wkplc.properties file reference


Overview

Property Description Value Example Default
EngineInstallLocation Set by the installer. Should not be changed.. Location of the ConfigEngine root. Directory path with elements delimited by forward slashes (/) /usr/WAS/wp_profile/ConfigEngine Default values are unique for each OS
WasSoapPort Port used to connect to the WAS with remote connections. Numeric string   10005
WasRemoteHostName Host name of the remote server that connects to WAS. Host name including the domain, such as my_host_name.mydomain.com   your_host_name
RegistrySynchronized Whether to synchronized registry. Should never be modified unless a forced synchronization is necessary. true or false
true


General properties: WAS properties

Information about the WAS used in the WebSphere Portal stack.

Property Description Value Example Default
VirtualHostName Name of the WAS virtual host. Alphanumeric text string   default_host
WasUserid User ID for WAS security authentication. For LDAP this value cannot contain spaces and should be the fully qualified DN of a current administrative user for the WAS. For Virtual Manager User Registry database, the short version of the distinguished name must be used. Type the value in lower case, regardless of the case used in the distinguished name (DN).
Custom User Registry wpsbind
Tivoli Directory Server uid=wpsbind,cn=users,dc=myco,dc=com
Lotus Domino cn=wpsbind,o=myco.com
Sun Java System Directory Server uid=wpsbind,ou=people,o=myco.com
Novell eDirectory uid=wpsbind,ou=people,o=myco.com
Windows AD cn=wpsbind,cn=users,dc=myco,dc=com
Windows AD LDS cn=wpsbind,cn=users,dc=myco,dc=com
wpsadmin
WasPassword Password for the user ID specified for WAS security authentication. Can be specified here or passed via command line using -DWasPassword Alphanumeric text string
ReplaceWithYourWASUserPwd
WasHome Directory where WAS product files are installed. The installation program sets this value based on user input during installation. Directory path with elements delimited by forward slashes (/) /usr/WebSphere/AppServer Default values are unique for each OS.
WasUserHome Directory where WAS user data is created. The installation program sets this value based on user input during installation. Directory path with elements delimited by forward slashes (/) /usr/WebSphere/AppServer Default values are unique for each OS.
ProfileName Name of the WAS profile name. Alphanumeric text string wp_profile wp_profile
CellName Name of the WAS cell where the WAS is located. Alphanumeric text string
The default value is based on values defined during the installation process.
NodeName Node within the WAS cell where the WAS is located. This value must be unique among other node names in the same cell.Typically this value is the same as the host name for the computer. Alphanumeric text string
The default value is based on values defined during the installation process.
ServerName Name of the application server where the WebSphere Portal application is deployed. This value must be unique among other application server names in the same cell. Alphanumeric text string
WebSphere_Portal
WasAdminServer Name of the application server for administration. For IBM i, if WAS profile was created with a different WAS administrative server name, you should change this value to reflect that. Alphanumeric text string server1 server1
LTPAPassword Password to encrypt and decrypt the LTPA keys. Alphanumeric text string
no default
wasJvmBitType Solaris specific property that specifies whether to use the 64 bit or 32 bit JVM. sparc32 x86 ia32 sparc64 x64   32bit JVM: sparc32, x86, or ia32
64bit JVM: sparc64 or x64
sparc32


General properties: WebSphere Portal configuration properties

Provide basic information about WebSphere Portal, such as installation directory, ports numbers, user IDs and passwords, and more.

WpsInstallLocation Directory where WebSphere Portal is installed. Directory path with elements delimited by forward slashes (/) /usr/WAS/PortalServer Default values are unique for each OS.
WpsHostName Fully qualified WebSphere Portal host name or the name of the Web server that WAS is configured to use. Set by the installation program based on user input during installation. host name, including the domain; such as: http://WpsHostName:WpsHostPort/WpsContextRoot/WpsDefaultHome In the following example, machinename is the WpsHostName value: http://machinename:80/wps/portal The default value is based on values defined during the installation process.
WpsHostPort Transport port number used to access the host machine identified by the WpsHostName property. port number In the following example 80 is the WpsHostPort value: http://localhost:80/wps/portal 80
PortalAdminId User ID for the WebSphere Portal Administrator. The installation program sets this value based on user input during installation. The user ID cannot contain a space: for example, user ID. The user ID cannot be longer than 200 characters.

