security_novell.properties

 

#############
###
### WebSphere Portal parent configuration file for:
###     Configuring WebSphere Portal for Novell eDirectory
###
### NOTE: Do NOT enclose any value in quotes!
### NOTE: Windows paths must use '/', not '\'.
### NOTE: Windows long paths are OK.
### NOTE: Properties are immutable. Once set, they cannot be overriden.
###
##############


##############
### 
### How to use this file:
###
### 1. Consult InfoCenter for detailed instructions on the properties and tasks
###       listed in this file:
###           Installing and configuring> Enabling security> LDAP user registry>
###                Configuring LDAP for non-realm support> Configuring Novell eDirectory for non-realm support
###         or     Configuring LDAP for realm support> Configuring Novell eDirectory for realm support
###       (Note the extra steps required for Portal to create and modify users.)
### 2. Edit this file to match our environment
### 3. Start application server "server1"
###    Stop application server "WebSphere_Portal"
### 4. Change into the <wp_root>/config directory
### 5. Import the contents of this file into wpconfig.properties:
###      on Windows:
###        WPSconfig -DparentProperties="<full_path_to_this_file>" -DSaveParentProperties=true
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile name> -DparentProperties="<full_path_to_this_file>" -DSaveParentProperties=true
###
###      on other platforms
###        ./WPSconfig.sh -DparentProperties=<full_path_to_this_file> -DSaveParentProperties=true
### 6. Test connections to directory:
###   a. for LDAP without realm support 
###      on Windows:
###        WPSconfig validate-ldap
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile name> validate-ldap
###
###      on other platforms
###        ./WPSconfig.sh validate-ldap
###   b. for LDAP with realm support
###      on Windows:
###        WPSconfig validate-wmmur-ldap
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile name> validate-wmmur-ldap
###
###      on other platforms
###        ./WPSconfig.sh validate-wmmur-ldap
### 7. If WebSphere Application Server security is NOT enabled, run one of the following tasks:
###   a. without realm support
###      on Windows:
###        WPSconfig enable-security-ldap
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile name> enable-security-ldap
###
###      on other platforms
###        ./WPSconfig.sh enable-security-ldap
###   b. with realm support
###      on Windows:
###        WPSconfig enable-security-wmmur-ldap
###
###      on iSeries:
###        WPSconfig.sh -profileName <profile name> enable-security-wmmur-ldap
###
###      on other platforms
###        ./WPSconfig.sh enable-security-wmmur-ldap
### 8. Restart the servers.
###    In order for the new security configuration to become active, 
###      all servers that are running must be stopped
###      all required servers need to be started
###
###    Change to the following directory:
###      <was_profile_root>/bin
###
###    a. check the server status 
###       on Windows or UNIX: 

### serverStatus.bat/sh -all ### on iSeries: ### serverStatus.sh -profileName <profile> -all ### b. Stop running servers ### on Windows or UNIX:

### stopServer.bat/sh <SERVERNAME> ### on iSeries: ### stopServer.bat/sh -profileName <profile> <SERVERNAME> ### c. Start required servers ### on Windows or UNIX:

