Copy the attached file, wp_security_ids.properties you’re your
prompt run the following commands
cd
.\ConfigEngine.bat validate-standalone-ldap
-DWasPassword=
-DparentProperties=config/helpers/wp_security_ids.properties
This will validate the wp_security_ids.properties file to ensure that you have
sufficient LDAP connectivity and the properties file is correct before actually making
the LDAP configuration in the portal server. Do not proceed unless the results end
with the following text:
Return Value: 0
Once the validation has passed, run the command to set up the LDAP security:
.\ConfigEngine.bat wp-modify-ldap-security
-DWasPassword=
-DparentProperties=config/helpers/wp_security_ids.properties
Ensure the output from this also ends with the result text:
Return Value: 0
At this point, the portal should be configured. To confirm this, start the portal and
attempt to log in. The user name and password should be as follows:
User ID:
Password:
Sample wp_security_ids.properties
# *****************************************************************
#
# Licensed Materials - Property of IBM
#
# 5724-L21
#
# Copyright IBM Corp. 2008 All Rights Reserved.
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with
# IBM Corp.
#
# *****************************************************************
###############################################################################
###############################################################################
##
##
## VMM Stand-alone LDAP configuration
## wp-modify-ldap-security
## wp-update-standalone-ldap
##
## IDS, SECUREWAY
##
###############################################################################
###############################################################################
# The id specifies a unique identifier for the repository within the cell
# Characters that are not allowed in normal XML strings ( & < > " ' ) cannot be used in the repository ID.
standalone.ldap.id=
# Specifies the host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name.
standalone.ldap.host=
# Specifies the LDAP server port.
standalone.ldap.port=389
# Specifies the distinguished name for the application server to use when binding to the LDAP repository.
standalone.ldap.bindDN=uid=hrcdevbind,cn=people,cn=dev,ou=hrc,o=hb
# Specifies the password for the application server to use when binding to the LDAP repository.
standalone.ldap.bindPassword=pswd1wpsbind
# Specifies the type of LDAP server to which you connect
# Supported values on WAS 6.1: IDS4, IDS51, IDS52, IDS6, SECUREWAY
# Note: If your LDAP server version is not listed, enter the value for the highest listed version of your server
# Supported values on WAS 7: IDS
standalone.ldap.ldapServerType=IDS6
# Specifies the LDAP filter that maps the short name of a user to an LDAP entry.
# For example, to display entries of the object class = inetOrgPerson type by their IDs, specify inetOrgPerson:uid.
# This field takes multiple objectclass:property pairs delimited by a semicolon (;).
# note: not used during node federation to DMGR with WAS ldap security enabled
standalone.ldap.userIdMap=*:uid
# Specifies the LDAP filter that maps the short name of a group to an LDAP entry.
# Specifies the piece of information that represents groups when groups display. For example, to display groups by their names, specify *:cn.
# The asterisk (*) is a wildcard character that searches on any object class in this case.
# This field takes multiple objectclass:property pairs, delimited by a semicolon (;).
# note: not used during node federation to DMGR with WAS ldap security enabled
standalone.ldap.groupIdMap=*:cn
# Specifies the LDAP filter that identifies user-to-group relationships.
# Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass.
# For directory types SecureWay, and Domino, this field takes multiple objectclass:property pairs, delimited by a semicolon (;).
# For IBM Directory Server, Sun ONE, and Active Directory, this field takes multiple group attribute:member attribute pairs delimited by a semicolon (;).
# For more information about this syntax, see the LDAP directory service documentation.
# note: not used during node federation to DMGR with WAS ldap security enabled
standalone.ldap.groupMemberIdMap=
# Specifies the LDAP user filter that searches the user registry for users.
# For example, to look up users based on their user IDs, specify (&(uid=%v)(objectclass=inetOrgPerson))
# note: not used during node federation to DMGR with WAS ldap security enabled
standalone.ldap.userFilter=(&(uid=%v)(objectclass=inetOrgPerson))
# Specifies the LDAP group filter that searches the user registry for groups.
# note: not used during node federation to DMGR with WAS ldap security enabled
standalone.ldap.groupFilter=(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
