security_ibm_dir_server.properties

 

### security_ibm_dir_server.properties
###
### WebSphere Portal parent properties file 
### IBM Directory Server
###
### Do NOT enclose any value in quotes!
### Windows paths must use '/', not '\'.
### Windows long paths are OK.
### Properties are immutable. Once set, they cannot be overriden.
###
###


##############
### 
### How to use this file:
###
### 1. Edit this file to match our environment
###
### 2. Start application server "server1"
###
### 3. Stop application server "WebSphere_Portal"
###
### 4. Change into the <wp_root>/config directory
###
### 5. Import the contents of this file into wpconfig.properties:
###
###      on Windows:
###        WPSconfig -DparentProperties="<path_to_this_file>" -DSaveParentProperties=true
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile> -DparentProperties="<path_to_this_file>" -DSaveParentProperties=true
###
###      on other platforms
###        ./WPSconfig.sh -DparentProperties=<path_to_this_file> -DSaveParentProperties=true
###
### 6. Test connections to directory:
###
###   a. for LDAP without realm support 
###      on Windows:
###        WPSconfig validate-ldap
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile> validate-ldap
###
###      on other platforms
###        ./WPSconfig.sh validate-ldap
###
###   b. for LDAP with realm support
###      on Windows:
###        WPSconfig validate-wmmur-ldap
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile> validate-wmmur-ldap
###
###      on other platforms
###        ./WPSconfig.sh validate-wmmur-ldap
###
### 7. If WebSphere Application Server security is NOT enabled, run one of the following tasks:
###   a. without realm support
###      on Windows:
###        WPSconfig enable-security-ldap
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile> enable-security-ldap
###
###      on other platforms
###        ./WPSconfig.sh enable-security-ldap
###
###   b. with realm support
###
###      on Windows:
###        WPSconfig enable-security-wmmur-ldap
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile> enable-security-wmmur-ldap
###
###      on other platforms
###        ./WPSconfig.sh enable-security-wmmur-ldap
###
### 8. Restart the servers.
###
###    In order for the new security configuration to become active, 
###      all servers that are running must be stopped
###      all required servers need to be started
###
###    Change to the following directory:
###      <was_profile_root>/bin
###
###    a. check the server status 
###
###       on Windows or UNIX: 

### serverStatus.bat/sh -all ### on iSeries: ### serverStatus.sh -profileName <profile> -all ### ### b. Stop running servers ### ### on Windows or UNIX:

### stopServer.bat/sh <SERVERNAME> ### on iSeries: ### stopServer.bat/sh -profileName <profile> <SERVERNAME> ### c. Start required servers ### on Windows or UNIX:

### startServer.bat/sh <SERVERNAME> ### on iSeries: ### startServer.bat/sh -profileName <profile> <SERVERNAME> ### ############## ############## ### WebSphere Application Server Properties - BEGIN ############## ### WasUserid: The user ID for WebSphere Application Server security authentication WasUserid=uid=<wasuserid>,cn=users,dc=yourco,dc=com ### WasPassword: The password for WebSphere Application Server security authentication (LDAP and CUR) WasPassword= ############## ### WebSphere Application Server Properties - END ############## ############## ### Database Properties - BEGIN ############## ### Connection information for wmm db will be acquired from ### wpconfig_dbdomain.properties and wpconfig_dbtype.properties ### DbPassword: The database administrator password wmm.DbPassword= ############## ### Database Properties - END ############## ############## ### Portal Config Properties - BEGIN ############## ### PortalAdminId: The user ID for the WebSphere Portal Administrator PortalAdminId=uid=<portaladminid>,cn=users,dc=yourco,dc=com ### PortalAdminPwd: The password for the WebSphere Portal Administrator PortalAdminPwd= ### PortalAdminGroupId: The group ID for the WebSphere Portal Administrator group PortalAdminGroupId=cn=<portaladmingroupid>,cn=groups,dc=yourco,dc=com ############## ### Portal Config Properties - END ############## ########### ### ### WebSphere Portal Security Configuration - BEGIN ### ########### ########### ### WebSphere Portal Security LTPA and SSO configuration ########### ### LTPAPassword: Specifies the password to encrypt and decrypt the LTPA keys. LTPAPassword= ### LTPATimeout: Specifies the time period in minutes at which an LTPA token will expire. LTPATimeout=120 ### SSORequiresSSL: Specifies that Single Sign-On function is enabled ### only when requests are over HTTPS Secure Socket Layer (SSL) connections. SSORequiresSSL=false ### SSODomainName: Domain name (ibm.com, for example) for all Single Sign-on hosts. SSODomainName=<SSODomainName> ########### ### General Global Security Settings ########### ### Description: The values in this section should only be adapted by advanced users ### useDomainQualifiedUserNames: Specifies the user names to qualify with the security domain within which they reside. useDomainQualifiedUserNames=false ### cacheTimeout: Specifies the timeout value in seconds for security cache. cacheTimeout=600 ### issuePermissionWarning: Specifies that when the Issue permission warning is enabled, during application deployment ### and application start, the security run time emits a warning if applications are granted any custom permissions. issuePermissionWarning=true ### activeProtocol: Specifies the active authentication protocol for RMI/IIOP requests when security is enabled. activeProtocol=BOTH ### activeAuthMechanism: Specifies the active authentication mechanism, when security is enabled. activeAuthMechanism=LTPA ########### ### LDAP Properties Configuration - BEGIN ########### ### LookAside: To configure LDAP with an additional LookAside Database ### true - LDAP + Lookaside database ### false - only LDAP LookAside=false ### LDAPHostName: The LDAP server hostname LDAPHostName=<LDAPHostName> ### LDAPPort: The LDAP server port number ### For example, 389 for non-SSL or 636 for SSL LDAPPort=389 ### LDAPAdminUId: The LDAP administrator ID LDAPAdminUId=<LDAPAdminUId> ### LDAPAdminPwd: The LDAP administrator password LDAPAdminPwd= ### LDAPServerType: The type of LDAP server to be used for WebSphere Portal LDAPServerType=IBM_DIRECTORY_SERVER #LDAPBindID: The user ID for LDAP Bind authentication LDAPBindID=uid=<ldapbindid>,cn=users,dc=yourco,dc=com #LDAPBindPassword: The password for LDAP Bind authentication LDAPBindPassword= ########### ### LDAP Properties Configuration - END ########### ############## ### Advanced LDAP Configuration - BEGIN ############## ### LDAPSuffix: The LDAP suffix appropriate for our LDAP server LDAPSuffix=dc=yourco,dc=com ### LdapUserPrefix: The LDAP user prefix appropriate for our LDAP server LdapUserPrefix=uid ### LDAPUserSuffix: The LDAP user suffix appropriate for our LDAP server LDAPUserSuffix=cn=users ### LdapGroupPrefix: The LDAP group prefix appropriate for our LDAP server LdapGroupPrefix=cn ### LDAPGroupSuffix: The LDAP group suffix appropriate for our LDAP server LDAPGroupSuffix=cn=groups ### LDAPUserObjectClass: The LDAP user object class appropriate for our LDAP server LDAPUserObjectClass=inetOrgPerson ### LDAPGroupObjectClass: The LDAP group object class appropriate for our LDAP server LDAPGroupObjectClass=groupOfUniqueNames ### LDAPGroupMember: The LDAP group member attribute name appropriate for our LDAP server LDAPGroupMember=uniqueMember ### LDAPUserFilter: The LDAP user filter appropriate for our LDAP server (to work with default values in WMM) LDAPUserFilter=(&(uid=%v)(objectclass=inetOrgPerson)) ### LDAPGroupFilter: The LDAP group filter appropriate for our LDAP server (to work with default values in WMM) LDAPGroupFilter=(&(cn=%v)(objectclass=groupOfUniqueNames)) ### LDAPGroupMinimumAttributes: This attribute is loaded for group search (performance issues) LDAPGroupMinimumAttributes= ### LDAPUserBaseAttributes: These attributes are loaded for user login (performance issues) LDAPUserBaseAttributes=givenName,sn,preferredLanguage ### LDAPUserMinimumAttributes: These attributes are loaded for user search (performance issues) LDAPUserMinimumAttributes= #LDAPsearchTimeout: Specifies the timeout value in seconds for an LDAP server to respond before aborting a request. LDAPsearchTimeout=120 #LDAPreuseConnection: Should set to true by default to reuse the LDAP connection. ### { false | true } LDAPreuseConnection=true #LDAPIgnoreCase: Specifies that a case insensitive authorization check is performed. ### { false | true } LDAPIgnoreCase=true #LDAPsslEnabled: Specifies whether secure socket communications is enabled to the LDAP server. ### { false | true } ### Set to true if configuring LDAP over SSL LDAPsslEnabled=false ############## ### Advanced LDAP Configuration - END ############## ########### ### LDAP Properties - END ########### ########### ### PDM LDAP Properties - BEGIN ########### ### WpsContentAdministrators: The group ID for the WebSphere Content Administrator group ### See LDAP examples below: ### IBM Directory Server: { cn=wpsContentAdministrators,cn=groups,dc=yourco,dc=com } WpsContentAdministrators=cn=wpsContentAdministrators,cn=groups,dc=yourco,dc=com ### WpsContentAdministratorsShort: The WebSphere Content Administrators group ID WpsContentAdministratorsShort=wpsContentAdministrators ### WpsDocReviewer: The group ID for the WebSphere Document Reviewer group ### See LDAP examples below: ### IBM Directory Server: { cn=wpsDocReviewer,cn=groups,dc=yourco,dc=com } WpsDocReviewer=cn=wpsDocReviewer,cn=groups,dc=yourco,dc=com ### WpsDocReviewerShort: The WebSphere Document Reviewer group ID WpsDocReviewerShort=wpsDocReviewer ########### ### PDM LDAP Properties - END ########### ########### ### WCM LDAP Properties - BEGIN ########### ### WcmAdminGroupId: The group ID for the WCM Administrator group ### See LDAP examples below: ### IBM Directory Server: { cn=wcmadmins,cn=groups,dc=yourco,dc=com } WcmAdminGroupId=cn=wcmadmins,cn=groups,dc=yourco,dc=com ### WcmAdminGroupIdShort: The WCM admin group ID WcmAdminGroupIdShort=wcmadmins ########### ### WCM LDAP Properties - END ########### ########### ### ### WebSphere Portal Security Configuration - END ### ###########