(UNIX only) Some tasks may require you to enter the fully qualified user ID. If fully qualified user ID contains a space; for example:

cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com

.then place the fully qualified user ID in the properties file or into a parent properties file instead of as a flag on the command line. To create a parent properties file called mysecurity.properties, enter the fully qualified user ID, and then run:

/ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties

(Windows only) Some tasks may require you to enter the fully qualified user ID. If fully qualified user ID contains a space; for example:

cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com

.then place quotes around the fully qualified user ID before running the task, like this:

"cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com"

A valid user ID contains only ASCII characters
Development configuration without security PortalAdminId=xyzadmin
Tivoli Directory Server uid=,cn=users,dc=myco,dc=com
Lotus Domino cn=,o=myco.com
Novell eDirectory uid=,ou=people,o=myco.com
Sun Java System Directory uid=,ou=people,o=myco.com
Windows AD cn=,cn=users,dc=myco,dc=com
Windows AD LDS cn=,cn=users,dc=myco,dc=com
wpsadmin
PortalAdminPwd Password for the WebSphere Portal Administrator. The installation program sets this value based on user input during installation. The password cannot contain a space, for example, pass word. The password cannot be longer than 128 characters. Alphanumeric text string.
no default
PortalAdminGroupId Group ID for the WebSphere Portal Administrator group. The installation program sets this value based on user input during installation. Type value in lower case, regardless of the case used in the distinguished name (DN).
Tivoli Directory Server cn=portaladmingroupid,cn=groups,dc=myco,dc=com
Lotus Domino cn=portaladmingroupid
Windows AD cn=portaladmingroupid,cn=groups,dc=myco,dc=com
Windows AD LDS cn=portaladmingroupid,cn=groups,dc=myco,dc=com
Sun Java System Directory cn=portaladmingroupid,ou=groups,o=myco.com
Novell eDirectory Portal cn=portaladmingroupid,ou=groups,o=myco.com
Custom user registry cn=wpsadmins,o=default organization
Development configuration without security wpsadmins
wpsadmins
PortalUniqueID The value is used for the object ID creation mechanism and has to be different for each node. It is usually a MAC address from a communications adapter on this node. Only nodes running on one machine may have the same PortalUniqeID. 12 hex digits unique to this WebSphere Portal instance
00054E48AA0C
WpsContextRoot WebSphere Portal context root or base URI. All URLs beginning with this path will be reserved for WebSphere Portal. The value of this property is part of the URL used to access WebSphere Portal from a browser. Alphanumeric text string In the following example, wps is the WpsContextRoot value: http://localhost:80/wps/portal. wps
WpsHostBasePort Required for IBM i only. Port block that will be used for the WebSphere Portal Server. port number
10000
SMFLibrary Required for z/OS only. The library where the ifaedjreg.jar file resides No values are available.
no default
SMFNativeLibrary Required for z/OS only. Library where the SMF DLLs reside. No values are available.
no default
ServerShortName Required for z/OS only. Server's jobname, as specified in the MVS START command JOBNAME parameter. JOBNAME is the name of the task or script that runs when the server is running. MVS (Multiple Virtual Storage) is the name of the OS that runs on the mainframe. This value is also passed as a parameter to the server's start procedures to specify the location of the server's configuration files and identify the server to certain WebSphere for z/OS- exploited z/OS facilities (for example, SAF). The name must be seven or fewer characters and all uppercase. SAF BBOS002
ClusterTransitionName Required for z/OS only. Cluster transition name is the WLM APPLENV (WLM application environment) name for this server. The name must be eight or fewer characters and all uppercase.
BBOC002
WpsSMPEHomeDirectory Required for z/OS only. Location of the SMP/E install image for the WebSphere Portal SMP/E package. No values are available.
no default
TransferDomainList Required for database transfer List of database 'domains' that will be transferred by the database-transfer process. Should not be altered unless you want to include or exclude specific domains from the transfer process. Valid database domains include: release,community,customization,jcr,feedback,likeminds release,community,customization,jcr,feedback release,community,customization,jcr,feedback,likeminds


WebSphere Portal cluster properties

The following properties are used if you have a clustered environment.

