Enable global security and configuring federated user registries using properties files
We can use properties files to enable global security and configure federated LDAP user registries. Modify the example properties file for the environment.
Determine whether to use Secure Sockets Layer (SSL) to access a LDAP server. If we use SSL to access a LDAP server, you must extract the LDAP server signer certificate, store it in the default trust store, and then restart the server. The example properties file completes these steps.
The example properties file assumes that the administrative user already exists in the LDAP user registry.
Further, the example specifies several commands:
- retrieveSignerFromPort to retrieve an SSL signer certificate from a port
- applyWizardSettings
- createIdMgrLDAPRepository
- addIdMgrLDAPServer
- addIdMgrRepositoryBaseEntry
- updateIdMgrSupportedEntityType
- addIdMgrRealmBaseEntry
- deleteIdMgrRealmBaseEntry
- Start the wsadmin scripting tool.
To start wsadmin using the Jython language, run the following command from the bin directory of the server profile:
wsadmin -lang jython
- Create a properties file that retrieves an SSL signer certificate from a port, enables global security, and configures a federated LDAP user registry.
# # Extract LDAP server signer certificate and store it in default trust store. # Save configuration and restart server after retrieving signer certificate. # CreateDeleteCommandProperties=true SKIP=true commandName=retrieveSignerFromPort # # #Properties # port=636 #Integer, required keyStoreScope=(cell):!{cellName}:(node):!{nodeName} #String sslConfigName=NodeDefaultSSLSettings #String host=!{ldapHostName} #String, required certificateAlias=ldapalias #String, required keyStoreName=NodeDefaultTrustStore #String, required sslConfigScopeName=(cell):!{cellName}:(node):!{nodeName} #String # # # Enable global security with adminuser and adminpasswd # # CreateDeleteCommandProperties=true commandName=applyWizardSettings # # # Properties # adminPassword=!{adminPasswd} #String userRegistryType=WIMUserRegistry #String, required secureApps=true #Boolean, required ldapServerType=null #String customProps=null #String adminName=!{adminUser} #String, required ldapPort=null #String secureLocalResources=false #Boolean, required ldapBindPassword=null #String ldapBaseDN=null #String customRegistryClass=null #String ignoreCase=null #Boolean ldapHostName=null #String ldapBindDN=null #String # # # create IdMgr for LDAP # # CreateDeleteCommandProperties=true commandName=createIdMgrLDAPRepository # # #Properties # certificateFilter=null #String searchTimeLimit=null #Integer translateRDN=null #Boolean supportSorting=null #Boolean ldapServerType=IDS #String, required supportTransactions=null #Boolean supportAsyncMode=null #Boolean primaryServerQueryTimeInterval=null #Integer adapterClassName=null #String supportExternalName=null #Boolean isExtIdUnique=null #Boolean sslConfiguration=NodeDefaultSSLSettings #String searchCountLimit=null #Integer id=!{ldapRegId} #String, required searchPageSize=null #Integer loginProperties=uid #String supportPaging=null #Boolean default=true #Boolean returnToPrimaryServer=null #Boolean certificateMapMode=exactdn #String # # # add IdMgr to ldap server # CreateDeleteCommandProperties=true commandName=addIdMgrLDAPServer # # # Properties # sslConfiguration=NodeDefaultSSLSettings #String id=!{ldapRegId} #String, required port=636 #Integer derefAliases=null #String ldapServerType=IDS #String bindPassword=!{bindPasswd} #String certificateFilter=null #String authentication=simple #String sslEnabled=true #Boolean connectTimeout=null #Integer referal=ignore #String host=!{ldapHostName} #String, required bindDN=cn=root #String certificateMapMode=exactdn #String connectionPool=null #Boolean # # # configure other LDAP attrs # # CreateDeleteCommandProperties=true commandName=addIdMgrRepositoryBaseEntry # # # Properties # name=c=us #String, required nameInRepository=c=us #String id=!{ldapRegId} #String, required # # CreateDeleteCommandProperties=true commandName=updateIdMgrSupportedEntityType # # # Properties # defaultParent=c=us #String name=Group #String, required rdnProperties=cn #String # # CreateDeleteCommandProperties=true commandName=updateIdMgrSupportedEntityType # # # Properties # defaultParent=c=us #String name=OrgContainer #String, required rdnProperties=o;ou;dc;cn #String # # CreateDeleteCommandProperties=true commandName=updateIdMgrSupportedEntityType # # #Properties # defaultParent=c=us #String name=PersonAccount #String, required rdnProperties=uid # # # add this IdMgr as base entry to default realm # # CreateDeleteCommandProperties=true commandName=addIdMgrRealmBaseEntry # # # Properties # name=defaultWIMFileBasedRealm #String, required baseEntry=c=us #String, required # # # delete old WIM IdMgr as base entry from default realm. # # CreateDeleteCommandProperties=true commandName=deleteIdMgrRealmBaseEntry # # # Properties # name=defaultWIMFileBasedRealm #String, required baseEntry=o=defaultWIMFileBasedRealm #String, required # EnvironmentVariablesSection # # Environment Variables # cellName=myCell04 nodeName=myNode03 ldapHostName=myLdapHost adminUser=myAdminId adminPasswd=myAdminPasswd ldapRegId=ldapRegId bindPasswd=myBindPw
- Run the applyConfigProperties command.
Running the applyConfigProperties command applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:
AdminTask.applyConfigProperties(['-propertiesFileName mySecurityConfig.props -reportFileName report.txt'])
Results
The properties file uses administrative command to enable global security and configure a federated LDAP user registry.
What to do next
To apply this properties file, modify the for the environment.
Related tasks
Retrieve signer certificates using SSL properties files Work with LDAP properties files
PropertiesBasedConfiguration (AdminTask)