WebSphere

 

Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

 

Configure Domino Directory for non-realm support

 

+

Search Tips   |   Advanced Search

 

Choose this option to configure the WebSphere Application Server to access the LDAP server directly. In this configuration, only one user registry and, therefore only one "realm", can be created. Configuring for LDAP without realm support should be used only for systems where only one system is required and all user information can be stored in one location. However, to provide for future flexibility, the recommended configuration is for LDAP with realm support.

Follow these steps to edit the wpconfig.properties and wpconfig_dbdomain.properties files and run the appropriate configuration tasks so that WebSphere Portal Express can work with the LDAP server.

These instructions apply to either a single server installation or a cluster environment. When setting up a cluster to use an LDAP server, it is only necessary to perform these steps on the primary node in the cluster.

A configuration template might exist to support these instructions. Refer to...

portal_server_root/config/helpers

...for available configuration templates.

Use the configuration template to update the wpconfig.properties and wpconfig_dbdomain.properties.

If you do not want to use a configuration template, simply follow the instructions below as written.

  1. Ensure that the LDAP software is installed and any setup has been performed.

  2. Locate the wpconfig.properties and wpconfig_dbdomain.properties files in the following directory and create a back up copy before changing any values:

  3. Use a text editor to open the wpconfig.properties and wpconfig_dbdomain.propertiesfiles and enter the values appropriate for your environment.

    Do not change any settings other than those specified in these steps.

    Use / instead of \ for all platforms.

    Some values, shown in italics below, might need to be modified to your specific environment.

     

    Section of the wpconfig.properties file: IBM WebSphere Application Server

    Property Value
    WasUserid The user ID for WAS security authentication. For an LDAP configuration this should be the fully qualified distinguished name of a current administrative user for the WAS.

    For a configuration using Member Manager User Registry database the short version of the distinguished name must be used.

    Make sure to type the value in lower case, regardless of the case used in the distinguished name. If a value is specified for WasUserid, a value must also be specified for WasPassword.

    If WasUserid is left blank, WasPassword must also be left blank.

    For LDAP configuration this value should not contain spaces.

    Type: Alphanumeric text string

    Example: When using LDAP security:

    Tivoli Directory Server uid=wpsbind,cn=users,dc=example,dc=com
    Lotus Domino cn=wpsbind,o=example.com
    Active Directory cn=wpsbind,cn=users,dc=example,dc=com
    Active Directory Application Mode cn=wpsbind,cn=users,dc=example,dc=com
    Sun Java System Directory Server uid=wpsbind,ou=people,o=example.com
    Novell eDirectory uid=wpsbind,ou=people,o=example.com

    Example: When using Custom User Registry (CUR):

    • CUR: wpsbind

    Default: ReplaceWithYourWASUserID

    WasPassword The password for WAS security authentication.

    If a value is specified for WasPassword, a value must also be specified for WasUserid. If WasPassword is left blank, WasUserid must also be left blank.

    Type: Alphanumeric text string

    Recommended: Set this value according to a environment.

    Default: ReplaceWithYourWASUserPwd

     

    Section of the wpconfig.properties file: WebSphere Portal Express configuration properties

    WpsContentAdministrators, WpsDocReviewer, and PortalAdminGroupId should be different groups.

    Property Value
    PortalAdminId User ID for the WebSphere Portal Express administrator. Should be the fully qualified distinguished name (DN).

    For LDAP configuration this value should not contain spaces.

    Make sure to type the value in lower case, regardless of the case used in the DN.

    Type: Alphanumeric text string, conforming to the LDAP distinguished name format

    Examples for LDAP:

    Tivoli Directory Server uid=portaladminid,cn=users,dc=example,dc=com
    Lotus Domino cn=portaladminid,o=example.com
    Active Directory
    Active Directory Application Mode     		cn=portaladminid,cn=users,dc=example,dc=com
    Sun Java System Directory Server uid=portaladminid,ou=people,o=example.com
    Novell eDirectory uid=portaladminid,ou=people,o=example.com

    Custom User Registry example: uid=portaladminid

    Windows and Linux default: none

    i5/OS default: uid=portaladminid,o=default organization

    PortalAdminPwd The password for the WebSphere Portal Express administrator, as defined in the PortalAdminId property.