### startServer.bat/sh <SERVERNAME> ### on iSeries: ### startServer.bat/sh -profileName <profile> <SERVERNAME> ### ############## ############## ### WebSphere Application Server Properties - BEGIN ############## ### WasUserid: The user ID for WebSphere Application Server security authentication WasUserid=uid=<wasuserid>,ou=people,o=yourco.com ### WasPassword: The password for WebSphere Application Server security authentication (LDAP and CUR) WasPassword= ############## ### WebSphere Application Server Properties - END ############## ############## ### Database Properties - BEGIN ############## ### Connection information for wmm db will be acquired from ### wpconfig_dbdomain.properties and wpconfig_dbtype.properties ### DbPassword: The database administrator password wmm.DbPassword= ############## ### Database Properties - END ############## ############## ### Portal Config Properties - BEGIN ############## ### PortalAdminId: The user ID for the WebSphere Portal Administrator PortalAdminId=uid=<portaladminid>,ou=people,o=yourco.com ### PortalAdminPwd: The password for the WebSphere Portal Administrator PortalAdminPwd= ### PortalAdminGroupId: The group ID for the WebSphere Portal Administrator group PortalAdminGroupId=cn=<portaladmingroupid>,ou=groups,o=yourco.com ############## ### Portal Config Properties - END ############## ########### ### ### WebSphere Portal Security Configuration - BEGIN ### ########### ########### ### WebSphere Portal Security LTPA and SSO configuration ########### ### LTPAPassword: Specifies the password to encrypt and decrypt the LTPA keys. LTPAPassword= ### LTPATimeout: Specifies the time period in minutes at which an LTPA token will expire. LTPATimeout=120 ### SSORequiresSSL: Specifies that Single Sign-On function is enabled ### only when requests are over HTTPS Secure Socket Layer (SSL) connections. SSORequiresSSL=false ### SSODomainName: Domain name (ibm.com, for example) for all Single Sign-on hosts. SSODomainName=<SSODomainName> ########### ### General Global Security Settings ########### ### Description: The values in this section should only be adapted by advanced users ### useDomainQualifiedUserNames: Specifies the user names to qualify with the security domain within which they reside. useDomainQualifiedUserNames=false ### cacheTimeout: Specifies the timeout value in seconds for security cache. cacheTimeout=600 ### issuePermissionWarning: Specifies that when the Issue permission warning is enabled, during application deployment ### and application start, the security run time emits a warning if applications are granted any custom permissions. issuePermissionWarning=true ### activeProtocol: Specifies the active authentication protocol for RMI/IIOP requests when security is enabled. activeProtocol=BOTH ### activeAuthMechanism: Specifies the active authentication mechanism, when security is enabled. activeAuthMechanism=LTPA ########### ### LDAP Properties Configuration - BEGIN ########### ### LookAside: To configure LDAP with an additional LookAside Database ### true - LDAP + Lookaside database ### false - only LDAP LookAside=false ### LDAPHostName: The LDAP server hostname LDAPHostName=<LDAPHostName> ### LDAPPort: The LDAP server port number ### For example, 389 for non-SSL or 636 for SSL LDAPPort=389 ### LDAPAdminUId: The LDAP administrator ID LDAPAdminUId=<LDAPAdminUId> ### LDAPAdminPwd: The LDAP administrator password LDAPAdminPwd= ### LDAPServerType: The type of LDAP server to be used for WebSphere Portal LDAPServerType=NDS #LDAPBindID: The user ID for LDAP Bind authentication LDAPBindID=uid=<ldapbindid>,ou=people,o=yourco.com #LDAPBindPassword: The password for LDAP Bind authentication LDAPBindPassword= ########### ### LDAP Properties Configuration - END ########### ############## ### Advanced LDAP Configuration - BEGIN ############## ### LDAPSuffix: The LDAP suffix appropriate for our LDAP server LDAPSuffix=o=yourco.com ### LdapUserPrefix: The LDAP user prefix appropriate for our LDAP server LdapUserPrefix=uid ### LDAPUserSuffix: The LDAP user suffix appropriate for our LDAP server LDAPUserSuffix=ou=people ### LdapGroupPrefix: The LDAP group prefix appropriate for our LDAP server LdapGroupPrefix=cn ### LDAPGroupSuffix: The LDAP group suffix appropriate for our LDAP server LDAPGroupSuffix=ou=groups ### LDAPUserObjectClass: The LDAP user object class appropriate for our LDAP server LDAPUserObjectClass=inetOrgPerson ### LDAPGroupObjectClass: The LDAP group object class appropriate for our LDAP server LDAPGroupObjectClass=groupOfNames ### LDAPGroupMember: The LDAP group member attribute name appropriate for our LDAP server LDAPGroupMember=uniqueMember ### LDAPUserFilter: The LDAP user filter appropriate for our LDAP server (to work with default values in WMM) LDAPUserFilter=(&(uid=%v)(objectclass=inetOrgPerson)) ### LDAPGroupFilter: The LDAP group filter appropriate for our LDAP server (to work with default values in WMM) LDAPGroupFilter=(&(cn=%v)(objectclass=groupOfUniqueNames)) ### LDAPGroupMinimumAttributes: This attribute is loaded for group search (performance issues) LDAPGroupMinimumAttributes= ### LDAPUserBaseAttributes: These attributes are loaded for user login (performance issues) LDAPUserBaseAttributes=givenName,sn,preferredLanguage ### LDAPUserMinimumAttributes: These attributes are loaded for user search (performance issues) LDAPUserMinimumAttributes= #LDAPsearchTimeout: Specifies the timeout value in seconds for an LDAP server to respond before aborting a request. LDAPsearchTimeout=120 #LDAPreuseConnection: Should set to true by default to reuse the LDAP connection. ### { false | true } LDAPreuseConnection=true #LDAPIgnoreCase: Specifies that a case insensitive authorization check is performed. ### { false | true } LDAPIgnoreCase=true #LDAPsslEnabled: Specifies whether secure socket communications is enabled to the LDAP server. ### { false | true } ### Set to true if configuring LDAP over SSL LDAPsslEnabled=false ############## ### Advanced LDAP Configuration - END ############## ########### ### LDAP Properties - END ########### ########### ### PDM LDAP Properties - BEGIN ########### ### WpsContentAdministrators: The group ID for the WebSphere Content Administrator group ### Novell eDirectory { cn=wpsContentAdministrators,ou=groups,o=yourco.com } WpsContentAdministrators=cn=wpsContentAdministrators,ou=groups,o=yourco.com ### WpsContentAdministratorsShort: The WebSphere Content Administrators group ID WpsContentAdministratorsShort=wpsContentAdministrators ### WpsDocReviewer: The group ID for the WebSphere Document Reviewer group ### Novell eDirectory { cn=wpsDocReviewer,ou=groups,o=yourco.com } WpsDocReviewer=cn=wpsDocReviewer,ou=groups,o=yourco.com ### WpsDocReviewerShort: The WebSphere Document Reviewer group ID WpsDocReviewerShort=wpsDocReviewer ########### ### PDM LDAP Properties - END ########### ########### ### WCM LDAP Properties - BEGIN ########### ### WcmAdminGroupId: The group ID for the WCM Administrator group ### See LDAP examples below: ### Novell eDirectory { cn=wcmadmins,ou=groups,o=yourco.com } WcmAdminGroupId=cn=wcmadmins,ou=groups,o=yourco.com ### WcmAdminGroupIdShort: The WCM admin group ID WcmAdminGroupIdShort=wcmadmins ########### ### WCM LDAP Properties - END ########### ########### ### ### WebSphere Portal Security Configuration - END ### ###########