ClusterName Use this property to specify the cluster name you want to use when creating the cluster. Do not use spaces or special characters in the cluster name. No values are available.
PortalCluster
PushFrequency Time, in seconds, to wait before pushing new or modified cache entries to other servers. 1 or greater 1 1
ReplicationType Global sharing policy for this application server. Cache entries are not shared among different application servers. Only invalidation events are send amoung servers in the replication domain. NONE, PUSH, PULL, PUSH_PULL. The default setting is NONE which is the equivalent of NOT_SHARED in the WAS admin UI
NONE
PrimaryNode Set to true if this is the primary node in cluster. Set to false if this is an additional cluster node. true false
true


Step-up authentication properties

Step-up authentication enables you to require a stronger level of authentication to access certain pages and assets than the authentication that the client used when initially entering the portal site.

sua_user Key which is used to encrypt the Cookie information. The value does not need to match to a real user. No values are available. myname no default
sua_serversecret_password This value is used as an encryption key for the information used in the RememberMe cookie, which is part of the step-up authentication. This does not need to be an existing password. For example, you can use mypassword as the value. No values are available.
no default
enable_rememberme This value defines if the Remember me cookie should be enabled when the enable-stepup-authentication task is run. true false.
true
disable_rememberme This value defines if the Remember me cookie should be disabled when the disable-stepup-authentication task is run. true false.
true


Virtual portal configuration

Configuration tasks that use the virtual portal configuration properties include: create-virtual-portal, delete-virtual-portal, modify-virtual-portal, list-all-virtual-portals

VirtualPortalTitle If you are creating a virtual portal, this value will be the title of the Virtual Portal. If you deleting or modifying a virtual portal, this is the virtual portal to be deleted or modified. No values are available.
no default
VirtualPortalRealm Realm used for the virtual portal defined in VirtualPortalTitle. No values are available.
no default
VirtualPortalHostName DNS name of the virtual portal. The virtual portal can be referenced by the DNS name instead of the URL prefix. When the value is left blank, a virtual portal will use the common DNS name by all portals. DNS host name
no default
VirtualPortalContext Unique portal context that must be provided for the Virtual Portal. If you set the host name parameter (VirtualPortalHostName), the portal context is ignored. A virtual portal can either be accessed by a DNS/Host name or a URL prefix. When both a DNS/Host name and URL prefix are provided, the DNS/Host name will be used for VirtualPortalContext. URL prefix
no default
VirtualPortalNlsFile An optional file which contains language specific information for the Virtual Portal. Create an NLS file to specify additional titles and descriptions in other languages for Virtual Portal. Descriptions can only be provided in an NLS file. Do not use prefixes in that NLS file. If you do not specify an NLS file, the Virtual Portal is created with the title that you give as the value to the VirtualPortalTitle parameter only. Titles and descriptions are not created for other languages. However, if you specify an NLS file, the value given for the virtual portal title in the NLS file overrides the value that you provide for the VirtualPortalTitle property. To create a description for the virtual portal, you have to specify this in a national language support (NLS) file. To modify the title or description of the Virtual Portal, you have to add the new title and description to the NLS file. The path and file name of NLS file.
no default
VirtualPortalObjectId This value is the object ID of the virtual portal.The object ID is required to modify and delete Virtual Portals. To determine what this value is, run the following task: list-all-virtual-portals. Do not delete the default Virtual Portal.The Object ID for the default Virtual Portal ends with _0. No values are available.
no default