    Type: Alphanumeric text string

    Example: yourportaladminpwd

    Default: none

    PortalAdminGroupId The group ID for the group to which the WebSphere Portal Express administrator belongs.

    Make sure to type the value in lower case, regardless of the case used in the DN.

    Type: Alphanumeric text string, conforming to the LDAP distinguished name format

    Examples for LDAP:

    Tivoli Directory Server cn=wpsadmins,cn=groups,dc=example,dc=com
    Lotus Domino cn=wpsadmins
    Active Directory cn=wpsadmins,cn=groups,dc=example,dc=com
    Active Directory Application Mode cn=wpsadmins,cn=groups,dc=example,dc=com
    Sun Java System Directory Server cn=wpsadmins,ou=groups,o=example.com
    Novell eDirectory cn=wpsadmins,ou=groups,o=example.com
    Custom User Registry cn=wpsadmins,o=default organization

    Default: cn=wpsadmins,o=default organization

    WpsContentAdministrators The group ID for the WebSphere Content Administrator group.

    Type: Alphanumeric text string

    Example values:

    DEV (No security): WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization
    Member Manager User Repository database WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization

    LDAP example values:

    Tivoli Directory Server cn=wpsContentAdministrators,cn=groups,dc=example,dc=com
    Lotus Domino cn=wpsContentAdministrators
    Active Directory cn=wpsContentAdministrators,cn=groups,dc=example,dc=com
    Active Directory Application Mode cn=wpsContentAdministrators,cn=groups,dc=example,dc=com
    Sun Java System Directory Server cn=wpsContentAdministrators,ou=groups,o=example.com
    Novell eDirectory cn=wpsContentAdministrators,ou=groups,o=example.com

    Default: cn=wpsContentAdministrators,o=default organization

    WpsContentAdministratorsShort WebSphere Content Administrators group ID.

    Type: Alphanumeric text string

    Default: wpsContentAdministrators

    WpsDocReviewer The group ID for the WebSphere Document Reviewer group

    Type: Alphanumeric text string

    Example values:

    DEV (No security) WpsDocReviewer=cn=wpsDocReviewer,o=default organization
    Database user registry WpsDocReviewer=cn=wpsDocReviewer,o=default organization

    LDAP example values:

    Tivoli Directory Server cn=wpsDocReviewer,cn=groups,dc=example,dc=com
    Lotus Domino cn=wpsDocReviewer
    Active Directory cn=wpsDocReviewer,cn=groups,dc=example,dc=com
    Active Directory Application Mode cn=wpsDocReviewer,cn=groups,dc=example,dc=com
    Sun Java System Directory Server cn=wpsDocReviewer,ou=groups,o=example.com
    Novell eDirectory cn=wpsDocReviewer,ou=groups,o=example.com

    Default: cn=wpsDocReviewer,o=default organization

    WpsDocReviewerShort The WebSphere Document Reviewer group ID.

    Type: Alphanumeric text string

    Default: wpsDocReviewer

     

    Section of the wpconfig.properties file: WebSphere Portal Express Security LTPA configuration

    Property Value
    LTPAPassword The password for the LTPA bind.

    Type: Alphanumeric text string

    Default: none

    LTPATimeout Number of minutes after which an LTPA token will expire.

    Type: Numeric text string

    Default: 120

    SSODomainName Domain name for all allowable single signon host domains.

    • Enter the part of the domain that is common to all servers that participate in single signon. For example, if WebSphere Portal Express has the domain portal.us.ibm.com and another server has the domain another_server.ibm.com, enter ibm.com.

    • To specify multiple domains, use a semicolon ; to separate each domain name. For example, your_co.com;ibm.com.

