Saturday, August 15, 2009

Allowing multiple login attributes in a non-realm environment

Question If you enable security with non-realm support, is it possible to allow users to log in with one of several possible attributes?
Answer Yes. You must update the userFilter in the LDAP settings in the WebSphere® Application Server administrative console. For example, given the case where administrative users have "uid" but not "cn", and non-administrative users have "cn" but not "uid", you can allow both sets of users to log in by updating the userFilter to accommodate both attributes:


Check with your LDAP administrator to verify the userFilter.

NOTE: By using multiple attributes for login, this will force the requirement of uniqueness across both attributes. If UserA's cn value is identical to UserB's uid value, problems could occur during login.