General security properties

ignoreDuplicateIDs Set to true to recover from an incomplete LDAP repository creation if the repository cannot be deleted. true false
false
trimSpaces Set to false and add the attribute to the security ANT target in order to contain trailing spaces of attributes defined in this file. true false
true


Federated security - add or update an LDAP

Use the properties in this section to create (wp-create-ldap) or update (wp-update-federated-ldap) the LDAP configuration in virtual member manager (VMM). If you are updating the LDAP configuration, the federated.ldap.id and federated.ldap.host must match the repository that you want to update.

federated.ldap.id Unique identifier for the repository within the cell. During an update, this value must match the ID of the repository to be updated. Characters that are not allowed in normal XML strings ( & < > " ' )cannot be used in the repository ID. Should be no longer than 36 characters. Alphanumeric text string
no default
federated.ldap.host Host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name. During an update, this value must match the ID of the repository to be updated. IP address or domain service name
no default
federated.ldap.port LDAP server port. numeric
389
federated.ldap.bindDN Distinguished name for the application server to use when binding to the LDAP repository. No values are available.
no default
federated.ldap.bindPassword Password for the application server to use when binding to the LDAP repository. No values are available.
no default
federated.ldap.ldapServerType Type of LDAP server to which you connect. AD, ADAM, CUSTOM, DOMINO, IDS, NDS, SUNONE, ZOSDS IDS no default
federated.ldap.baseDN LDAP base entry. No values are available.
no default


Group and PersonAccount entity types

The supported entity types are Group and PersonAccount. Group entity type:

PersonAccount entity type:

default searchBases = <empty>

federated.ldap.et.group.searchFilter Search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. The syntax is like a standard LDAP searchfilter. If this parameter is blank, VMM will formulate the filter as (&(uid=*)(objectClass=user)). an LDAP search filter (objectclass=groupOfUniqueNames) no default
federated.ldap.et.group.objectClasses Specifies one or more object classes (separated by ';') for the entity type. object classes
groupOfUniqueNames
federated.ldap.et.group.objectClassesForCreate Specifies one or more object classes (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. object classes
no default
federated.ldap.et.group.searchBases Search bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If not specified, VMM will search under the nodes defined in nodeMaps tag. Performance improved if you specify search bases, reducing the numberbases. For multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. For virtual portals with no realm assigned, keep searchBase in sync with the nodes where you want search to start. One or more search bases "cn=u1,dc=myco,dc=com;cn=u2,dc=myco,dc=com" no default
federated.ldap.et.personaccount.searchFilter The search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. The syntax is like a standard LDAP searchfilter. If no value is specified for this parameter or if this parameter is blank, VMM will formulate the filter as (&(uid=*)(objectClass=user)). LDAP search filter (objectclass=inetOrgPerson) no default
federated.ldap.et.personaccount.objectClasses One or more object classes (separated by ';') for the entity type. Only use those objectclasses that are unique to users: If there are both users and groups with objectclass 'top', then not use this object class here. object classes
inetorgperson
federated.ldap.et.personaccount.objectClassesForCreate One or more object classes (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. object classes
no default
federated.ldap.et.personaccount.searchBases Search bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If not specified, VMM will search under the nodes defined in nodeMaps tag. Improve performance if you specify search bases, reducing the number of search bases. object classes cn=u1,dc=myco,dc=com;cn=u2,dc=myco,dc=com" no default
federated.ldap.gm.groupMemberName LDAP attribute used as the group member attribute. group member attribute Member uniqueMember
federated.ldap.gm.objectClass Group object class that contains the member attribute. If not defined, the member attribute applies to all group object classes. group object classes groupOfNames groupOfUniqueNames
federated.ldap.gm.scope Scope of the member attribute. direct: The member attribute only contains direct members.

nested: The member attribute that contains the direct members and the nested members.

nested direct
federated.ldap.gm.dummyMember If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Sun Java System Directory and Windows AD, the value has to be empty or point to an existing entry in the LDAP directory. none available
uid=dummy


Federated security - add or updated LDAP: Advanced properties for Group configuration

Information used to add or update federated LDAP user registry.