    Single signon (SSO) is achieved using a cookie that is sent to the browser during authentication. When connecting to other servers in the TCP/IP domain specified in the cookie, the browser sends the cookie. If no domain is set in the cookie, the browser will only send the cookie to the issuing server.

    Type: Fully-qualified domain name

    Default: none

     

    Section of the wpconfig.properties file: LDAP Properties Configuration

    Property Value
    LookAside You can either install with LDAP only or with LDAP using a Lookaside database. The purpose of a Lookaside database is to store attributes which cannot be stored in your LDAP server; this combination of LDAP plus a Lookaside database is needed to support the Database user registry.

    To enable a Lookaside database, set this property to true.

    If you intend to use a Lookaside database, set this value before configuring security, as it cannot be configured after security is enabled.

    Set Lookaside to true if you are using IBM Workplace Web Content Managementâ„¢.

    Using a Lookaside database can slow down performance.

    Type:

    Default: false

    LDAPHostName The host information for the LDAP server that WebSphere Portal Express will use.

    Type: Fully qualified host name of the LDAP server

    Default: yourldapserver.com

    LDAPPort The server port of the LDAP directory.

    Type: Alphanumeric text string

    Example: 389 for non-SSL or 636 for SSL

    Default: 389

    Configuration tasks only work against a non-SSL port. After configuring security, you will need to manually configure security over SSL and change this value to the SSL value.

    LDAPAdminUId The user ID for the administrator of the LDAP directory. Member Manager uses this ID to bind to the LDAP to retrieve users attributes, create new users and groups in the LDAP and update user attributes. This ID is not required to be the LDAP admin DN, but rather an ID with sufficient authority for the use cases just cited. If this property is omitted, the LDAP is accessed anonymously and read-only.

    Make sure to type the value in lower case, regardless of the case used in the DN.

    Type: Alphanumeric text string, conforming to the LDAP distinguished name format. For example, cn=userid.

    Default: cn=root

    LDAPAdminPwd The password for the LDAP directory administrator, as defined in the LDAPAdminUId property. If the LDAPAdminUId is blank, this property must be blank as well.

    Type: Alphanumeric text string

    Default: none

    LDAPServerType The type of LDAP Server to be used.

    Example values:

    Tivoli Directory Server IBM_DIRECTORY_SERVER
    Lotus Domino DOMINO502
    Active Directory ACTIVE_DIRECTORY
    Active Directory Application Mode ACTIVE_DIRECTORY
    Sun Java System Directory Server IPLANET
    Novell eDirectory NDS

    Default: IBM_DIRECTORY_SERVER

    LDAPBindID The user ID for LDAP Bind authentication. This user ID is used by WAS to bind to the LDAP to retrieve user attributes required for authentication.

    If this property is omitted, the LDAP is access anonymously and is then read-only.

    Make sure to type the value in lower case, regardless of the case used in the DN.

    Example values:

    Tivoli Directory Server uid=wpsbind,cn=users,dc=example,dc=com
    Lotus Domino cn=wpsbind,o=example.com
    Active Directory cn=wpsbind,cn=users,dc=example,dc=com
    Active Directory Application Mode cn=wpsbind,cn=users,dc=example,dc=com
    Sun Java System Directory Server uid=wpsbind,ou=people,o=example.com
    Novell eDirectory uid=wpsbind,ou=people,o=example.com

    Default: uid=wpsbind,cn=users,dc=example,dc=com

    LDAPBindPassword The password for LDAP Bind authentication.

    If the LDAPBindID is blank, this property must be blank as well.

    Type: Alphanumeric text string

    Default: none

     

    Section of the wpconfig.properties file: Advanced LDAP Configuration

    Property Value
    LDAPSuffix Distinguished name (DN) of the node in the LDAP containing all user and group information for the configuration. Lowest container in the LDAP tree still containing all users that will log into WebSphere Portal Express and all groups.

    If configuration tasks, for example...

    enable-security-ldap

    ...are used to activate WAS Security, this value will be used as the single base distinguished name for the application server LDAP configuration. This value will be qualified with the values...

