WAS v8.5 > Script the application serving environment (wsadmin) > Use properties files to manage system configuration > Manage specific configuration objects using properties files > Work with security properties files

Enable global security and configuring federated user registries using properties files

We can use properties files to enable global security and configure federated LDAP user registries. This topic provides an example properties file that we can modify for the environment.

Determine whether to use Secure Sockets Layer (SSL) to access a LDAP server. If we use SSL to access a LDAP server, extract the LDAP server signer certificate, store it in the default trust store, and then restart the server. The example properties file completes these steps.

The example properties file in this topic assumes the administrative user already exists in the LDAP user registry.

Further, the example specifies several commands:

  1. Start the wsadmin scripting tool.

    To start wsadmin using the Jython language, run the following command from the bin directory of the server profile:

      wsadmin -lang jython

  2. Create a properties file that retrieves an SSL signer certificate from a port, enables global security, and configures a federated LDAP user registry. 
    #
# Extract LDAP server signer certificate and store it in default trust store.
# Save configuration and restart server after retrieving signer certificate.
#
CreateDeleteCommandProperties=true
SKIP=true
commandName=retrieveSignerFromPort
#

#
#Properties
#
port=636 #Integer,required
keyStoreScope=(cell):!{cellName}:(node):!{nodeName} #String
sslConfigName=NodeDefaultSSLSettings #String
host=!{ldapHostName} #String,required
certificateAlias=ldapalias #String,required
keyStoreName=NodeDefaultTrustStore #String,required
sslConfigScopeName=(cell):!{cellName}:(node):!{nodeName} #String
#

#
# Enable global security with adminuser and adminpasswd
#

#
CreateDeleteCommandProperties=true
commandName=applyWizardSettings
#

#
# Properties
#
adminPassword=!{adminPasswd} #String
userRegistryType=WIMUserRegistry #String,required
secureApps=true #Boolean,required
ldapServerType=null #String
customProps=null #String
adminName=!{adminUser} #String,required
ldapPort=null #String
secureLocalResources=false #Boolean,required
ldapBindPassword=null #String
ldapBaseDN=null #String
customRegistryClass=null #String
ignoreCase=null #Boolean
ldapHostName=null #String
ldapBindDN=null #String
#

#
# create IdMgr for LDAP
#

#
CreateDeleteCommandProperties=true
commandName=createIdMgrLDAPRepository
#

#
#Properties
#
certificateFilter=null #String
searchTimeLimit=null #Integer
translateRDN=null #Boolean
supportSorting=null #Boolean
ldapServerType=IDS #String,required
supportTransactions=null #Boolean
supportAsyncMode=null #Boolean
primaryServerQueryTimeInterval=null #Integer
adapterClassName=null #String
supportExternalName=null #Boolean
isExtIdUnique=null #Boolean
sslConfiguration=NodeDefaultSSLSettings #String
searchCountLimit=null #Integer
id=!{ldapRegId} #String,required
searchPageSize=null #Integer
loginProperties=uid #String
supportPaging=null #Boolean
default=true #Boolean
returnToPrimaryServer=null #Boolean
certificateMapMode=exactdn #String
#

#
# add IdMgr to ldap server #

CreateDeleteCommandProperties=true
commandName=addIdMgrLDAPServer
#

#
# Properties
#
sslConfiguration=NodeDefaultSSLSettings #String
id=!{ldapRegId} #String,required
port=636 #Integer
derefAliases=null #String
ldapServerType=IDS #String
bindPassword=!{bindPasswd} #String
certificateFilter=null #String
authentication=simple #String
sslEnabled=true #Boolean
connectTimeout=null #Integer
referal=ignore #String
host=!{ldapHostName} #String,required
bindDN=cn=root #String
certificateMapMode=exactdn #String
connectionPool=null #Boolean
#

#
# configure other LDAP attrs
#

#
CreateDeleteCommandProperties=true
commandName=addIdMgrRepositoryBaseEntry
#

#
# Properties
#
name=c=us #String,required
nameInRepository=c=us #String
id=!{ldapRegId} #String,required
#

#
CreateDeleteCommandProperties=true
commandName=updateIdMgrSupportedEntityType
#

#
# Properties
#
defaultParent=c=us #String
name=Group #String,required
rdnProperties=cn #String
#

#
CreateDeleteCommandProperties=true
commandName=updateIdMgrSupportedEntityType
#

#
# Properties
#
defaultParent=c=us #String
name=OrgContainer #String,required
rdnProperties=o;ou;dc;cn #String
#

#
CreateDeleteCommandProperties=true
commandName=updateIdMgrSupportedEntityType
#

#
#Properties
#
defaultParent=c=us #String
name=PersonAccount #String,required
rdnProperties=uid
#

#
# add this IdMgr as base entry to default realm 
#

#
CreateDeleteCommandProperties=true
commandName=addIdMgrRealmBaseEntry
#

#
# Properties
#
name=defaultWIMFileBasedRealm #String,required
baseEntry=c=us #String,required
#

#
# delete old WIM IdMgr as base entry from default realm.
#

#
CreateDeleteCommandProperties=true
commandName=deleteIdMgrRealmBaseEntry
#

#
# Properties
#
name=defaultWIMFileBasedRealm #String,required
baseEntry=o=defaultWIMFileBasedRealm #String,required
#


EnvironmentVariablesSection
#
# Environment Variables
#
cellName=myCell04
nodeName=myNode03
ldapHostName=myLdapHost
adminUser=myAdminId
adminPasswd=myAdminPasswd
ldapRegId=ldapRegId
bindPasswd=myBindPw

  3. Run the applyConfigProperties command.

    Running the applyConfigProperties command applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:

      AdminTask.applyConfigProperties(['-propertiesFileName mySecurityConfig.props -reportFileName report.txt'])


Results

The properties file uses administrative command to enable global security and configure a federated LDAP user registry.

To apply this properties file, modify the for the environment.


Related


Retrieving signer certificates using SSL properties files
Work with LDAP properties files


Reference:

PropertiesBasedConfiguration command group for AdminTask using wsadmin.sh


+

Search Tips   |   Advanced Search