WBSP-AS-001010 - The WebSphere Application Server LDAP user registry must be used.

Information

To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. This is typically accomplished via the use of a user store which is either local (OS-based) or centralized (LDAP) in nature.

To ensure support to the enterprise, the authentication must utilize an enterprise solution.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

In the administrative console, click Security >> Global security.

Under 'User account repository', click the 'Available realm definitions' drop-down list.

Select 'Standalone LDAP' registry.

Click 'Configure'.

Provide the Primary Administrative user name, type of LDAP server, hostname for the LDAP server, define the Base distinguished name.

Click 'OK'.

On 'Global security' panel, click 'Set as current'.

Click 'Apply'.

Click 'Save'.

Recycle and synchronize the JVMS.

See Also

http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, CAT|II, CCI|CCI-000764, Rule-ID|SV-96013r1_rule, STIG-ID|WBSP-AS-001010, Vuln-ID|V-81299

Plugin: Unix

Control ID: 501855642d523fa7bcb10ad9dffe68f3a6ee3e80066130f643fd3f85d6f24d73