Configure a stand-alone LDAP user registry on AIX

Configure WebSphere Portal to use a standalone LDAP user registry to store all user account information for authorization.

In a single server environment the WebSphere_Portal and server1 servers can be either stopped or started.

In a clustered environment stop all appservers on the system including WebSphere_Portal and server1 and then start the nodeagent and deployment manager servers before starting the following task.

If rerunning the wp-modify-ldap-security task to change the LDAP repositories or because the task failed, choose a new name for the realm using the standalone.ldap.realm parameter or set ignoreDuplicateIDs=true in wklpc.properties..


Configure a standalone LDAP user registry

To help ensure correct properties are entered, use the helper file...

  1. Edit...

      profile_root/ConfigEngine/properties/wkplc.properties

  2. Set the following parameters in wkplc.properties under the VMM Stand-alone LDAP configuration heading:

  3. Set a value for the following required entity types parameters in wkplc.properties under the LDAP entity types heading:

  4. Set a value for the following required group member parameters in wkplc.properties under the Group member attributes heading:

  5. Set a value for the following required relative distinguished name (RDN) parameters in wkplc.properties under the Default parent, RDN attribute heading:

  6. Save changes to wkplc.properties.

  7. If WCM is installed with the Intranet and Internet Site Templates, set the following parameters in wkplc_comp.properties under the Web Content Management attribute heading...

    • WcmContentAuthorsGroupId
    • WcmContentAuthorsGroupCN

  8. Validate the LDAP server settings...

      ./ConfigEngine.sh validate-standalone-ldap -DWasPassword=password

    Note that if you have not deleted the default file repository, WasPassword is the value entered during installation and not a value found in your LDAP user registry.

  9. Set the stand-alone LDAP user registry...

      cd profile_root/ConfigEngine
      ./ConfigEngine.sh wp-modify-ldap-security -DWasPassword=password

  10. Propagate the security changes:

    Option Description
    Standalone

    1. cd profile_root/bin
      ./stopServer.sh server1 -username admin_userid -password admin_password

    2. cd profile_root/bin
      ./stopServer.sh WebSphere_Portal -username admin_userid -password admin_password

    3. cd profile_root/bin
      ./startServer.sh server1

    4. cd profile_root/bin
      ./startServer.sh WebSphere_Portal

    Cluster

    1. cd dmgr_profile/bin
      ./stopManager.sh-username admin_userid -password admin_password

    2. cd profile_root/bin
      ./stopNode.sh -username admin_userid -password admin_password

    3. cd profile_root/bin
      ./stopServer.sh WebSphere_Portal -username admin_userid -password admin_password

    4. cd dmgr_profile/bin
      ./startManager.sh

    5. cd profile_root/bin
      ./startNode.sh

    6. cd profile_root/bin
      ./startServer.sh WebSphere_Portal

  11. Check that all defined attributes are available in the configured LDAP user registry...

      cd profile_root/ConfigEngine
      ./ConfigEngine.sh wp-validate-standalone-ldap-attribute-config -DWasPassword=password

    After configuring LDAP, you can adapt the attribute configuration

  12. To ensure Intranet and Internet Site Templates libraries are correctly mapped, run Member Fixer to update member names used by WCM with corresponding members in the LDAP.

    Required if you ran configure-express when installing portal.

    1. Edit...

      profile_root/PortalServer/wcm/shared/app/config/wcmservices/MemberFixerModule.properties

    2. Add the following lines to the file:

      uid=xyzadmin,o=defaultWIMFileBasedRealm -> portal_admin_DN
      cn=contentauthors,o=defaultWIMFileBasedRealm -> content_authors_group_DN

      Replace portal_admin_DN with the distinguished name of the portal administrator and content_authors_group_DN with the distinguished name of the content authors group used during LDAP configuration.

    3. Save changes and close the file.

    4. Run...

        cd profile_root/ConfigEngine
        ./ConfigEngine.sh action-express-memberfixer -DmemberfixerRealm=realm_name -DPortalAdminPwd=password -DWasPassword=password

      Where realm_name...

      LDAP Type Value
      Standalone Matches the value of standalone.ldap.realm in wkplc.properties.
      Federated Matches the value of federated.realm in wkplc.properties.

      If the value for federated.realm is empty, use defaultWIMFileBasedRealm.

  13. If you have created any additional WCM libraries, run the Web content member fixer task to update the member names used by the libraries.


Parent topic:

Configure a stand-alone LDAP user registry on AIX


Related tasks


Adapting the attribute configuration
Use the member fixer tool with IBM Lotus Web Content Management