Configure Novell eDirectory for non-realm support
Use this information to configure IBM WebSphere Portal to use Novell eDirectory for non-realm support.
To edit the wpconfig.properties file and run the appropriate configuration tasks so that WebSphere Portal can work with the LDAP server.
You are here
- LDAP user registry
- Installing Novell eDirectory
- Setting up Novell eDirectory
- Disable WAS global security
- Configuring Novell eDirectory for non-realm support (Current task)
- Additional LDAP configuration
- Verifying LDAP
- These instructions apply to either a single server installation or a cluster environment. When setting up a cluster to use an LDAP server, it is only necessary to perform these steps on the primary node in the cluster. For detailed instructions on creating the cluster, refer to Clustering and WebSphere Portal.
- A configuration template might exist to support these instructions. Refer to the portal_server_root/config/helpers directory for available configuration templates. Use the configuration template to update the wpconfig.properties file, as described in Configuration program, according to the property descriptions and recommended values provided below. If you do not want to use a configuration template, simply follow the instructions below as written.
Procedure
- Ensure that the LDAP software is installed and any setup required by WebSphere Portal has been performed.
- Security is automatically enabled after installation. Before configuring the LDAP, disable security. See Disable WAS global security for information about disabling security.
- Locate the wpconfig.properties and wpconfig_dbdomain.properties files in the following directory and create a back up copy before changing any values:
- Windows and UNIX portal_server_root/config/
- i5/OS portal_server_root/config/
- Edit the wpconfig.properties file and enter the values appropriate for the environment. Note the following:
- Do not change any settings other than those specified in these steps. For instructions on working with these files, see Configuration properties reference for a complete properties reference, including default values.
- Use / instead of \ for all platforms.
- Some values, shown in italics below, might need to be modified to your specific environment.
IBM WAS properties
Section of properties file: Portal configuration properties
Property Value WasUserid The user ID for WebSphere Application Server security authentication. The fully qualified distinguished name (DN) of a current administrative user for the WebSphere Application Server. For LDAP configuration this value should not contain spaces. Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN). If a value is specified for WasUserid, a value must also be specified for WasPassword. If WasUserid is left blank, WasPassword must also be left blank.
For LDAP configuration this value should not contain spaces.
Value type: Alphanumeric text string
Examples: When using LDAP security:
- Tivoli Directory Server : uid=wpsbind,cn=users,dc=example,dc=com
- Lotus Domino : cn=wpsbind,o=example.com
- Active Directory : cn=wpsbind,cn=users,dc=example,dc=com
- Sun Java System Directory Server : uid=wpsbind,ou=people,o=example.com
- Novell eDirectory : uid=wpsbind,ou=people,o=example.com
Example: When using Custom User Registry (CUR):
- CUR: wpsbind
Default: ReplaceWithYourWASUserID
WasPassword The password for WebSphere Application Server security authentication. If a value is specified for WasPassword, a value must also be specified for WasUserid. If WasPassword is left blank, WasUserid must also be left blank.
Value type: Alphanumeric text string
Recommended: Set this value according to your own environment.
Default: ReplaceWithYourWASUserPwd
WpsContentAdministrators, WpsDocReviewer, and PortalAdminGroupId should be different groups.
Section of properties file: Database properties in wpconfig_dbdomain.properties
Property Value PortalAdminId The user ID for the WebSphere Portal administrator, which should be the fully qualified distinguished name (DN). Notes:
- For LDAP configuration this value should not contain spaces.
- Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN).
Value type: Alphanumeric text string, conforming to the LDAP distinguished name format
Examples for LDAP:
- Tivoli Directory Server : uid=portaladminid,cn=users,dc=example,dc=com
- Lotus Domino : cn=portaladminid,o=example.com
- Active Directory and Active Directory Application Mode: cn=portaladminid,cn=users,dc=example,dc=com
- Sun Java System Directory Server : uid=portaladminid,ou=people,o=example.com
- Novell eDirectory : uid=portaladminid,ou=people,o=example.com
Example for Custom User Registry (CUR): uid=portaladminid
Windows and UNIX Default value: none
i5/OS Default value: uid=portaladminid,o=default organization
PortalAdminPwd The password for the WebSphere Portal administrator, as defined in the PortalAdminId property. Value type: Alphanumeric text string
Example: yourportaladminpwd
Default: none
PortalAdminGroupId The group ID for the group to which the WebSphere Portal administrator belongs. Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN).
