When you want to enable Active Directory Login with Datapower and your members are part of a Group you need to add the following to your LDAP Search Credintials:
Name: ldapsearch
LDAP Base DN: ou=groups,dc=ibm,dc=com
LDAP Filter Prefix: (&(member=
LDAP Filter Suffix: )(|(cn=administrators)(cn=architects)(cn=operations)))
Below is good resources on setting up Datapower Active Directory for login into a Datapower Appliance:
http://asimsaddal.sys-con.com/node/1103557/mobile
Below is my version on setting up Active Directory for Datapower and it works:
Step 1: Navigate to Administration -> RBM Settings
Step 2: Make sure your Main page looks like the following:
Step 3: Navigate to the Authentication Tab
Specify your Active Directory Server Host, Port Number (default 389), LDAP version and enable Search LDAP for DN
Your Bind DN will look something like:
CN=,OU=Application Specific Resources,OU=Enterprise Configuration & Resources,DC=,DC=,DC=
Note: Set Local Login as Fallback to login to your appliance. This is for when LDAP fails you still have access to the appliance.
Your LDAP Search Parameter will looks like follows:
Your LDAP Base DN will look something like:
OU=User Accounts,DC=,DC=,DC=
Step 4: Navigate to the Credentials Tab and select Mapping Credentials Method -> xmlfile
Disable: Search LDAP for Group Name
Create a new RBM Policy URL by clicking on the + . Navigate to the wizard till u get to: Access Profile Mapping.
Your Credential Name will look something like: OU=User,OU=Business Unit,OU=User Account,DC=,DC=,DC=
Thys Michels Blog 