Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows
Create required LDAP users and groups
Required users and groups
The required group is...
wpsadmins
...or an equivalent. This is the first administrator group for WebSphere Portal Express. Specified with the PortalAdminGroupId attribute in the wpconfig.properties file. Members of this group have administrative authority within WebSphere Portal Express.
If content management functions are configured, also create the following groups in the LDAP...
wpsContentAdministrators
wpsDocReviewer
These groups should be created in the LDAP with the same authority as granted to the wpsadmins group.
You can use the same user ID for more than one purpose.
Users include...
WebSphere Portal Express administrative user First administrator account for WebSphere Portal Express. Generally wpsadmin. This account is also a member of the wpsadmins group. Security Server ID user This account is configured into WAS, generally as wasadmin. It becomes the ID that is used to administer WAS. If this account is different from the following LDAP access accounts, then this account needs no special privileges in the LDAP user registry. LDAP access user for WAS. Used by WAS to access the LDAP user registry. If you keep the default values for the Bind Distinguished Name of WS in the wpconfig.properties file, wpsbind will be used as the Bind Distinguished Name. The required privileges for this account in the user registry are as follows:
Write Allow users or portal administrators to create and modify directory attributes through self-registration and self-care screens or the Manage Users and Groups portlet, the Bind DN (LDAPBindID) user must have permission to write and search the LDAP user registry that WebSphere Portal Express uses or the subtree of that directory rooted at the LDAP suffix. Read If you will not use any WebSphere Portal Express facilities to write to the user registry, but your user registry security policies do not allow anonymous searches of the directory, the Bind DN (LDAPBindID) user must have permission to read and search the LDAP user registry that WebSphere Portal Express uses or the subtree of that directory rooted at the LDAP suffix. An LDAP access user account that Member Manager uses to access the LDAP directory This ID is not required when using LDAP with realm support.
This does not have to be the root administrative ID for the directory, simply an ID that has sufficient privileges to the directory to allow the operations that WebSphere Portal Express will perform.
If WebSphere Portal Express only reads from the directory and does not make updates, an ID with read privileges to the directory is sufficient. If WebSphere Portal Express updates the directory (creates users or makes user profile updates to the directory) then an ID with write privileges is required.
Portal administrator users
You can select an existing LDAP user to act as the portal administrator.
If you want to create a new user to administer the portal, you should create the user before continuing. To create a new user as the portal administrator, use your directory administration tools.
LDAP Relative Distinguished Name prefixes, such as cn=, uid=, or ou=, should be entered in lowercase. Uppercase or mixed case can cause problems with subsequent case-sensitive queries of the database user registry and WebSphere Portal Express databases.
Parent topic:
Domino Directory
Previous topic
Lotus Domino server installation and server setup reference