security_active_directory.properties
### ### ### security_active_directory.properties ### ### WebSphere Portal parent configuration file for ### configuring security with Microsoft Active Directory ### ### Do NOT enclose any value in quotes! ### Windows paths must use '/', not '\'. ### Windows long paths are OK. ### Properties are immutable. Once set, they cannot be overriden. ### ### ### ### ### How to use this file: ### ### 1. Consult InfoCenter for detailed instructions on the properties and tasks ### listed in this file: ### ### Installing and configuring | Enabling security | LDAP user registry ### Configuring LDAP for non-realm support | Configuring Active Directory for non-realm support ### Configuring LDAP for realm support | Configuring Active Directory for realm support ### ### (Note the extra steps required for Portal to create and modify users.) ### ### 2. Edit this file to match our environment ### ### ### 3. Start and stop the servers. ### ### Change to the following directory: ### ### On Windows or UNIX:### ### <was_profile_root>/bin ### ### On iSeries: ### ### <was_profile_root>/bin ### ### a. Start application server "server1" ### ### On Windows or UNIX:
### ### startServer server1 ### ### ### On iSeries: ### ### startServer -profileName <profile> ### ### ### b. Stop application server "WebSphere_Portal" ### ### On Windows or UNIX:
### ### stopServer WebSphere_Portal ### ### ### On iSeries: ### ### stopServer WebSphere_Portal -profileName <profile> ### ### ### ### 4. Change into the <wp_root>/config directory ### ### ### 5. Import the contents of this file into wpconfig.properties: ### ### On Windows: ### ### WPSconfig -DparentProperties="<path_to_this_file>" -DSaveParentProperties=true ### ### On iSeries: ### ### WPSconfig.sh -profileName <profile name> -DparentProperties="<path_to_this_file>" -DSaveParentProperties=true ### ### on other platforms ### ### ./WPSconfig.sh -DparentProperties=<path_to_this_file> -DSaveParentProperties=true ### ### ### 6. Test connections to directory: ### ### a. for LDAP without realm support ### ### on Windows: ### ### WPSconfig validate-ldap ### ### ### on iSeries: ### ### WPSconfig.sh -profileName <profile name> validate-ldap ### ### on other platforms ### ### ./WPSconfig.sh validate-ldap ### ### b. for LDAP with realm support ### ### on Windows: ### ### WPSconfig validate-wmmur-ldap ### ### on iSeries: ### ### WPSconfig.sh -profileName <profile name> validate-wmmur-ldap ### ### on other platforms ### ### ./WPSconfig.sh validate-wmmur-ldap ### ### ### 7. If WebSphere Application Server security is NOT enabled, run one of the following tasks: ### ### a. without realm support ### ### on Windows: ### ### WPSconfig enable-security-ldap ### ### on iSeries: ### ### WPSconfig.sh -profileName <profile name> enable-security-ldap ### ### on other platforms ### ### ./WPSconfig.sh enable-security-ldap ### ### b. with realm support ### ### on Windows: ### ### WPSconfig enable-security-wmmur-ldap ### ### on iSeries: ### ### WPSconfig.sh -profileName <profile name> enable-security-wmmur-ldap ### ### on other platforms ### ### ./WPSconfig.sh enable-security-wmmur-ldap ### ### 8. Restart the servers. ### ### In order for the new security configuration to become active, ### ### all servers that are running must be stopped ### all required servers need to be started ### ### Change to the following directory: ### ### <was_profile_root>/bin ### ### a. check the server status ### ### on Windows or UNIX:
### ### serverStatus.bat/sh -all ### ### on iSeries: ### ### serverStatus.sh -profileName <profile> -all ### ### b. Stop running servers ### ### on Windows or UNIX:
### ### stopServer.bat/sh <SERVERNAME> ### ### on iSeries: ### ### stopServer.bat/sh -profileName <profile> <SERVERNAME> ### ### c. Start required servers ### ### on Windows or UNIX:
### ### startServer.bat/sh <SERVERNAME> ### ### on iSeries: ### ### startServer.bat/sh -profileName <profile> <SERVERNAME> ### ### WasUserid=cn=wasadmin,cn=users,dc=setgetweb,dc=com WasPassword= wmm.DbPassword= PortalAdminId=cn=wpsadmin,cn=users,dc=setgetweb,dc=com PortalAdminPwd= PortalAdminGroupId=cn=wpsadmins,cn=groups,dc=setgetweb,dc=com LTPAPassword= LTPATimeout=120 SSORequiresSSL=false SSODomainName=<SSODomainName> useDomainQualifiedUserNames=false cacheTimeout=600 issuePermissionWarning=true activeProtocol=BOTH activeAuthMechanism=LTPA LookAside=true LDAPHostName=skyway2k.setgetweb.com LDAPPort=389 LDAPAdminUId=cn=Administrator,cn=Users,dc=setgetweb,dc=com LDAPAdminPwd= LDAPServerType=ACTIVE_DIRECTORY LDAPBindID=cn=wpsbind,cn=users,dc=setgetweb,dc=com LDAPBindPassword= LDAPSuffix=dc=setgetweb,dc=com LdapUserPrefix=cn LDAPUserSuffix=cn=users LdapGroupPrefix=cn LDAPGroupSuffix=cn=groups LDAPUserObjectClass=user LDAPGroupObjectClass=group LDAPGroupMember=member LDAPUserFilter=(&(|(cn=%v)(samAccountName=%v))(objectclass=user)) LDAPGroupFilter=(&(cn=%v)(objectclass=group)) LDAPGroupMinimumAttributes= LDAPUserBaseAttributes=givenName,sn,preferredLanguage LDAPUserMinimumAttributes= LDAPsearchTimeout=120 LDAPreuseConnection=true LDAPIgnoreCase=true LDAPsslEnabled=false WpsContentAdministrators=cn=wpsContentAdministrators,cn=groups,dc=setgetweb,dc=com WpsContentAdministratorsShort=wpsContentAdministrators WpsDocReviewer=cn=wpsDocReviewer,cn=groups,dc=setgetweb,dc=com WpsDocReviewerShort=wpsDocReviewer WcmAdminGroupId=cn=wcmadmins,cn=groups,dc=setgetweb,dc=com WcmAdminGroupIdShort=wcmadmins