    • LDAPUserSuffix
    • LDAPGroupSuffix

    ...in order to configure Member Manager.

    Make sure to set the value of the suffix to the exact case of the suffix as set in the LDAP directory. For example, if a users' DN in LDAP is returned as...

    uid=tuser,CN=Users,DC=example,DC=com

    ...set this value to...

    DC=example,DC=com

    Using...

    dc=example,dc=com

    ...will cause awareness problems.

    Example values:

    Tivoli Directory Server dc=example,dc=com
    Lotus Domino this value is null
    Active Directory dc=example,dc=com
    Active Directory Application Mode dc=example,dc=com
    Sun Java System Directory Server o=example.com
    Novell eDirectory o=example.com

    Default: dc=example,dc=com

    LdapUserPrefix The RDN prefix attribute name for user entries.

    Choose a value appropriate for your LDAP server.

    Example values:

    Tivoli Directory Server uid
    Lotus Domino cn
    Active Directory cn
    Active Directory Application Mode cn
    Sun Java System Directory Server uid
    Novell eDirectory uid

    Default: uid

    LDAPUserSuffix The DN suffix attribute name for user entries.

    Choose a value appropriate for your LDAP server. With LDAPSuffix appended to this value, it is the DN of the common root node in the LDAP containing all user information for the configuration. As such, it is the lowest container in the LDAP tree still containing all users that will log into WebSphere Portal Express including the administrative users. For example...

    • wpsadmin
    • wpsbind

    Make sure to type the value in lower case, regardless of the case used in the distinguished name.

    Example values:

    Tivoli Directory Server cn=users
    Lotus Domino o=example.com
    Active Directory cn=users
    Active Directory Application Mode cn=users
    Sun Java System Directory Server ou=people
    Novell eDirectory ou=people

    Default: cn=users

    LdapGroupPrefix The RDN prefix attribute name for group entries.

    Type: cn

    Default: cn

    LDAPGroupSuffix The DN suffix attribute name for group entries.

    Choose a value appropriate for your LDAP server. With LDAPSuffix appended to this value, it is the DN of the common root node in the LDAP containing all group information for the configuration. As such, it is the lowest container in the LDAP tree still containing all group entries for WebSphere Portal Express including the administrative group (., wpsadmins).

    Make sure to type the value in lower case, regardless of the case used in the distinguished name.

    Example values:

    Tivoli Directory Server cn=groups
    Lotus Domino this value is null
    Active Directory cn=groups
    Active Directory Application Mode cn=groups
    Sun Java System Directory Server ou=groups
    Novell eDirectory ou=groups

    Default: cn=groups

    LDAPUserObjectClass The LDAP object class of the users in your LDAP directory that will log into WebSphere Portal Express.

    Example values:

    Tivoli Directory Server inetOrgPerson
    Lotus Domino dominoPerson
    Active Directory user
    Active Directory Application Mode user
    Sun Java System Directory Server inetOrgPerson
    Novell eDirectory inetOrgPerson

    Default: inetOrgPerson

    LDAPGroupObjectClass The LDAP object class of all the groups in your LDAP directory that WebSphere Portal Express will access.Example values:

    Tivoli Directory Server groupOfUniqueNames
    Lotus Domino dominoGroup
    Active Directory group
    Active Directory Application Mode group
    Sun Java System Directory Server groupOfUniqueNames
    Novell eDirectory groupOfNames
    Shared UserRegistry with WebSeal/TAM for e-business V5.1 accessGroup
    Shared UserRegistry with WebSeal/TAM for e-business Version 6 groupOfNames

    Default: groupOfUniqueNames

    LDAPGroupMember The attribute name in the LDAP group object of the "membership" attribute. Choose a value appropriate for your LDAP server.Example values:

    Tivoli Directory Server uniqueMember
    Lotus Domino member
    Active Directory member
    Active Directory Application Mode member
    Sun Java System Directory Server uniqueMember
    Novell eDirectory uniqueMember
    Shared UserRegistry with WebSeal/Tivoli Access Manager member

    Default: uniqueMember

    LDAPUserFilter The filter used by WAS for finding users in the LDAP.

