Configure a database user registry

 

+
Search Tips   |   Advanced Search

 

You are here
  1. Database user registry

  2. Configure a database user registry (Current task)

  3. Verify the database user registry

 

Overview

Follow the procedure below to...

  • Configure a database user registry for authentication.
  • Enable WebSphere Application Server Global Security
  • Manually deploys portlets if you installed WebSphere Portal without configuring it during installation

Do not use this procedure if one of the following conditions is true:

 

Procedure

  1. Disable WAS Global Security

  2. Make a backup copy of...

  3. Edit...

    portal_server_root/config/wpconfig.properties

    ...and enter the values that are appropriate for the environment.

     

    Section of wpconfig.properties: WAS properties

    Property Value
    LTPAPassword The password for the LTPA bind.

    Value type: Alphanumeric text string

    Default: none

    WasUserid The user ID for WAS security authentication.

    Type the value in lower case.

    If a value is specified for WasUserid, a value must also be specified for WasPassword. If WasUserid is left blank, WasPassword must also be left blank.

    Value type: Alphanumeric text string

    Default: ReplaceWithYourWASUserID

    WasPassword The password for WAS security authentication.

    If a value is specified for WasPassword, a value must also be specified for WasUserid. If WasPassword is left blank, WasUserid must also be left blank.

    Value type: Alphanumeric text string

    Default: ReplaceWithYourWASUserPwd

    LTPATimeout Number of minutes after which an LTPA token will expire.

    Value type: Numeric text string

    Default: 120

     

    Section of wpconfig.properties: WebSphere Portal configuration

    Property Value
    PortalAdminId The user ID for the WebSphere Portal administrator, which should be the fully qualified DN.

    Type the value in lower case, regardless of the case used in the DN.

    Value type: Alphanumeric text string

    PortalAdminPwd The password for the WebSphere Portal administrator, as defined in the PortalAdminId property.

    Value type: Alphanumeric text string

    Example: yourportaladminpwd

    Default: none

    PortalAdminGroupId The group ID for the group to which the WebSphere Portal administrator belongs.

    Make sure to type the value in lower case, regardless of the case used in the DN.

    Value type: Alphanumeric text string

    Default: cn=wpsadmins,o=default organization

    WmmDefaultRealm The default realm of the Member Manager user registry configuration. Set this property before enabling security with enable-security-wmmur-ldap or enable-security-wmmur-db.

    Value type: Alphanumeric text string

    Default: portal

     

    Section of wpconfig.properties: Database configuration in wpconfig_dbdomain.properties

    Property Value
    wmm.DbUser

    The user ID for the database administrator.

    For SQL Server and non-wmm databases only, unless you are the system administrator, the values for dbdomain.DbUser and dbdomain.DbSchema must be the same.

    For Oracle and SQL Server servers, this value must be set to FEEDBACK, which corresponds to the user FEEDBACK in the database. If the user you are using is an administrative user that has authority over the FEEDBACK schema, the administrative user should be entered for the dbdomain.DbUser property.

    Value type: Alphanumeric text string Default:

    • Release: db2admin
    • Community: db2admin
    • Customization: db2admin
    • JCR: db2admin
    • WMM: db2admin
    • Feedback: db2admin
    • LikeMinds: db2admin

    Recommended: wpsdbusr (for databases other than DB2 )

    wmm.DbPassword

    The password for the database administrator.

    A value must be set for this property; it cannot be empty.

    Default value for all domains: ReplaceWithYourDbAdminPwd

  4. Save the file.

  5. Use the following steps to stop the WebSphere Portal application server:

    cd was_profile_root/bin
    ./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password
    cd portal_server_root/config

  6. Follow these steps if you are running this task on a node that is already federated and have not previously used this step to copy Member Manager files to the deployment manager machine:

    1. Create the wasextarchive.jar file, which contains the Member Manager binaries.

    2. Copy the wasextarchive.jar file to the installation root folder of the deployment manager machine.

      The wasextarchive.jar file is located in the following directory:

    3. Stop the deployment manager by issuing the following command from the app_server_root/bin directory on the deployment manager machine:

      • UNIX:

        ./stopManager.sh

      • Windows:

        stopManager.bat

      • i5/OS:

        stopManager -profileName dmgr_profile

    4. Extract the contents of the wasextarchive.jar file to the app_server_root directory on the deployment manager machine.