federated.ldap.gc.name Name of the membership attribute. No values are available.
Tivoli Directory Server ibm-allGroups
Lotus Domino
Novell eDirectory
Sun Java System Directory
Windows AD memberOf
no default
federated.ldap.gc.updateGroupMembership Update group membership if member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value. true false false
federated.ldap.gc.scope Scope of the member attribute. The valid values for this parameter include the following:

direct: The member attribute only contains direct members.
nested: The member attribute that contains the direct members and the nested members.
all: The membership attribute contains direct groups, nested groups, and dynamic members.

all direct
federated.ldap.adapterClassName Implementation class name for the repository adapter. class name
com.ibm.ws.wim.adapter.ldap.LdapAdapter
federated.ldap.supportSorting This value indicates if sorting is supported or not. true false
false
federated.ldap.supportTransactions This value indicates if transactions are supported or not. true false
false
federated.ldap.isExtIdUnique Specifies if the external ID is unique. true false
true
federated.ldap.supportExternalName This value indicates if external names are supported or not. true false
false
federated.ldap.sslEnabled Whether secure socket communication is enabled to the LDAP server. When enabled (true), the Secure Sockets Layer (SSL) settings for LDAP are used. true false
false
federated.ldap.sslConfiguration Name of the application server SSL configuration (such as mySSLconfig) to be used for SSL enabled LDAP server. Application Server SSL configuration names can be found in WAS Administrative console at Security-SSL certificate and key management. This property is used to specify a non-default SSL configuration if federated.ldap.sslEnabled is set to true. No values are available. mySSLconfig no default
federated.ldap.certificateMapMode Whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. Specify the certificate filter to use for the mapping if client certificate authentication is used for portal server. EXACT_DN CERTIFICATE_FILTER
EXACT_DN
federated.ldap.certificateFilter Filter used to map attributes in the client certificate to entries within the LDAP repository. Specifies the filter certificate mapping property for the LDAP filter if client certificate authentication is used for portal server. The syntax or structure of this filter is: LDAP attribute=${Client certificate attribute} uid=${SubjectCN} no default
federated.ldap.supportPaging This value indicates if paging is supported or not. true false
false
federated.ldap.authentication This value indicates the authentication method to use. none, strong, simple
simple
federated.ldap.loginProperties This value indicates the property name used for login. cn, uid cn uid
federated.ldap.referral This value indicates how the LDAP server should handle referrals to other LDAP servers. ignore follow throw false
ignore
federated.ldap.derefAliases This value controls how aliases are dereferenced. The valid values for this parameter include the following: always: always deference aliases
never: never deference aliases
finding: deference aliases only during name resolution
searching: deference aliases only after name resolution never always
federated.ldap.connectionPool Whether to use the connection pool. true false
false
federated.ldap.connectTimeout Connection timeout measured in seconds. numeric
0
federated.ldap.primaryServerQueryTimeInterval This value indicates the polling interval for testing the primary server availability. The value of this parameter is specified in minutes. numeric
15
federated.ldap.returnToPrimaryServer This value indicates to return to the primary LDAP server when it is available. true false
true
federated.ldap.searchPageSize Search page size, which represents the number of entries per page. numeric
50
federated.ldap.searchCountLimit Search count limit. numeric
500
federated.ldap.searchTimeLimit Search time limit measured in milliseconds. numeric
120000
federated.ldap.translateRDN This value indicates whether to translate RDN or not. true false
false
federated.ldap.cp.maxPoolSize Maximum number of context instances that can be maintained concurrently by the context pool. numeric
20


