Update the federated LDAP user registry on Windows

You can update the default federated repository to change...

• LDAP port
• Bind Distinguished Name
• Bind password

The task wp-update-federated-ldap does not modify...

• administrative users
• entity types
• LDAP entity types
• LDAP group membership attributes
• LDAP group configuration
• LDAP context pool

See the separate tasks for updating these parameters.

In a single server environment the WebSphere_Portal and server1 servers can be either stopped or started.

In a clustered environment stop all appservers on the system including WebSphere_Portal and server1 and then start the nodeagent and deployment manager servers before starting the following task.

To ensure correct properties, use the helper file...

profile_root/ConfigEngine/config/helpers/wp_add_federated_xxx.properties

1. Edit...
   profile_root/ConfigEngine/properties/wkplc.properties

2. Enter the following parameters under the Federated LDAP repository heading ...
   • federated.ldap.id
   • federated.ldap.host
   • federated.ldap.baseDN
   • federated.ldap.ldapServerType

3. Update the following parameters in wkplc.properties under the Federated LDAP repository heading:
   • federated.ldap.port
   • federated.ldap.bindDN
   • federated.ldap.bindPassword

4. Save changes to wkplc.properties.

5. Run...
   ConfigEngine.bat validate-federated-ldap -DWasPassword=password task to validate your LDAP server settings.

   Note that if you have not deleted the default file repository, WasPassword is the value entered during installation and not a value found in your LDAP user registry.

   • Run...
     ConfigEngine.bat wp-update-federated-ldap -DWasPassword=password task, from the profile_root/ConfigEngine directory to update the LDAP user registry in the default federated repository.
     • Propagate the security changes:

       Option	Description
       Standalone	cd profile_root/bin stopServer.bat server1 -username admin_userid -password admin_password cd profile_root/bin stopServer.bat WebSphere_Portal -username admin_userid -password admin_password cd profile_root/bin startServer.bat server1 cd profile_root/bin startServer.bat WebSphere_Portal
       Cluster	cd dmgr_profile/bin stopManager.bat-username admin_userid -password admin_password cd profile_root/bin stopNode.bat-username admin_userid -password admin_password cd profile_root/bin stopServer.bat WebSphere_Portal -username admin_userid -password admin_password cd dmgr_profile/bin startManager.bat cd profile_root/bin startNode.bat cd profile_root/bin startServer.bat WebSphere_Portal

If you performed these steps after creating the clustered environment, run enable-jcr-security on the secondary node.

Parent topic:

Updating the user registry on Windows

Related tasks

Enable LDAP security after cluster creation

---