I just had to set this up in the lab as an example so I'd thought I'd share it here...
I'm authenticating with Active Directory in our lab environment.
Login into the WFA Portal using your local admin credentials.
Next Click on Tools > WFA Configuration and click the LDAP tab... you'll now need to enter your LDAP server details, here is the example that I used....
Here:
LDAP Servers: ldap://SP-DC01.uk-demo.netapp.com <<< this is my Active Directory Server
WFA Administrators group: Domain Admins <<< this is the AD group that I will map to the Administrators group in WFA
All other details are left untouched
Once configured you can logout and then log back in using your Active Directory credentials:
If successful you will then be logged in:
If you get a login failure message, a good place to check is:
{WFA_INSTALL_DIRECTORY}/jboss/server/default/log/wfa_ldap
This will give you clues as to why the authentication failed:
012-03-16 12:42:44,040 GMT INFO [com.netapp.wfa.ldap.LdapLoginModule] (http-0.0.0.0-80-4) Looking up user 'UK-DEMO\Administrator' in LDAP servers
2012-03-16 12:42:44,054 GMT INFO [com.netapp.wfa.ldap.LdapWrapper] (http-0.0.0.0-80-4) Looking up user 'UK-DEMO\Administrator' using 'sAMAccountName' attribute
2012-03-16 12:42:44,141 GMT INFO [com.netapp.wfa.ldap.LdapLoginModule] (http-0.0.0.0-80-4) Discovering roles of user 'UK-DEMO\Administrator'
2012-03-16 12:42:44,143 GMT WARN [com.netapp.wfa.ldap.LdapLoginModule] (http-0.0.0.0-80-4) User 'UK-DEMO\Administrator' couldn't be logged in using LDAP because no roles were found, reverting to local WFA login (member of the following groups: [CN=Enterprise Admins,CN=Users,DC=UK-DEMO,DC=HQ,DC=NETAPP,DC=COM, CN=Administrator,CN=Users,DC=UK-DEMO,DC=HQ,DC=NETAPP,DC=COM, CN=Exchange Organization Administrators,OU=Microsoft Exchange Security Groups,DC=UK-DEMO,DC=HQ,DC=NETAPP,DC=COM, CN=Group Policy Creator Owners,CN=Users,DC=UK-DEMO,DC=HQ,DC=NETAPP,DC=COM, CN=Schema Admins,CN=Users,DC=UK-DEMO,DC=HQ,DC=NETAPP,DC=COM, CN=Administrators,CN=Builtin,DC=UK-DEMO,DC=HQ,DC=NETAPP,DC=COM, CN=Domain Admins,CN=Users,DC=UK-DEMO,DC=HQ,DC=NETAPP,DC=COM]
In the example above I had a typo in my mapping between LDAP groups and WFA Groups in the configuration section
Once a user has then successfully logged in they will also appear in the Users definition within WFA - so can now be mapped to categories for further RBAC controls: