Datapower Active Directory RBM Authentication

Below is good resources on setting up Datapower Active Directory for login into a Datapower Appliance:

Below is my version on setting up Active Directory for Datapower and it works:

Step 1: Navigate to Administration -> RBM Settings

Step 2: Make sure your Main page looks like the following:

Step 3: Navigate to the Authentication Tab

Specify your Active Directory Server Host, Port Number (default 389), LDAP version and enable Search LDAP for DN

Your Bind DN will look something like:

CN=,OU=Application Specific Resources,OU=Enterprise Configuration & Resources,DC=,DC=,DC=

Note: Set Local Login as Fallback to login to your appliance. This is for when LDAP fails you still have access to the appliance.

Your LDAP Search Parameter will looks like follows:

Your LDAP Base DN will look something like:

OU=User Accounts,DC=,DC=,DC=

Step 4: Navigate to the Credentials Tab and select Mapping Credentials Method -> xmlfile

Disable: Search LDAP for Group Name

Create a new RBM Policy URL by clicking on the + . Navigate to the wizard till u get to: Access Profile Mapping.

Your Credential Name will look something like: OU=User,OU=Business Unit,OU=User Account,DC=,DC=,DC=


  1. Thomas Munn says:

    I tried this, didn’t work. My domain was ‘’ and not sure if we leave the rest dc=dc=dc=? what would be a properly formatted base dn look like? NOt spelled out ANYWHERE on internet!

  2. symgryph says:

    I worked with IBM and have a wordpress BLOG about the experience. Includes everything.

    Enable LDAP authorization for datapower with microsoft active directory

  3. Muthu says:

    I am trying to configure my XI150 datapower,
    Requirement: I want to use ldap for authorizing a particular resource ” the back end URL – mobile.wsdl ”

    I am extracting “username” from an ssl certificate subject name, and using AAA info file to map the username to an “resource”.
    how to make DP to submit the above two value “username” & “resource” to an ldap server, and if both attribute are matched then authorize. I don’t want to RBM, Only authorization need to be checked against ldap.

    Can any one guide how to do this.

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s