Value type: Alphanumeric text string, conforming to the LDAP distinguished name format
Examples for LDAP:
- Tivoli Directory Server : cn=wpsadmins,cn=groups,dc=example,dc=com
- Lotus Domino : cn=wpsadmins
- Active Directory : cn=wpsadmins,cn=groups,dc=example,dc=com
- Sun Java System Directory Server : cn=wpsadmins,ou=groups,o=example.com
- Novell eDirectory : cn=wpsadmins,ou=groups,o=example.com
Example for Custom User Registry (CUR): cn=wpsadmins,o=default organization
Default: cn=wpsadmins,o=default organization
WpsContentAdministrators The group ID for the WebSphere Content Administrator group. Value type: Alphanumeric text string
Example values:
- DEV (No security): WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization
- Member Manager User Repository database: WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization
LDAP example values:
- Tivoli Directory Server : cn=wpsContentAdministrators,cn=groups,dc=example,dc=com
- Lotus Domino : cn=wpsContentAdministrators
- Active Directory : cn=wpsContentAdministrators,cn=groups,dc=example,dc=com
- Sun Java System Directory Server : cn=wpsContentAdministrators,ou=groups,o=example.com
- Novell eDirectory : cn=wpsContentAdministrators,ou=groups,o=example.com
Default: cn=wpsContentAdministrators,o=default organization
WpsContentAdministratorsShort The WebSphere Content Administrators group ID. Value type: Alphanumeric text string
Default: wpsContentAdministrators
WpsDocReviewer The group ID for the WebSphere Document Reviewer group Value type: Alphanumeric text string
Example values:
- DEV (No security): WpsDocReviewer=cn=wpsDocReviewer,o=default organization
- Database user registry: WpsDocReviewer=cn=wpsDocReviewer,o=default organization
LDAP example values:
- Tivoli Directory Server : cn=wpsDocReviewer,cn=groups,dc=example,dc=com
- Lotus Domino : cn=wpsDocReviewer
- Active Directory : cn=wpsDocReviewer,cn=groups,dc=example,dc=com
- Sun Java System Directory Server : cn=wpsDocReviewer,ou=groups,o=example.com
- Novell eDirectory : cn=wpsDocReviewer,ou=groups,o=example.com
Default: cn=wpsDocReviewer,o=default organization
WpsDocReviewerShort The WebSphere Document Reviewer group ID. Value type: Alphanumeric text string
Default: wpsDocReviewer
The following two properties are located in the wpconfig_dbdomain.properties file and are required when using a Lookaside database and/or federation.
Property Value wmm.DbUser Description: The user ID for the database administrator.
Notes:
- For SQL Server and non-wmm databases only, unless you are the system administrator, the values for dbdomain.DbUser and dbdomain.DbSchema must be the same.
- For Oracle and SQL Server servers, this value must be set to FEEDBACK, which corresponds to the user FEEDBACK in the database. If the user you are using is an administrative user that has authority over the FEEDBACK schema, the administrative user should be entered for the dbdomain.DbUser property.
Value type: Alphanumeric text string
- Release: db2admin
- Community: db2admin
- Customization: db2admin
- JCR: db2admin
- WMM: db2admin
- Feedback: db2admin
- LikeMinds: db2admin
Recommended: wpsdbusr (for databases other than DB2 )
wmm.DbPassword WebSphere Portal Security LTPA and SSO configuration
Property Value LTPAPassword The password for the LTPA bind. Value type: Alphanumeric text string
Default: none
LTPATimeout Number of minutes after which an LTPA token will expire. Value type: Numeric text string
Default: 120
SSODomainName Domain name for all allowable single signon host domains.
- Enter the part of the domain that is common to all servers that participate in single signon. For example, if WebSphere Portal has the domain portal.us.ibm.com and another server has the domain another_server.ibm.com, enter ibm.com.
- To specify multiple domains, use a semicolon ; to separate each domain name. For example, your_co.com;ibm.com.
Single signon (SSO) is achieved using a cookie that is sent to the browser during authentication. When connecting to other servers in the TCP/IP domain specified in the cookie, the browser sends the cookie. If no domain is set in the cookie, the browser will only send the cookie to the issuing server. See the WebSphere Application Server documentation for further details about this setting.