      • Windows and UNIX:

        Run the following command from the app_server_root directory:

        • UNIX:

          ./java/bin/jar -xvf wasextarchive.jar

        • Windows:

          java\bin\jar -xvf wasextarchive.jar

      • i5/OS:

        Run the following command from the ProdData app_server_root directory: /QIBM /ProdData/Java400/jdk14/bin/jar -xvf wasextarchive.jar

    5. Verify that the app_server_root/lib directory contains files that start with wmm.

    6. Restart the deployment manager by issuing the following command from the app_server_root/bin directory:

      • UNIX:

        ./startManager.sh

      • Windows:

        startManager.bat

      • i5/OS:

        startManager -profileName dmgr_profile

    To log in to the deployment manager administrative console using the WAS short ID, complete the following steps on the deployment manager machine. These steps are only required if you have enabled database security that uses the user registry provided by Member Manager (WMMUR) as the authentication mechanism.

    1. Ensure that the database software required for the Member Manager domain is installed.

    2. Log in to the deployment manager administrative console, and click Resources > JDBC Providers.

    3. Click on the JDBC provider that contains the Member Manager data source.

    4. In the Classpath field, note the name of the environment variable specified. For example, ${ DB2_JDBC_DRIVER_CLASSPATH}.

    5. Select Environment > WebSphere Variables in the navigation tree.

    6. Select the deployment manager node to filter the list of variables.

    7. Click New.

    8. Enter the name of the variable previously specified by the JDBC provider (${ DB2_JDBC_DRIVER_CLASSPATH}).

    9. In the Value field, enter the directory and name of the ZIP or JAR file that contains the JDBC driver class. For example: db2_install/java/db2java.zip.

    10. Save the changes to the deployment manager configuration.

  7. Perform this step only if you are in a clustered environment: If you enabled security using the database user registry, the Member Manager Datasource definitions will automatically be created on the Deployment Manager cell. All nodes need to define a WebSphereEnvironment Variable for the JdbcClassPath.

    The nodes which have WebSphere Portal installed will already have this WebSphereEnvironment Variable defined. Refer to the Creating a WebSphereEnvironment Variable section in the WAS information center for information on how to manually create the WebSphereEnvironment Variable definitions. When defining the WebSphereEnvironment Variable, please ensure that the name matches the DBTYPE_JDBC_DRIVER_CLASSPATH.

  8. Enter the appropriate command to run the configuration task:

    If this is a cluster environment, stop all cluster members before enabling security using the enable-security-wmmur-db task.

    If you are configuring security with a database repository, we can only login to the portal and the WAS Administration console using the short ID, for example, as a portaladmin user, you would use the id you specified in the wpconfig.properties file under PortalAdminId and as the WAS administrative user, you would use the ID for WasUserid.

    Check the output for any error messages before proceeding with any additional tasks. If the configuration task fails, verify the values in the wpconfig.properties file.

  9. In order to make security active, restart server1 and any other servers where WebSphere Portal is not installed.

    1. Open a command prompt and change to the following directory:

    2. Enter the following commands to stop and start server1 and start WebSphere_Portal, if necessary.

      1. Enter the following command:

        • UNIX:

          ./stopServer.sh server1 -user admin_userid -password admin_password

        • Windows:

          stopServer.bat server1 -user admin_userid -password admin_password

          stopServer -profileName profile_root -user admin_userid -password admin_password

          ...where server1 is the name of the WAS administrative server, and profile_root is the name given to the WAS profile in use.

            ./startServer.sh server1
            ./startServer.sh WebSphere_Portal

          For i5/OS:

 

Next steps

After configuring the database user registry, Verifying the database user registry that the database user registry is working properly.

 

Related information

 

Parent topic:

Database user registry