# Specifies a user ID and password in the repository that is used for internal process communication.
# note: not used during node federation to DMGR with WAS ldap security enabled
standalone.ldap.serverId=uid=hrcdevbind,cn=people,cn=dev,ou=hrc,o=hb
standalone.ldap.serverPassword=pswd1wpsbind
# The security context of this server. A realm with this name will be created.
standalone.ldap.realm=hrcdevrealm1
# The ID of the WAS admin user. The ID must exist in the LDAP server.
standalone.ldap.primaryAdminId=uid=hrcdevbind,cn=people,cn=dev,ou=hrc,o=hb
standalone.ldap.primaryAdminPassword=pswd1wpsbind
# The ID of the portal admin user. The ID must exist in the LDAP server.
standalone.ldap.primaryPortalAdminId=uid=hrcdevadmin,cn=people,cn=dev,ou=hrc,o=hb
standalone.ldap.primaryPortalAdminPassword=passw0rd
# The user group with admin permission in portal. The group must exist in the LDAP server.
standalone.ldap.primaryPortalAdminGroup=cn=hrcdevadmins,cn=groups,cn=dev,ou=hrc,o=hb
# The LDAP base entry.
# This is the startpoint for all LDAP searches of Websphere Application Server Security
standalone.ldap.baseDN=cn=dev,ou=hrc,o=hb
########################
##
## LDAP entity types
##
########################
# Entity type Group
# The search filter that you want to use to search the entity type.
# VMM uses this filter as an addition during search requests in your environment
# The syntax is like a standard LDAP searchfilter like (objectclass=groupOfUniqueNames)
# In general this value can be left blank
standalone.ldap.et.group.searchFilter=
# One or more object classes (separated by ';') for the entity type.
standalone.ldap.et.group.objectClasses=groupOfUniqueNames
# The object class(es) (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter.
standalone.ldap.et.group.objectClassesForCreate=
# The search base or bases to use while searching the entity type.
standalone.ldap.et.group.searchBases=
# Entity type PersonAccount
# The search filter that you want to use to search the entity type.
# VMM uses this filter as an addition during search requests in your environment
# The syntax is like a standard LDAP searchfilter like (objectclass=inetOrgPerson)
# In general this value can be left blank
standalone.ldap.et.personaccount.searchFilter=
# One or more object classes (separated by ';') for the entity type.
# Please check this value with the objectclass used in your LDAP for type User
standalone.ldap.et.personaccount.objectClasses=inetOrgPerson
# The object class(es) (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter.
standalone.ldap.et.personaccount.objectClassesForCreate=
# The search base or bases to use while searching the entity type.
standalone.ldap.et.personaccount.searchBases=
########################
##
## End LDAP entity types
##
########################
###################################################
##
## Group member attributes
##
###################################################
# The name of the LDAP attribute that is used as the group member attribute. For example, member or uniqueMember.
standalone.ldap.gm.groupMemberName=member
# The group object class that contains the member attribute. For example, groupOfNames or groupOfUnqiueNames.
# If you do not define this parameter, the member attribute applies to all group object classes.
standalone.ldap.gm.objectClass=groupOfNames
# The scope of the member attribute. The valid values for this parameter include the following:
# direct - The member attribute only contains direct members.
# nested - The member attribute that contains the direct members and the nested members.
standalone.ldap.gm.scope=direct
# If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute.
standalone.ldap.gm.dummyMember=uid=test
###############################
# Default parent, RDN attribute
###############################
# The default parents to be set for the the entity types PersonAccount and Group
standalone.ldap.personAccountParent=cn=people,cn=dev,ou=hrc,o=hb
standalone.ldap.groupParent=cn=groups,cn=dev,ou=hrc,o=hb
# The RDN attribute names for the entity types PersonAccount and Group
# To reset all the values of the rdnProperties parameter, specify a blank string ("").
standalone.ldap.personAccountRdnProperties=uid
standalone.ldap.groupRdnProperties=cn
###################################################
##
## End Group member attributes
##
###################################################
###############################################################################
##
## Advanced Properties
##
###############################################################################
###################
# Group config
###################
# The name of the membership attribute. For example, memberOf in an active directory server and ibm-allGroups in IDS.
standalone.ldap.gc.name=
# Updates the group membership if the member is deleted or renamed. Some LDAP servers, for example, Domino server, do not clean up