Value type: Fully-qualified domain name
Default: none
LDAP Properties Configuration
Property Value LookAside We can either install with LDAP only or with LDAP using a Lookaside database. The purpose of a Lookaside database is to store attributes which cannot be stored in the LDAP server; this combination of LDAP plus a Lookaside database is needed to support the Database user registry. To enable a Lookaside database, set this property to true. If you intend to use a Lookaside database, set this value before configuring security, as it cannot be configured after security is enabled.
Set Lookaside to true if you are using IWWCM™, the Common Mail portlet, or the Common Calendar portlet.
Using a Lookaside database can slow down performance.
Value type:
- true - LDAP + Lookaside database
- false - LDAP only
Default: false
LDAPHostName The host information for the LDAP server that WebSphere Portal will use.
Value type: Fully qualified host.name of the LDAP server
Default: yourldapserver.com
LDAPPort The server port of the LDAP directory.
Value type: Alphanumeric text string
Example: 389 for non-SSL or 636 for SSL
Default: 389
LDAPAdminUId The user ID for the administrator of the LDAP directory. Member Manager uses this ID to bind to the LDAP to retrieve users attributes, create new users and groups in the LDAP and update user attributes. This ID is not required to be the LDAP admin DN, but rather an ID with sufficient authority for the use cases just cited. If this property is omitted, the LDAP is accessed anonymously and read-only.
Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN).
Value type: Alphanumeric text string, conforming to the LDAP distinguished name format. For example, cn=userid.
Default: cn=root
LDAPAdminPwd The password for the LDAP directory administrator, as defined in the LDAPAdminUId property. If the LDAPAdminUId is blank, this property must be blank as well.
Value type: Alphanumeric text string
Default: none
LDAPServerType The type of LDAP Server to be used. Value type:
- Tivoli Directory Server : IBM _DIRECTORY_SERVER
- Lotus Domino : DOMINO502
- Active Directory : ACTIVE_DIRECTORY
- Sun Java System Directory Server : IPLANET
- Novell eDirectory : NDS
Default: IBM _DIRECTORY_SERVER
LDAPBindID The user ID for LDAP Bind authentication. This user ID is used by WebSphere Application Server to bind to the LDAP to retrieve user attributes required for authentication. If this property is omitted, the LDAP is access anonymously and is then read-only.
Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN). Value type:
- Tivoli Directory Server : uid=wpsbind,cn=users,dc=example,dc=com
- Lotus Domino : cn=wpsbind,o=example.com
- Active Directory : cn=wpsbind,cn=users,dc=example,dc=com
- Sun Java System Directory Server : uid=wpsbind,ou=people,o=example.com
- Novell eDirectory : uid=wpsbind,ou=people,o=example.com
Default: uid=wpsbind,cn=users,dc=example,dc=com
LDAPBindPassword The password for LDAP Bind authentication. If the LDAPBindID is blank, this property must be blank as well.
Value type: Alphanumeric text string
Default: none
Advanced LDAP Configuration
IWWCM Properties
Property Value LDAPSuffix The LDAP Suffix. Choose a value appropriate for the LDAP server. This is the distinguished name (DN) of the node in the LDAP containing all user and group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal and all Portal groups.
If WebSphere Application Server configuration tasks (for exampleL, enable-security-ldap) are used to activate WebSphere Application Server Security, this value will be used as the single Base Distinguished Name for the Application Server LDAP configuration. This value will be qualified with the LDAPUserSuffix and LDAPGroupSuffix values in order to configure Member Manager.