    Example values:

    Tivoli Directory Server (&(uid=%v)(objectclass=inetOrgPerson))
    Lotus Domino (&(|(cn=%v)(uid=%v))(|(objectclass=dominoPerson)(objectclass=inetOrgPerson)))
    Active Directory (&(|(cn=%v)(samAccountName=%v))(objectclass=user))
    Active Directory Application Mode { (&(cn=%v)(objectclass=user)) }
    Sun Java System Directory Server (&(uid=%v)(objectclass=inetOrgPerson))
    Novell eDirectory (&(uid=%v)(objectclass=inetOrgPerson))

    Default: (&(uid=%v)(objectclass=inetOrgPerson))

    LDAPGroupFilter The filter used by WAS for finding groups in the LDAP.

    Example values:

    Tivoli Directory Server (&(cn=%v)(objectclass=groupOfUniqueNames))
    Lotus Domino (&(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames) (objectclass=groupOfUniqueNames)))
    Active Directory (&(cn=%v)(objectclass=group))
    Active Directory Application Mode (&(cn=%v)(objectclass=group))
    Sun Java System Directory Server (&(cn=%v)(objectclass=groupOfUniqueNames))
    Novell eDirectory (&(cn=%v)(objectclass=groupOfNames))

    Default: (&(cn=%v)(objectclass=groupOfUniqueNames))

     

    Section of the wpconfig.properties file: IBM Workplace Web Content Management Properties

    Property Value
    WcmAdminGroupId The group ID for the WCM Administrators group. This should be the fully qualified distinguished name of a current administrative user for the WAS.

    For LDAP configuration this value should not contain spaces.

    Type: Alphanumeric text string

    Example values:

    DEV (No security) WcmAdminGroupId=cn=wcmadmins,o=default organization
    Database user registry WcmAdminGroupId=cn=wcmadmins,o=default organization

    LDAP example values:

    Tivoli Directory Server cn=wcmadmins,cn=groups,dc=example,dc=com
    Lotus Domino cn=wcmadmins
    Active Directory cn=wcmadmins,cn=groups,dc=example,dc=com
    Active Directory Application Mode cn=wcmadmins,cn=groups,dc=example,dc=com
    Sun Java System Directory Server cn=wcmadmins,ou=groups,o=example.com
    Novell eDirectory cn=wcmadmins,ou=groups,o=example.com

    Default: cn=wcmadmins,o=default organization

    WcmAdminGroupIdShort The WCM Administrators group ID.

    Type: Alphanumeric text string

    Default: wcmadmins

     

    Section of the wpconfig_dbdomain.properties file: Database properties in wpconfig_dbdomain.properties

    The following two properties are required when using a Lookaside database and/or federation.

    Property Value
    wmm.DbUser The user ID for the database administrator.

    For SQL Server and non-wmm databases only, unless you are the system administrator, the values for dbdomain.DbUser and dbdomain.DbSchema must be the same.

    For Oracle and SQL Server, if the user you are using is an administrative user that has authority over the FEEDBACK schema, the administrative user should be entered for the dbdomain.DbUser property.

    For Oracle only: For non-feedback domains, DbSchema and DbUser MUST be the same. For Feeback domains, the default schema name is FEEDBACK. If the value is set to something besides FEEDBACK, you also have to set the schemaName property in...

    <wps_home>/shared/app/config/services/FeedbackService.properties

    ...to the new schema.

    Type: Alphanumeric text string

    Default for all domains: wpdb2ins ReplacewithyourDBAdminUser

    Recommended:

    Release releaseusr
    Community communityusr
    Customization customizationusr
    JCR icmadmin
    WMM wmmdbusr
    Feedback feedback
    LikeMinds lmdbusr

    wmm.DbPassword The password for the database administrator.

    A value must be set for this property; it cannot be empty.

