Stand-alone configuration

To use the authz.enable-authorization option in the Registry Direct API, a PDAuthorizationContext instance from the ISAM Java API must be used. In such a case, it is better to use SvrSslCfg.

The configuration tool RgyConfig is provided in the JAR file along with the new API. The usage is as follows:

Usage:

The usage for a non-SSL example is:

After creating the properties file, we can manipulate the additional properties. The example to set ldap.enable-last-login property is as follows:

When we use the RgyConfig tool, we must manually create the server identity. Ensure the ISAM subdomains include the server identity in the remote-acl-users group ISAM management domain. If ISAM domain is not the default domain, the following additional steps are needed.

  1. Create a file groupmodify.ldif with the following contents: 

      dn: cn=remote-acl-users,cn=SecurityGroups,secAuthority=Default
changetype: modify
add: member
member: cn=testapp/tam611,cn=SecurityDaemons,secAuthority=testdom,
cn=Subdomains,secAuthority=Default

    Where member is the LDAP DN of your application. This value is provided as ldap.bind_dnargument to java com.tivoli.pd.rgy.util.RgyConfig. Alternately, we determines this value from ldap.bind-dn stored in the generated properties file.

  2. Update LDAP by using ldapmodify command.

      ldapmodify -p 389 -h localhost -D "cn=root" -w passw0rd -f groupmodify.ldif

    Replace localhost and passw0rd with values appropriate for your setup.

We do not have to install or configure IBM Security Verify Access to use the new API in stand-alone mode.

Parent topic: Configuration