# the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property,
# the value of this parameter is set to true. Use this parameter to change the value. The default value is false.
standalone.ldap.gc.updateGroupMembership=
# The scope of the membership attribute. The valid values for this parameter include the following:
# direct - The membership attribute only contains direct groups.
# nested - The membership attribute that contains the direct groups and the nested groups.
# all - The membership attribute contains direct groups, nested groups, and dynamic members.
# The default value is direct.
standalone.ldap.gc.scope=direct
# Controls how aliases are dereferenced. The default value is always. Valid values include:
# always - always deference aliases
# never - never deference aliases
# finding - deference aliases only during name resolution
# searching - deference aliases only after name resolution
standalone.ldap.derefAliases=always
# Indicates the authentication method to use. The default value is simple. Valid values include: none or strong.
standalone.ldap.authentication=simple
# The LDAP referral. The default value is ignore. Valid values include: follow, throw, or false.
standalone.ldap.referral=ignore
# Specifies the delimiter used for this realm. The default value is /.
standalone.ldap.delimiter=/
# Whether the query matches case sensitivity.
# note: not used during node federation to DMGR with WAS ldap security enabled
standalone.ldap.ignoreCase=true
# Specifies whether secure socket communication is enabled to the LDAP server.
# When enabled (sslEnabled=true), the Secure Sockets Layer (SSL) settings for LDAP are used.
# The default value is false.
standalone.ldap.sslEnabled=false
# Specifies the name of the application server SSL configuration to be used for SSL enabled LDAP server.
# This property is used to specify a non default SSL configuration if standalone.ldap.sslEnabled=true is set
standalone.ldap.sslConfiguration=
# Specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter.
# Specify the certificate filter to use the specified filter for the mapping, if client certificate authentication is used
# for portal server.
# Valid values include: EXACT_DN, CERTIFICATE_FILTER
standalone.ldap.certificateMapMode=EXACT_DN
# Specifies the filter certificate mapping property for the LDAP filter, if client certificate authentication is used
# for portal server.
# The filter is used to map attributes in the client certificate to entries within the LDAP repository.
standalone.ldap.certificateFilter=
# Should be set to true by default to reuse the LDAP connection.
# note: not used during node federation to DMGR with WAS ldap security enabled
standalone.ldap.reuseConnection=true
# Specifies the timeout value in miliseconds for an LDAP server to respond before aborting a request.
standalone.ldap.searchTimeLimit=120000
# Defines if VMM will enable the ConnectionPool
standalone.ldap.connectionPool=false
# Indicates if sorting is supported or not. The default value is false.
standalone.ldap.supportSorting=false
# Indicates if paging is supported or not.
standalone.ldap.supportPaging=false
# Indicates if transactions are supported or not. The default value is false.
standalone.ldap.supportTransactions=false
# Specifies if the external ID is unique. The default value is true.
standalone.ldap.isExtIdUnique=true
# Indicates if external names are supported or not. The default value is false.
standalone.ldap.supportExternalName=false
# Indicates to translate RDN or not. The default value is false.
standalone.ldap.translateRDN=false
# The value of the search count limit.
standalone.ldap.searchCountLimit=500
# The value of search page size.
standalone.ldap.searchPageSize=
# Indicates to return to the primary LDAP server when it is available. The default value is true.
standalone.ldap.returnToPrimaryServer=
# Indicates the polling interval for testing the primary server availability.
# The value of this parameter is specified in minutes. The default value is 15.
standalone.ldap.primaryServerQueryTimeInterval=
# Indicates the property name used for login.
standalone.ldap.loginProperties=uid
# The maximum number of context instances that can be maintained concurrently by the context pool.
# The default value is 20.
standalone.ldap.cp.maxPoolSize=20
###############################################################################
###############################################################################
##
##
## End - VMM Stand-alone LDAP configuration
##
##
###############################################################################
###############################################################################
No comments:
Post a Comment