Set the value of the suffix to the exact case of the suffix as set in the LDAP directory. For example, if a users' DN in LDAP is returned as uid=tuser,CN=Users,DC=example,DC=com, set this value to DC=example,DC=com. Using dc=example,dc=com will cause problems with awareness in portal. For more information on this please see technical note 1174297. Value type:
- Tivoli Directory Server : dc=example,dc=com
- Lotus Domino : this value is null
- Active Directory : dc=example,dc=com
- Sun Java System Directory Server : o=example.com
- Novell eDirectory : o=example.com
Default: dc=example,dc=com
LdapUserPrefix The RDN prefix attribute name for user entries. Choose a value appropriate for the LDAP server. Value type:
- Tivoli Directory Server : uid
- Lotus Domino : cn
- Active Directory : cn
- Sun Java System Directory Server : uid
- Novell eDirectory : uid
Default: uid
LDAPUserSuffix The DN suffix attribute name for user entries. Choose a value appropriate for the LDAP server. With LDAPSuffix appended to this value, it is the DN of the common root node in the LDAP containing all user information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all users that will log into the Portal including the Portal admin users (for example, wpsadmin and wpsbind)
Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN). Value type:
- Tivoli Directory Server : cn=users
- Lotus Domino : o=example.com
- Active Directory : cn=users
- Sun Java System Directory Server : ou=people
- Novell eDirectory : ou=people
Default: cn=users
LdapGroupPrefix Description: The RDN prefix attribute name for group entries. Value type: cn
Default: cn
LDAPGroupSuffix Description: The DN suffix attribute name for group entries. Choose a value appropriate for the LDAP server. With LDAPSuffix appended to this value, it is the DN of the common root node in the LDAP containing all group information for the Portal being configured. As such, it is the lowest container in the LDAP tree still containing all group entries for the Portal including the Portal admin group (., wpsadmins). Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN). Value type:
- Tivoli Directory Server : cn=groups
- Lotus Domino : this value is null
- Active Directory : cn=groups
- Sun Java System Directory Server : ou=groups
- Novell eDirectory : ou=groups
Default: cn=groups
LDAPUserObjectClass Description: The LDAP object class of the Portal users in your LDAP directory that will log into the Portal being configured.Value type:
- Tivoli Directory Server : inetOrgPerson
- Lotus Domino : dominoPerson
- Active Directory : user
- Sun Java System Directory Server : inetOrgPerson
- Novell eDirectory : inetOrgPerson
Default: inetOrgPerson
LDAPGroupObjectClass Description: The LDAP object class of all the groups in your LDAP directory that the Portal will access.Value type:
- Tivoli Directory Server : groupOfUniqueNames
- Lotus Domino : dominoGroup
- Active Directory : group
- Sun Java System Directory Server : groupOfUniqueNames
- Novell eDirectory : groupOfNames
- Shared UserRegistry with WebSeal/IBM Tivoli Access Manager for e-business : accessGroup
Default: groupOfUniqueNames
LDAPGroupMember Description: The attribute name in the LDAP group object of the "membership" attribute. Choose a value appropriate for the LDAP server.Value type:
- Tivoli Directory Server : uniqueMember
- Lotus Domino : member
- Active Directory : member
- Sun Java System Directory Server : uniqueMember
- Novell eDirectory : uniqueMember
- Shared UserRegistry with WebSeal/Tivoli Access Manager : member
Default: uniqueMember
LDAPUserFilter The filter used by WebSphere Application Server for finding users in the LDAP. Value type:
- Tivoli Directory Server : (&(uid=%v)(objectclass=inetOrgPerson))
- Lotus Domino : (&(|(cn=%v)(uid=%v))(|(objectclass=dominoPerson)(objectclass=inetOrgPerson)))
- Active Directory : (&(|(cn=%v)(samAccountName=%v))(objectclass=user))
- Sun Java System Directory Server : (&(uid=%v)(objectclass=inetOrgPerson))
- Novell eDirectory : (&(uid=%v)(objectclass=inetOrgPerson))
Default: (&(uid=%v)(objectclass=inetOrgPerson))
LDAPGroupFilter The filter used by WebSphere Application Server for finding groups in the LDAP. Value type:
- Tivoli Directory Server : (&(cn=%v)(objectclass=groupOfUniqueNames))
- Lotus Domino : (&(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
- Active Directory : (&(cn=%v)(objectclass=group))
- Sun Java System Directory Server : (&(cn=%v)(objectclass=groupOfUniqueNames))
- Novell eDirectory : (&(cn=%v)(objectclass=groupOfUniqueNames))
Default: (&(cn=%v)(objectclass=groupOfUniqueNames))
Property Value WcmAdminGroupId The group ID for the Web Content Management Administrators group. The fully qualified distinguished name (DN) of a current administrative user for the WebSphere Application Server. For LDAP configuration this value should not contain spaces.