    Type: Alphanumeric text string

    Default for all domains: ReplaceWithYourDbAdminPwd

  4. If you installed WAS as part of the WebSphere Portal Express installation and you plan to use WAS single signon, ensure that the following property in the wpconfig.properties file has the recommended value and not the default value. WebSphere Portal Express uses Form-based login for authentication, which requires SSO to be enabled; otherwise, you will be no longer able to login to WebSphere Portal Express.

    If you installed onto a pre-existing profile of WAS, skip this step. Any pre-existing settings for WAS SSO are automatically detected and preserved when you run the appropriate task to configure security.

    Property Value
    SSORequiresSSL Single Sign-On function is enabled only when requests are over HTTPS SSL connections.

    Type: true, false

    Default: false

  5. Save the file.

  6. Stop the WebSphere Portal Express server:

    If this is a clustered environment, ensure the deployment manager and all node agents are active.

    1. Open a command prompt and change to the following directory:

    2. Enter the following command:

      • Linux:

        ./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

      • Windows:

        stopServer.bat WebSphere_Portal -user admin_userid -password admin_password

      • i5/OS:

        stopServer.sh WebSphere_Portal -profileName wp_profile -user admin_userid -password admin_password

  7. Change to...

  8. Enter the following command to run the appropriate configuration task for your specific operating system:

    • Linux:

      ./WPSconfig.sh validate-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPassword=password

    • Windows:

      WPSconfig.bat validate-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPassword=password

    • i5/OS:

      WPSconfig.sh -profileName wp_profile validate-ldap -DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPassword=password

    If the configuration task fails, validate the values in the wpconfig.properties and wpconfig_dbdomain.properties files.

  9. Perform this step only if you meet any of the following criteria:

    • You installed WebSphere Portal Express on a pre-existing profile of WAS which did not have Global Security enabled

    • You installed WAS as part of the WebSphere Portal Express installation

    • You installed WebSphere Portal Express on i5/OS which created a new profile in a pre-existing WAS

    Enter the appropriate command to run the configuration task for your specific operating system:

    If this is a cluster environment, stop all cluster members (application servers) before enabling security using the enable-security-ldap task.

    Ensure the deployment manager and all node agents are active.

    • Linux:

      ./WPSconfig.sh enable-security-ldap -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPassword=password

    • Windows:

      WPSconfig.bat enable-security-ldap -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPassword=password

    • i5/OS:

      WPSconfig.sh -profileName wp_profile enable-security-ldap -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPassword=password

  10. Check the output for any error messages before proceeding with any additional tasks. If the configuration task fails, verify the values in the wpconfig.properties and wpconfig_dbdomain.properties files.

    Before running the task again, be sure to stop the WebSphere Portal Express server.

    To stop the server follow these steps:

    If this is a clustered environment, ensure the deployment manager and all node agents are active.

    1. Open a command prompt and change to the following directory:

    2. Enter the following command:

      • Linux:

        ./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

      • Windows:

        stopServer.bat WebSphere_Portal -user admin_userid -password admin_password

      • i5/OS:

        stopServer.sh WebSphere_Portal -profileName wp_profile -user admin_userid -password admin_password

  11. Enter the following commands to restart server1 and WebSphere_Portal server. If you are running with security enabled on WAS, specify a user ID and password for security authentication when entering the commands.

    If this is a clustered environment, stop and start all node agents and the deployment manager.

    1. Open a command prompt and change to the following directory:

    2. Enter the following command:

      • Linux:

        ./stopServer.sh server1 -user admin_userid -password admin_password

      • Windows:

        stopServer.bat server1 -user admin_userid -password admin_password

      • i5/OS:

        stopServer.sh server1 -profileName wp_profile -user admin_userid -password admin_password

    3. Enter the following command:

      • Linux:

        ./startServer.sh server1

      • Windows:

        startServer.bat server1

      • i5/OS:

        startServer.sh server1 -profileName wp_profile

    4. Enter the following command:

      • Linux:

        ./startServer.sh WebSphere_Portal

      • Windows:

        startServer.bat WebSphere_Portal

      • i5/OS:

        startServer.sh WebSphere_Portal -profileName wp_profile

  12. Perform this step only if you installed WebSphere Portal Express into a pre-existing SSO environment. Because you will not be given the option to import your existing token file...

