonVP Technology / Senior Consultant Commented:
Default configuration means the AS/400 LDAP server is started with it's default configuration as shipped from IBM.  Variations to default configuration can change behaviour.  If the code doesn't work, check with whoever configured your LDAP server and determine if LDAP config changes were made that interfere.

- Gary Patterson
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.