Value type: Alphanumeric text string
Example values:
- DEV (No security): WcmAdminGroupId=cn=wcmadmins,o=default organization
- Database user registry: WcmAdminGroupId=cn=wcmadmins,o=default organization
LDAP example values:
- Tivoli Directory Server : cn=wcmadmins,cn=groups,dc=example,dc=com
- Lotus Domino : cn=wcmadmins
- Active Directory : cn=wcmadmins,cn=groups,dc=example,dc=com
- Sun Java System Directory Server : cn=wcmadmins,ou=groups,o=example.com
- Novell eDirectory : cn=wcmadmins,ou=groups,o=example.com
Default: cn=wcmadmins,o=default organization
WcmAdminGroupIdShort Description: The Web Content Management Administrators group ID. Value type: Alphanumeric text string
Default: wcmadmins
- Optional: If you installed WebSphere Application Server as part of the WebSphere Portal installation and you plan to use WebSphere Application Server single signon, ensure that the following property in the wpconfig.properties file has the recommended value and not the default value. WebSphere Portal uses Form-based login for authentication, which requires SSO to be enabled; otherwise, you will be no longer able to login to WebSphere Portal.
If you installed WebSphere Portal onto a pre-existing profile of WebSphere Application Server, skip this step. Any pre-existing settings for WebSphere Application Server SSO are automatically detected and preserved when you run the appropriate task to configure security.
WebSphere Portal Security LTPA and SSO Configuration
Property Value SSORequiresSSL The property that specifies that Single Sign-On function is enabled only when requests are over HTTPS Secure Socket Layer (SSL) connections.
Value type: true, false
Default: false
- Save the file.
- Stop the WebSphere Portal server:
If this is a clustered environment, ensure the deployment manager and all node agents are active.
- Open a command prompt and change to the following directory:
UNIX:
was_profile_root/bin
Windows:
was_profile_root\bin
- i5/OS:
app_server_root/bin
- Enter the following command:
UNIX:
./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password
Windows:
stopServer.bat WebSphere_Portal -user admin_userid -password admin_password
- i5/OS:
stopServer WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password
...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
- Change to the following directory.
- Windows and UNIX:
portal_server_root/config
- i5/OS:
portal_server_root/config
- Enter the following command to run the appropriate configuration task for the specific operating system:
UNIX:
./WPSconfig.sh validate-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password
Windows:
WPSconfig.bat validate-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password
- i5/OS:
WPSconfig.sh -profileName profile_root validate-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
If the configuration task fails, validate the values in the wpconfig.properties file.
- Perform this step only if you meet any of the following criteria:
- Installed WebSphere Portal on a pre-existing profile of WebSphere Application Server which did not have Global Security enabled
- Installed WebSphere Application Server as part of the WebSphere Portal installation
- Installed WebSphere Portal on i5/OS which created a new profile in a pre-existing WebSphere Application Server
Enter the appropriate command to run the configuration task for your specific operating system:
If this is a cluster environment, stop all cluster members before enabling security using the enable-security-ldap task.
UNIX:
./WPSconfig.sh enable-security-ldap -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password -DLTPAPassword=password -DLDAPAdminPwd=password
Windows:
WPSconfig.bat enable-security-ldap -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password -DLTPAPassword=password -DLDAPAdminPwd=password
- i5/OS:
WPSconfig.sh -profileName profile_root enable-security-ldap -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password -DLTPAPassword=password -DLDAPAdminPwd=password...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
- Check the output for any error messages before proceeding with any additional tasks. If the configuration task fails, verify the values in the wpconfig.properties file. Before running the task again, be sure to stop the WebSphere Portal server. To stop the server follow these steps:
If this is a clustered environment, ensure the deployment manager and all node agents are active.
- Open a command prompt and change to the following directory:
UNIX:
was_profile_root/bin
Windows:
was_profile_root\bin
- i5/OS:
app_server_root/bin
- Enter the following command:
UNIX:
./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password
Windows:
stopServer.bat WebSphere_Portal -user admin_userid -password admin_password
- i5/OS:
stopServer WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password
...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
- If you are using LDAP over SSL, refer to Setting up LDAP over SSL and select the appropriate SSL topic. Ensure the LDAP is properly configured.
- Enter the following commands to restart server1 and WebSphere_Portal server. If you are running with security enabled on WebSphere Application Server, specify a user ID and password for security authentication when entering the commands.
If this is a clustered environment, stop and start all deployment manager servers and the deployment manager.
- Open a command prompt and change to the following directory:
UNIX:
was_profile_root/bin
Windows:
was_profile_root\bin
- i5/OS:
app_server_root/bin
- Enter the following command:
UNIX:
./stopServer.sh server1 -user admin_userid -password admin_password
Windows:
stopServer.bat server1 -user admin_userid -password admin_password
- i5/OS:
stopServer -profileName profile_root -user admin_userid -password admin_password
...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
...where server1 is the name of the WebSphere Application Server administrative server, and profile_root is the name given to the WebSphere Application Server profile in use.
