Set local operating system user registries using scripting


Use this topic to configure user registries for global security and security domain configurations using wsadmin. We can define user registries at the global level and for multiple security domains. You must meet the following requirements before configuring local operating system user registries:

Set local operating system user registries to support use of the authentication mechanism with the user accounts database of the local operating system. We can specify local operating system user registries at the global level and at the security domain.

When you configure a user registry in the global security configuration, the administrator does not specify a realm name for the user registry. The system determines the realm name from the security runtime. The system typically specifies the hostname for local operating system registries.

In security domains, we can configure a different realm for a user registry configuration. For example, we can configure two registries that use the same LDAP server listening on the same port, but use different base distinguished names (baseDN). This allows the configuration to serve different sets of users and groups. To use this type of scenario, specify a realm name for each user registry configured for a domain. Because there can be multiple realms in the configuration, we can also specify a list of trusted realms. This allows communication between applications that use different realms.

Use the following steps to configure local operating system user registries for the global security configuration and for multiple security domains:

 

 

What to do next


Local operating system registries

 

Related tasks


Set security domains using scripting
Mapping resources to security domains using scripting
Remove resources from security domains using scripting
Remove security domains using scripting