Federated security - add or updated database

The following properties are used for creating or updating a database user registry configuration. Database modification tasks of VMM need a connection to a running server instance. Check Server is running prior to running these tasks: wp-create-db or wp-update-db

federated.db.DataSourceName JNDI name of the data source used to access the federated database domain. No values are available.
vmmfeddbDS
federated.db.DbType Type of database to be used for VMM Federated database domain for information about supported values. Please check wkplc_comp.properties. The valid values for this parameter include the following: db2 db2_iseries db2_zos oracle sqlserver
db2
federated.db.DbUrl Federated domain database URL for information about supported values. Please check wkplc_comp.properties. No values are available.
jdbc:db2:vmmfeddb
federated.db.DbName Name of the VMM federated database. Should also appear as the database element in DbUrl. Please verify that you point to the same database. The TCPIP alias for the database
vmmfeddb
federated.db.id Unique identifier for the repository within the cell. Alphanumeric text string
vmmDb
federated.db.baseDN Database base entry. This is the start point where all DB entities will be stored under. Verify the uniqueness of this string. string
no default
federated.db.DbUser Database administrator user ID. Alphanumeric text string
db2admin
federated.db.DbPassword Database administrator password. Alphanumeric text string
ReplaceWithYourDbAdminPwd


Federated security - add or update database: Advanced database properties

federated.db.JdbcProviderName Name of jdbc provider to be used. Keep la.JdbcProviderName in sync for the same db type. la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types. la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types. No values are available.
vmmdbJDBC
federated.db.DbSchema VMM Federated domain database schema name. Follow the documentation of the target database server in order to define a valid schema name as restrictions apply for some database management systems. No values are available.
federate
federated.db.DbNameOnZos Required for DB2 for z/OS and OS/390 only. If running db2_zos as remote database, the name of the remote VMM federated database. If portal is running on z/OS with db2_zos, must be set equal to DbName. Alphanumeric text string
WPSTST02
federated.db.XDbName TCPIP Alias for the database. This property is only required for non-Windows platforms when using DB2 with Type 2 drivers. If you are using Type 4 drivers, this value is not used. It defines the federated database alias that needs to be set if you want to call create-database JDBC driver. The database loop back alias that needs to be set to use the create-local-database-db2 task. The value must be different from the value of dbdomain.DbName. The values for dbdomain.DbName and dbdomain.XDbName must be different in the wpconfig_dbdomain.properties file. For DB2 Content Manager Runtime Edition, this property is the database for tables. Alphanumeric text string Release, Community, Customization, WMM, and the JCR: wps6TCP
Feedback: fdbk6TCP
LikeMinds: lmdb6TCP wps6TCP
federated.db.DbNode Required for Non-Windows platforms when using DB2 only. Node for the VMM federated domain database and needs to be set if you want to call create-database. Alphanumeric text string Examples are provided per database domains: The following example is for Release, Community, Customization, JCR, and VMM databases: wpsNode The following example is for Feedback and LikeMinds databases: pznNode wpsNode
federated.db.DbStorageGroup Required for DB2 for z/OS and OS/390 only. Storage group for the VMM federated database. No values are available.
WPSSG
federated.db.DbVolumes Required for DB2 for z/OS and OS/390 only. Volumes for the VMM federated database. No values are available.
*
federated.db.DbVcat Required for DB2 for z/OS and OS/390 only. VCAT for the VMM federated database. No values are available.
DSN810
federated.db.Db4KBufferPoolName Required for DB2 for z/OS and OS/390 only. 4K bufferpool name for the VMM federated database. No values are available.
BP0
federated.db.Db32KBufferPoolName Required for DB2 for z/OS and OS/390 only. 32K bufferpool name for the VMM federated database. No values are available.
BP32K


Set up database tables

Information needed to configure tables for federated database.

federated.db.reportSqlError Whether to report SQL errors while setting up databases. true false
true
federated.db.saltLength Length of the salt which is used when hashing passwords stored in the Member Manager database repository. numeric
12
federated.db.encryptionKey Encryption key to encrypt the database user registry. No values are available. rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s
federated.db.adapterClassName Implementation class name for the repository adapter. No values are available.
com.ibm.ws.wim.adapter.db.DBAdapter
federated.db.supportSorting This value indicates if sorting is supported or not. true false
false
federated.db.supportTransactions This value indicates if transactions are supported or not. true false
false
federated.db.isExtIdUnique Specifies if the external ID is unique. true false
true
federated.db.supportExternalName This value indicates if external names are supported or not. true false
false
federated.db.entityRetrievalLimit Maximum number of entities that the system can retrieve from the database with a single database query. numeric
50


