Creating WebSphere and Learning Management System Administrator Accounts
You need at least two accounts in the LDAP directory to complete the installation of the IBM Lotus Learning Management System: an account for the WebSphere administrator and an account for the Learning Management System administrator. To create these accounts, you can either import an LDIF file or create the entries by hand. For instructions on importing LDIF files in IBM Directory Server, please consult the Directory Server Online Help. To create these entries by hand:
1.Start the Directory Management Tool: Start - Programs - IBM Directory Server - Directory Management Tool. Note that each time you start the Directory Management Tool, you need to include a binding and password that identifies the administrator of the directory. These are created when Directory Server is installed. The default binding created during installation is cn=root.
2.Choose Directory tree - Browse tree.
3.Select the entry in the tree under which you want to add the new entry, and then click Add. For example, to add the user accounts at the organization level, select your organization identifier, such as o=ibm, and then click Add.
4.Select the User Entry type.
5.For Parent DN, enter the distinguished name of the tree entry you selected (for example, o=ibm) if this is different from the entry selected in the
6.Entry RDN – Enter the relative distinguished name (RDN) of the entry that you are adding (for example, cn=wasadmin).
7.Click OK to continue and to open the ‘Add and LDAP User dialog:
8.In the ‘Add an LDAP User’ dialog, select inetOrgPerson for object class (which is the default object class for new entries). The DN (distinguished name) should be populated automatically, as should the Common Name. It is not necessary to enter a value for sn for this account. You must enter a userPassword on the Business tab and a uid on the Other tab, and you may fill in any other details you wish.
9.Repeat these steps to create the lmsadmin account.
WebSphere Application Server and LDAP User filter strings
In WAS, you must specify an LDAP user filter that searches the registry for users. This option is typically used for Security Role to User assignments. It specifies the property by which to look up users in the directory service.
For example, in the syntax example (&(uid=%v)((objectclass=inetOrgPerson)(objectclass=ePerson))), users are looked up based on their user IDs and the fact that the person entries have either inetOrgPerson or ePerson (or both) set as their objectclass attribute. For more information about this syntax, see the LDAP Directory Service documentation.
To view this administrative page in the WAS Administration Console, click Security- User Registries- LDAP- Advanced LDAP settings.
Additional LDAP information and guidelines
When setting up a Domino LDAP directory with the Learning Management System, make sure that it has full text indexing enabled as this significantly shortens the time for user rostering by file.
20 IBM Lotus LMS Release 1 Installation Guide
