Hello,

If we are using LDAP for application user authentication,then does that LDAP users gets list anywhere in WAS console options like underneath "User and Group"?

Issue:-User wants his "ABC" application's access to be stricted to group of users as per their roles/designation say for instance "Manager" would have access to 7 functionality in ABC application whereas "VP" would have 10 etc etc.So user have created 7 roles in code via web.xml file and now they are reflecting in WAS Console path "All Applications > My-APP > Security role to user/group mapping".

While Navigating to "Manage User or group" in WAS console ,I don't see any Application user name(LDAP user) getting listed,only user who have been given access to WAS console name reflects.

It is working as designed. The Application users are specific to the application.  The Manage Users/Groups are for WebSphere users/groups.

Please check these pages:
https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/usec_sec_domains_edit.html

https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/csec_sec_multiple_domains.html
I guess  "application security" is not enabled

Kind Regards

Hello Marika/Fabio,

Thank you for you reply.

2 days ago we got in con- call with IT architect ,Developer and Application team.Wherein to fix this issue it was concluded that Application team has to make some changes in Application JAVA code and LDAP roles/groups would have to be created on LDAP server not on WAS server.