- Enter the following command:
UNIX:
./startServer.sh server1
Windows:
startServer.bat server1
- i5/OS:
startServer -profileName profile_root
...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
...where server1 is the name of the WebSphere Application Server administrative server.
- Enter the following command:
UNIX:
./startServer.sh WebSphere_Portal
Windows:
startServer.bat WebSphere_Portal
- i5/OS:
startServer WebSphere_Portal -profileName profile_root
...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
- Perform this step only if you installed WebSphere Portal on a pre-existing profile of WebSphere Application Server, do one of the following:
This step only applies to Windows and UNIX.
- If you disabled Global Security before installing: Manually reactivate Global Security. From the WebSphere Application Server Administrative Console, select Security>Global Security. Make the appropriate selections and click OK. Restart WebSphere Portal.
- If you installed WebSphere Portal without configuring it during installation: Use the procedure below to manually deploy portlets.
Cluster note: If you are installing WebSphere Portal on a WebSphere Application Server node that is part of managed cell, this step is only required if you are installing on the primary node. It is not necessary to deploy portlets if you are installing on a secondary node.
- Ensure that WebSphere Portal is running.
- In a command prompt, change to the WebSphere Portal /config directory.
Windows and UNIX:
portal_server_root/config
- Enter the appropriate command to run the configuration task for the specific operating system:
UNIX:
./WPSconfig.sh portlets -DPortalAdminPwd=password
Windows:
WPSconfig.bat portlets -DPortalAdminPwd=password
- Perform this step only if you installed WebSphere Portal into a pre-existing SSO environment. Because you will not be given the option to import the existing token file, perform the following steps:
- To import the SSO Token:
- In the WebSphere Application Server Administrative Console, select Security > Global Security > Authentication > Authentication mechanisms > LTPA.
- Enter the LTPA token password in the Password field.
- Enter the password again in the Confirm password field.
- In the Key File Name field, enter the LTPA token file.
- Click Import Keys.
- Click Save.
- To set the SSO Domain:
- In the WebSphere Application Server Administrative Console, select Security > Global Security > Authentication > Authentication mechanisms > LTPA.
- Click Single Signon in Additional Properties.
- Enter the domain name in the Domain Name field.
- Click OK.
- Perform this step only if common name (CN) is the Relative Distinguished Name (RDN) attribute of the distinguished name (DN) and you want to allow users or portal administrators to modify directory attributes through self-care screens or the user management portlet. Set the following property value in Puma service, as described in Setting configuration properties:
user.sync.remove.attributes=cn,CNWebSphere Portal can be configured to create the CN for a user account created through WebSphere Portal interfaces (self-registration or the user management portlet create new user functions). The default configuration of WebSphere Portal generates this attribute based on the surname (sn) and givenname attribute. The configuration is also located in WP PumaService in the WebSphere Application Server Administrative Console. Modify the Puma service, by following steps described in Setting configuration properties The following entry defines the user common name pattern and can be used to customize common name. In the pattern, we can define which attribute is used. Therefore the maximum amount of attributes has to be provided by puma.commonname.parts. See the following example for more details:
For example: firstname+" "+lastname puma.commonname = {0} {1} puma.commonname.parts = 2 puma.commonname.0 = givenName puma.commonname.1 = snThis function is not available if the CN attribute is the RDN attribute.
Verifying configuration
Access WebSphere Portal using http://hostname.nameofyourcompany.com:port/wps/portal and verify that we can log in.Configuring WebSphere Portal to work with an LDAP directory automatically enables WebSphere Application Server Global Security. Once security is enabled, type the fully qualified host name when accessing WebSphere Portal and the WebSphere Application Server Administrative Console.
Security is enabled
Once you have enabled security with the LDAP directory, provide the user ID and password required for security authentication on WebSphere Application Server when you perform certain administrative tasks with WebSphere Application Server. For example, to stop the WebSphere Portal application server, you would issue the following command:
- Enter the following command:
UNIX:
./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password
Windows:
stopServer.bat WebSphere_Portal -user admin_userid -password admin_password
- i5/OS:
stopServer WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password
...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.
Next steps
You have completed this step. Continue to the next step by choosing the following topic:
Parent topic:
Configuring LDAP for non-realm support