    • To import your SSO Token:

      1. In the WAS Administrative Console, select Security > Global Security > Authentication > Authentication mechanisms > LTPA.

      2. Enter the LTPA token password in the Password field.

      3. Enter the password again in the Confirm password field.

      4. In the Key File Name field, enter the LTPA token file.

      5. Click Import Keys.

      6. Click Save.

    • To set your SSO Domain:

      1. In the WAS Administrative Console, select Security > Global Security > Authentication > Authentication mechanisms > LTPA.

      2. Click Single Signon in Additional Properties.

      3. Enter the domain name in the Domain Name field.

      4. Click OK.

  13. Perform this step only if common name (CN) is the Relative Distinguished Name (RDN) attribute of your distinguished name and you want to allow users or administrators to modify directory attributes through self-care screens or the user management portlet. Set the user.sync.remove.attributes=cn,CN property value in Puma service, as described in Setting configuration properties:

    WebSphere Portal Express can be configured to create the CN for a user account created through WebSphere Portal Express interfaces (self-registration or the user management portlet create new user functions).

    The default configuration of WebSphere Portal Express generates this attribute based on the surname (sn) and givenname attribute. The configuration is also located in WP PumaService in the WAS Administrative Console.

    Modify the Puma service, by following steps described in Setting configuration properties

    The following entry defines the user common name pattern and can be used to customize common name. In the pattern, you can define which attribute is used. Therefore the maximum amount of attributes has to be provided by puma.commonname.parts.

    For example:

    firstname+" "+lastname
    puma.commonname = {0} {1}
    puma.commonname.parts = 2
    puma.commonname.0 = givenName
    puma.commonname.1 = sn

    This function is not available if the CN attribute is the RDN attribute.

  14. Verify that your configuration works. Access WebSphere Portal Express using http://hostname.example.com:10038/wps/portal, where hostname.example.com is the fully qualified host name of the machine where WebSphere Portal is running and 10038 is the default transport port that is created by WAS. and verify that you can log in.

    Configuring WebSphere Portal Express to work with an LDAP directory automatically enables WAS Global Security. Once security is enabled, type the fully qualified host name when accessing WebSphere Portal Express and the WAS Administrative Console.

  15. Run the Member Fixer tool to update the member names used by WCM with the corresponding members in the LDAP directory. This step ensures that access to the Web content libraries for the Intranet and Internet Site Templates for the contentAuthors group is correctly mapped to the appropriate group in the LDAP directory.

    1. Edit the portal_server_root/config/templates/express/MemberFixer.properties file.

    2. Update the contentAuthors_new property with the group name you used for the content authors group during LDAP configuration.

    3. Save your changes and close the file.

    4. Open a command prompt and change to the following directory.

    5. Enter the appropriate command to run the configuration task for your specific operating system:

      • Linux:

        ./WPSconfig.sh action-memberfixer-altDN-mismatchedId -DPortalAdminPwd=password

      • Windows:

        WPSconfig action-memberfixer-altDN-mismatchedId -DPortalAdminPwd=password

      • i5/OS:

        WPSconfig.sh -profileName wp_profile action-memberfixer-altDN-mismatchedId -DPortalAdminPwd=password

  16. These instructions configure WebSphere Portal Express to work with Lotus Domino as an LDAP server only. To configure WebSphere Portal Express for the collaborative features that require Lotus Domino Server, refer to Checklist of tasks: LDAP server for Lotus Collaborative Services.

Security is enabledOnce you have enabled security with your LDAP directory, you will need to provide the user ID and password required for security authentication on WAS when you perform certain administrative tasks with WAS.

For example, to stop the WebSphere Portal Express application server, you would issue the following command:

 

Parent topic:

Configuring LDAP server for non-realm support