Update the stand-alone LDAP user registry on AIX
Overview
After configuring and using the standalone LDAP user registry, you may find that LDAP user registry is not working exactly as you would like. You can update the LDAP user registry and make the necessary changes. For example, you can change LDAP Bind password. This task removes any existing attribute mappings. Review all existing attribute mappings before proceeding so you can re-create them after completing this task.
In single server environments, you do not have to start or stop the WebSphere_Portal and server1 servers to complete the following steps. In clustered environments, stop all application servers on system, including WebSphere_Portal, then start the nodeagent and dmgr servers before you begin any of the following steps.
If you need to rerun the wp-modify-ldap.security task to change the LDAP repositories or because the task failed, choose a new name for the realm using the parameter...
standalone.ldap.realm
...or you can set...ignoreDuplicateIDs=true
.in wklpc.properties, before rerunning the task.
Update the stand-alone LDAP user registry
Use the wp_security_xxx.properties helper file, located in...WP_PROFILE/ConfigEngine/config/helpers
.when performing this task to ensure the correct properties are entered. In the instructions below, when the step refers to wkplc.properties, you will use wp_security_xxx.properties helper file.
If you created clustered environment then performed the steps in this task, now run the update-jcr-admin task on the secondary node. See Enable LDAP security after cluster creation for instructions.
- Edit WP_PROFILE/ConfigEngine/properties/wkplc.properties
- Enter the following parameter in wkplc.properties under the Stand-alone LDAP repository heading to identify the stand-alone LDAP user registry that you want to update:
standalone.ldap.id
- Specify values as required for any parameters that begin with standalone.ldap under the Stand-alone LDAP repository heading in wkplc.properties.
The task you run updates all stand-alone LDAP properties.
- Specify a new realm name in wkplc.properties.
- Locate the following parameter under the Stand-alone LDAP repository heading: standalone.ldap.realm.
- Specify a new realm name as the value for the parameter.
For example, change standalone.ldap.realm=PortalDev to standalone.ldap.realm=DevPortal.
- Save changes to wkplc.properties.
- Run the ./ConfigEngine.sh validate-standalone-ldap -DWasPassword=foo task to validate LDAP server settings.
If you have not deleted the default file repository, WasPassword is the value entered during installation and not a value found in LDAP user registry. During the validation task, you may receive the following prompt: Add signer to the trust store now?. Press y then Enter.
- To update the stand-alone LDAP user registry:
- Run the ./stopServer.sh WebSphere_Portal -username admin_userid -password foo task from the WP_PROFILE/bin directory.
- Run the ./ConfigEngine.sh wp-update-standalone-ldap -DWasPassword=foo task, from the WP_PROFILE/ConfigEngine.
- Stop and restart the appropriate servers to propagate the changes.
This task removed any attribute mappings that you added since you enabled stand-alone LDAP user registry. Therefore, re-run the mapping attribute task. The instructions are located in the installing WebSphere Portal section. Choose the appropriate OS and then the appropriate deployment option. The mapping topic is then located in the "Configuring WebSphere Portal to use a user registry" topic under "Adapting the attribute configuration".
Parent
Update user registry on AIX
Related tasks
Start and stop servers, dmgrs, and node agents
Enable LDAP security after cluster creation
IBM Support Portal: PK84702: Not possible to change LDAP attributes without changing realm name