Home

 

Switching to unique administrator IDs for system level communication


Overview

When you install IBM Lotus Connections, you provide a user name and password for a system user account that is created by the installer to handle feature-to-feature communication. The installer also creates a J2C authentication alias, named connectionsAdmin. The alias is filled with the specified user and maps that user to a set of application roles. To map these roles to different system user accounts, create additional J2C authentication aliases and remap the roles.

This is an optional configuration. Only complete one of these tasks if you want to map a different user to the system-level roles for one or more of the Lotus Connections features.

The connectionsAdmin is mapped to roles that perform the following tasks:

Role Description
dsx-admin Accesses user information from the Profiles or Communities databases using the corresponding service extensions.
search-admin Indexes the features to support advanced searches across the product.
widget-admin Accesses other features from the Communities feature to support the widgets that are available within Communities.

In addition, the connectionsAdmin user is used by the Home page feature to secure the messaging bus connection.

The connectionsAdmin does not represent the administrative user of a feature; it represents a system-level user for feature to feature communication.


Map a different person to one of the default roles

  1. Perform one of the following tasks:

    • Specify a different system-level user ID for the dsx-admin, search-admin, or widget-admin roles

      Create a J2C authentication alias on WebSphere Application Server by completing the following steps:

      1. From the IBM WebSphere Application Server Integrated Solutions Console, select...

          Security | Secure administration, applications, and infrastructure | Authentication | Java Authentication and Authorization Service | J2C authentication data | New

        Enter an alias name, user ID, and password.

          dsx-admin If you are creating an alias for this role and plan to enable or have enabled single sign-on with a third-party authentication manager, specify a user ID that is present in the corporate directory, and not only in the WebSphere Identify Manager.
          search-admin If you are creating an alias for this role, specify an alias name with the syntax: searchfeature_nameAlias where feature_name is the name of the feature for which you want to create the alias. For example, searchBlogsAlias.
          widget-admin If you are creating an alias for this role, specify an alias name with the syntax: widgetfeature_nameAlias where feature_name is the name of the feature for which you want to create the alias. For example, widgetActivitiesAlias.

      2. Click OK, and then click Save

      3. Repeat steps c to d for each new role that you want to create.

      4. Save your changes.

    • Specify a different system-level user ID for the connectionsBus role

      Map the user ID to a security setting in the service integration buses defined for Lotus Connections by completing the following steps:

      1. From the WAS admin console, select...

          Service integration | Buses | bus | Security | Users and groups in the bus connector role.

        Lotus Connections buses have names that begin with Connections.

      2. Delete the existing user ID by selecting the check box next to the user ID and clicking Delete.

      3. To add the new user ID, click New, select User name, and then type the name of the new user ID.

      4. Click OK.

      5. Repeat steps b to f for each bus.

      6. Save the changes.

  2. For a different system-level user ID for the widget-admin role

    Edit the widget-config.xml configuration file for the feature or features affected by this change. To do so...

    1. Edit...
        profile_root/config/cells/<cellName>/LotusConnections-config/widget-config.xml

    2. Change the remoteHandlerAuthenticationAlias attribute in the lifecycle element for the widgetDef (widget definition) corresponding to the feature that is to be changed. Replace the current value with the name of the alias that you created; include the full name of the alias, which is likely to include a node name prefix.

    3. Repeat the previous step for each feature for which you defined a new alias.

    4. Save the widget-config.xml file.

  3. If you are specifying a different system-level user ID for the dsx-admin, search-admin, or widget-admin roles

    Map the user in the alias to the role you want by completing the following steps:

    1. From the WAS admin console, select...

        Applications | Enterprise Applications | feature | Security role to user/group mapping | role | Look up users or groups

    2. In the Search String box, type the name of the person or group you would like to assign to this role, and then click Search.

    3. Select the user or group name from the Available box, and then move it into the Selected column by clicking the right arrow button.

    4. Repeat add additional people or groups and define access levels and assign people to any other aliases that you created.

    5. Click...

        OK | Save

    6. If you are specifying a different system-level user ID for the dsx-admin role

      Update the value of the corresponding attributes in the LotusConnection-config.xml file. To do so, start wsadmin , and then complete the following steps:

      1. Access the Lotus Connections configuration file:

        • Stand-alone deployment: execfile("connectionsConfig.py")

        • Network deployment: execfile("WAS_HOME/profiles/Dmgr01/config/bin_lc_admin/connectionsConfig.py")If you are prompted to specify which server to connect to, type 1.

          This information is not used by wsadmin when you are making configuration changes.

      2. Check out the Lotus Connections configuration files...

        LCConfigService.checkOutConfig("<working_directory>","cell_name") where:

        • <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you make changes to them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.

        • cell_name is the name of the WebSphere Application Server cell hosting the Lotus Connections feature. This argument is required even in stand-alone deployments. This argument is also case-sensitive, so type it with care. If you do not know the cell name, do one of the following to determine it:

          • Stand-alone deployment: From the file system... 

              WAS_HOME\profiles\profile_name\config\cells\

        • Network deployment:

          From wsadmin... 

            print AdminControl.getCell()

        For example:

        • AIX/Linux: 

            LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")

      3. Microsoft Windows: 

          LCConfigService.checkOutConfig("c:/temp","foo01Cell01")

      4. Use the following commands to update the alias information: 

          LCConfigService.updateConfig("communities.directory.service.extension.auth.alias",
 "<alias_you_created>") LCConfigService.updateConfig("profiles.directory.service.extension.auth.alias",
 "<alias_you_created>")

        where <alias_you_created> is the alias you created in Step 1.

      5. After making changes, check the configuration files back in and do so during the same wsadmin session in which you checked them out for the changes to take effect. See Applying common configuration property changes for information about how to save and apply your changes.

    7. Restart the application servers hosting the features for which you created user roles.


    Change references to administrative credentials

     

    Related tasks

    Configure J2C authentication for search

    Specify different system users for widget life-cycle events

    Synchronize LDAP changes with Profiles

    Change references to administrative credentials

    Updating the messaging bus configuration when the connectionsAdmin user ID changes

    +

    Search Tips   |   Advanced Search