Policy Server Guides › Policy Server Configuration Guide › Administrative User Interface Management › SiteMinder Administrators › How to Configure an External Administrator Store › Configure an LDAP Administrator Store Connection

Configure an LDAP Administrator Store Connection

Configure the connection to change the source of administrator identities from the policy store to the external store.

To configure the external store connection

1. Click Administration, Admin UI, Configure Administrative Authentication.
   • If you are configuring an external administrator store for the first–time, the Configure Administrative Authentication wizard appears.
   • If the Administrative UI is configured with an external administrator store, the connection details appear. Click OK to start the Configure Administrative Authentication wizard.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

2. Select a directory server vendor from the Directory type list and click Next.

   The wizard prompts you for connection details.

3. Do the following:
   1. Type the IP address or the fully qualified domain name of the directory server host system in the Host field.

      Important! If multiple Administrative UI instances are to use the same administrator authentication store, take note of the network identifier you enter. Mixing network identifiers for multiple Administrative UI connections to the same external administrator authentication store is not supported.

      Example: If you configure the first connection with 172.16.0.0, create subsequent connections with 172.16.0.0. If you configure the first connection with comp001@example.com, create subsequent connections with comp001@example.com.

   2. Type the port on which the directory server is listening in the Port field.

      Important! If you are configuring the connection over SSL, be sure to enter an SSL–enabled port. If you do not enter an SSL–enabled port, the Administrative Authentication wizard becomes unresponsive when you click Next.

   3. (Optional) Select the Use SSL check box and upload a Certificate Authority (CA) certificate to enable SSL communication between the Administrative UI and the administrator store.

      Note: The directory server must be configured to communicate over SSL. For more information about configuring the directory server for SSL, see your vendor–specific documentation.

   4. Type the common name and password of a directory server user in the respective fields.

      Note: This user must have read/write permissions to the directory server.

   5. Click Next.

   The wizard prompts you for object class information.

4. Do the following:
   1. Type the directory server search root in the Search Root field.
   2. Use the shuttle controls to add and remove the object classes that apply to the SiteMinder administrators.
   3. Click Next.

   The wizard prompts you to specify the individual attributes required to map to your administrative users. The lists populate with the attributes in your directory server that are likely to identify each attribute.

5. Select the mnemonic attribute string that maps to each of the required attributes and click Next.

   The wizard prompts you to search for a user.

   Important! User must not point to any attribute that is used or written to by the LDAP or any other applications otherwise you may always be redirected to the /logout.jsp page and unable to login to WAMUI.

6. Enter all or part of the user name in the Keywords field.

   Users matching the search criteria appear.

7. Select a user and click Next.

   Note: You can only select one user. The user you select becomes the super user when the connection is configured.

   A summary screen appears.

8. Confirm the connection details and click Finish.

   The connection to the external store is configured.