Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Use properties files to manage system configuration > Manage specific configuration objects using properties files > Work with security properties files
Enable global security and configure federated user registries using properties files
We can use properties files to enable global security and configure federated LDAP user registries. This topic provides an example properties file that you can modify for the environment.
Determine whether to use SSL to access a LDAP server. If you use SSL to access a LDAP server, extract the LDAP server signer certificate, store it in the default trust store, and then restart the server. The example properties file completes these steps.
The example properties file in this topic assumes that the administrative user already exists in the LDAP user registry.
Procedure
- Start wsadmin.sh.
wsadmin -lang jython
- Create a properties file that retrieves an SSL signer certificate from a port, enables global security, and configures a federated LDAP user registry.
### Extract LDAP server signer certificate and store it in default trust store. ### Save configuration and restart server after retrieving signer certificate. CreateDeleteCommandProperties=true SKIP=true commandName=retrieveSignerFromPort ### Properties port=636 #Integer,required keyStoreScope=(cell):!{cellName}:(node):!{nodeName} #String sslConfigName=NodeDefaultSSLSettings #String host=!{ldapHostName} #String,required certificateAlias=ldapalias #String,required keyStoreName=NodeDefaultTrustStore #String,required sslConfigScopeName=(cell):!{cellName}:(node):!{nodeName} #String ### Enable global security with adminuser and adminpasswd CreateDeleteCommandProperties=true commandName=applyWizardSettings ### Properties adminPassword=!{adminPasswd} #String userRegistryType=WIMUserRegistry #String,required secureApps=true #Boolean,required ldapServerType=null #String customProps=null #String adminName=!{adminUser} #String,required ldapPort=null #String secureLocalResources=false #Boolean,required ldapBindPassword=null #String ldapBaseDN=null #String customRegistryClass=null #String ignoreCase=null #Boolean ldapHostName=null #String ldapBindDN=null #String ### create IdMgr for LDAP # CreateDeleteCommandProperties=true commandName=createIdMgrLDAPRepository ###Properties certificateFilter=null #String searchTimeLimit=null #Integer translateRDN=null #Boolean supportSorting=null #Boolean ldapServerType=IDS #String,required supportTransactions=null #Boolean supportAsyncMode=null #Boolean primaryServerQueryTimeInterval=null #Integer adapterClassName=null #String supportExternalName=null #Boolean isExtIdUnique=null #Boolean sslConfiguration=NodeDefaultSSLSettings #String searchCountLimit=null #Integer id=!{ldapRegId} #String,required searchPageSize=null #Integer loginProperties=uid #String supportPaging=null #Boolean default=true #Boolean returnToPrimaryServer=null #Boolean certificateMapMode=exactdn #String ### add IdMgr to ldap server CreateDeleteCommandProperties=true commandName=addIdMgrLDAPServer ### Properties sslConfiguration=NodeDefaultSSLSettings #String id=!{ldapRegId} #String,required port=636 #Integer derefAliases=null #String ldapServerType=IDS #String bindPassword=!{bindPasswd} #String certificateFilter=null #String authentication=simple #String sslEnabled=true #Boolean connectTimeout=null #Integer referal=ignore #String host=!{ldapHostName} #String,required bindDN=cn=root #String certificateMapMode=exactdn #String connectionPool=null #Boolean ### configure other LDAP attrs CreateDeleteCommandProperties=true commandName=addIdMgrRepositoryBaseEntry ### Properties name=c=us #String,required nameInRepository=c=us #String id=!{ldapRegId} #String,required CreateDeleteCommandProperties=true commandName=updateIdMgrSupportedEntityType ### Properties defaultParent=c=us #String name=Group #String,required rdnProperties=cn #String CreateDeleteCommandProperties=true commandName=updateIdMgrSupportedEntityType ### Properties defaultParent=c=us #String name=OrgContainer #String,required rdnProperties=o;ou;dc;cn #String CreateDeleteCommandProperties=true commandName=updateIdMgrSupportedEntityType defaultParent=c=us #String name=PersonAccount #String,required rdnProperties=uid ### Add this IdMgr as base entry to default realm CreateDeleteCommandProperties=true commandName=addIdMgrRealmBaseEntry name=defaultWIMFileBasedRealm #String,required baseEntry=c=us #String,required ### delete old WIM IdMgr as base entry from default realm. CreateDeleteCommandProperties=true commandName=deleteIdMgrRealmBaseEntry ### Properties name=defaultWIMFileBasedRealm #String,required baseEntry=o=defaultWIMFileBasedRealm #String,required ### Environment Variables cellName=myCell04 nodeName=myNode03 ldapHostName=myLdapHost adminUser=myAdminId adminPasswd=myAdminPasswd ldapRegId=ldapRegId bindPasswd=myBindPw- Run applyConfigProperties.
AdminTask.applyConfigProperties(['-propertiesFileName mySecurityConfig.props -reportFileName report.txt'])
Results
The properties file uses administrative command to enable global security and configure a federated LDAP user registry.
What to do next
To apply this properties file, modify the for the environment.
Retrive signer certificates using SSL properties files
Work with LDAP properties files
Related
PropertiesBasedConfiguration command group using wsadmin.sh