a). Adding Suffixes
- Go to Tivoli Web Admin Console --> ServerAdministration --> Manage Server Properties--> Suffixes --> Enter the Base DN name for the suffix (Like dc=yourcompany,dc=com)--> click add
- Stop and Start the LDAP server from LDAP admin console
- copy the portalusers.ldif file , and change the dc=yourcompany,dc=com with your sepecific details.
- stop the ldap server , go to LDAP admin console-->manage-->LDIF Tasks-->import LDIF data-->browse for the portalusers.ldif
user prefix="uid"
user suffix="cn=users"
group prefix="cn"
group suffix="cn=groups"
Portal administrator DN ="uid=wpsadmin,cn=users, dc=yourco,dc=com"
Portal administrator group ="cn=wpsadmins,cn=groups, dc=yourco,dc=com"
Step 2: Integrating the Tivoli Directory Server with Portal (replacing the default filebasedrepository to TDS)
a). Update C:\IBM\WebSphere\wp_profile\ConfigEngine\config\helpers\wp_security_ids.properties file with corresponding values like below (Instead of modifying the wkplc.properties file, you can update this properties file)
standalone.ldap.id=localtds
standalone.ldap.host=sivavaka.com
standalone.ldap.port=389
standalone.ldap.bindDN=cn=root
standalone.ldap.bindPassword=ldappwd
standalone.ldap.ldapServerType=IDS
standalone.ldap.userIdMap=*:uid
standalone.ldap.groupIdMap=*:cn
standalone.ldap.groupMemberIdMap=
standalone.ldap.userFilter=(&(uid=%v)(objectclass=inetOrgPerson))
standalone.ldap.groupFilter=(&(cn=%v)(objectclass=groupOfUniqueNames))
standalone.ldap.serverId=uid=root,cn=users,dc=sivavaka,dc=com
standalone.ldap.serverPassword=Passw0rd
standalone.ldap.realm=sivavaka_portal
standalone.ldap.primaryAdminId=uid=wpsadmin,cn=users,dc=sivavaka,dc=com
standalone.ldap.primaryAdminPassword=wpsadminpwd
standalone.ldap.primaryPortalAdminId=uid=wpsadmin,cn=users,dc=sivavaka,dc=com
standalone.ldap.primaryPortalAdminPassword=wpsadminpwd
standalone.ldap.primaryPortalAdminGroup=cn=wpsadmins,cn=groups,dc=sivavaka,dc=com
standalone.ldap.baseDN=dc=sivavaka,dc=com
standalone.ldap.et.group.searchFilter=
standalone.ldap.et.group.objectClasses=groupOfUniqueNames
standalone.ldap.et.group.objectClassesForCreate=
standalone.ldap.et.group.searchBases=
standalone.ldap.et.personaccount.searchFilter=
standalone.ldap.et.personaccount.objectClasses=inetOrgPerson
standalone.ldap.et.personaccount.objectClassesForCreate=
standalone.ldap.et.personaccount.searchBases=
standalone.ldap.gm.groupMemberName=uniqueMember
standalone.ldap.gm.objectClass=groupOfUniqueNames
standalone.ldap.gm.scope=direct
standalone.ldap.gm.dummyMember=uid=dummy
standalone.ldap.personAccountParent=cn=users,dc=sivavaka,dc=com
standalone.ldap.groupParent=cn=groups,dc=sivavaka,dc=com
standalone.ldap.personAccountRdnProperties=uid
standalone.ldap.groupRdnProperties=cn
standalone.ldap.gc.name=
standalone.ldap.gc.updateGroupMembership=
standalone.ldap.gc.scope=direct
standalone.ldap.derefAliases=always
standalone.ldap.authentication=simple
standalone.ldap.referral=ignore
standalone.ldap.delimiter=/
standalone.ldap.ignoreCase=true
standalone.ldap.sslEnabled=false
standalone.ldap.sslConfiguration=
standalone.ldap.certificateMapMode=EXACT_DN
standalone.ldap.certificateFilter=
standalone.ldap.reuseConnection=true
standalone.ldap.searchTimeLimit=120000
standalone.ldap.connectionPool=false
standalone.ldap.supportSorting=false
standalone.ldap.supportPaging=false
standalone.ldap.supportTransactions=false
standalone.ldap.isExtIdUnique=true
standalone.ldap.supportExternalName=false
standalone.ldap.translateRDN=false
standalone.ldap.searchCountLimit=500
standalone.ldap.searchPageSize=
standalone.ldap.returnToPrimaryServer=
standalone.ldap.primaryServerQueryTimeInterval=
standalone.ldap.loginProperties=uid
standalone.ldap.cp.maxPoolSize=20
b). Execute the following commands to validate and update
#Validates the updated properties
ConfigEngine.bat validate-standalone-ldap -DWasPassword=wpsadmin -DparentProperties=C:\IBM\WebSphere\wp_profile\ConfigEngine\config\helpers\wp_security_ids.properties
#Below command will change the portal filebased repository toTDS
ConfigEngine.bat wp-modify-ldap-security -DWasPassword=wpsadmin -DparentProperties=C:\IBM\WebSphere\wp_profile\ConfigEngine\config\helpers\wp_security_ids.properties
Note: If any problems while executing the above commands,
a) make sure above properties proper (like LDAP admin ID(bindDN), PWD).
b) check the C:\IBM\WebSphere\wp_profile\ConfigEngine\properties\wkplc.properties and file and make sure Stand alone LDAP properties are valid and same as entered above
Once the above commands executed successfully, restart the portal and application server if its already started.
Great article!!. If I have configured a federated LDAP (IDS), do I need to remove it first, to add as a stand alone? or, Is it possible to run ConfigEngine.bat wp-modify-ldap-security and it replaces for IDS standalone? Thanks.
ReplyDelete