Active Directory user repository in WPS

If you are configuring WebSphere Portal to use either Active Directory or Active Directory Application Mode (ADAM) as the LDAP user registry, then it is critical to set up the user search filter correctly or else you are going to run into issues with users not being able to authenticate. We have a client for whom we are using ADAM wherein ADAM is used for the Portal LDAP and it syncs up with Active Directory. Well, my portal administrator who is working on that project ran into a problem with Portal users not being able to authenticate successfully.

This issue occurs for all users except for the initial test user who happened to have his cn set to the same value as his sAMAccountName. I took a look into the issue and very quickly it was apparent where the problem lay. Essentially, the LDAPUserFilter in was set to (&(cn=%v)(objectclass=user)) as is recommended for ADAM in the Info Center. However, what this implies is that users must specify their “common name” instead of their sAMAccountName to login - obviously not a good scenario. Instead, the LDAPUserFilter in should be set to (&(|(cn=%v)(samAccountName=%v))(objectclass=user)) to allow users to login using their sAMAccountName or their common name. This is correctly suggested as the user search filter for Active Directory in the InfoCenter.