Federated security - Custom user registry properties

The following properties are used to create or updated a custom user registry (CUR) in a federated security configuration. The properties are referenced with the following tasks are run: wp-create-cur and wp-update-federated-cur

federated.cur.id Unique identifier for the repository within the cell. string
no default
federated.cur.adapterClassName Implementation class name for the repository adapter. No values are available.
no default
federated.cur.baseDN CUR base entry. No values are available.
no default
federated.cur.isExtIdUnique Specifies if the external ID is unique. true false
true
federated.cur.supportExternalName This value indicates if external names are supported or not. true false
false
federated.cur.supportPaging This value indicates if paging is supported or not. true false
false
federated.cur.supportSorting This value indicates if sorting is supported or not. true false
false
federated.cur.supportTransactions This value indicates if transactions are supported or not. true false
false


Federated customer user registry custom property

The following properties and values are used to create a custom property using the wp-create-cur-custom-property task.

cur.id ID of the repository, where the custom property will be created. Alphanumeric text string.
no default
cur.name Name of the custom property. Alphanumeric text string
no default
cur.value Value of the custom property. No values are available.
no default


Federated security - Enable federated repository

The following properties are used when you run the wp-modify-federated-security task. The task will enable a Federated repository and the existing default realm will be renamed.

federated.primaryAdminId ID of the WAS administrative user. The ID must exist in a user repository. Alphanumeric text string
Tivoli Directory Server uid=,cn=users,dc=myco,dc=com
Lotus Domino cn=,o=myco.com
Novell eDirectory uid=,ou=people,o=myco.com
Sun Java System Directory uid=,ou=people,o=myco.com
Windows AD cn=,cn=users,dc=myco,dc=com
xyzadmin
federated.realm

Realm name to be used. The existing default realm will be renamed.

Alphanumeric text string
no default
federated.serverId User ID in the repository used for internal process communication. Alphanumeric text string
Tivoli Directory Server uid=,cn=users,dc=myco,dc=com
Lotus Domino cn=,o=myco.com
Novell eDirectory uid=,ou=people,o=myco.com
Sun Java System Directory uid=,ou=people,o=myco.com
Windows AD cn=,cn=users,dc=myco,dc=com
no default
federated.serverPassword Password for the user ID in the repository used for internal process communication. Alphanumeric text string
no default


Federated security - Enable federated repository: Advanced federated repository properties

federated.registryClassName Registry class name. No values are available.
com.ibm.ws.wim.registry.WIMUserRegistry
federated.ignoreCase Whether the query matches case sensitivity. Not used during node federation to DMGR with WAS when LDAP security is enabled. true false
true


Federated security - LDAP attribute configuration validation

The following properties are used with the wp-validate-federated-ldap-attribute-config and wp-update-federated-ldap-attribute-config tasks.

federated.ldap.attributes.nonSupported Comma separated list of attributes that will be added/removed from the list of nonsupported attributes No values are available.
no default
federated.ldap.attributes.nonSupported.delete If true, then the attributes in federated.ldap.nonSupported will be deleted from the list of nonsupported attributes, else they will be added. No values are available.
no default
federated.ldap.attributes.mapping.ldapName Name of the attribute in LDAP. Alphanumeric text string
no default
federated.ldap.attributes.mapping.portalName Name of the attribute in portal. No values are available.
no default
federated.ldap.attributes.mapping.entityTypes List of entityTypes the mapping should be applied to. No values are available.
PersonAccount,Group


The following properties are used the wp-delete-repository task.

federated.delete.baseentry Name of the base entry to be deleted from the default realm. If the base entry exists in other realms, it has to be deleted manually first. Leave this empty only if you want to delete the property extension repository. No values are available.
no default
federated.delete.id ID of the repository to be deleted from the VMM configuration. Must be set to LA if you want to delete the property extension repository. Alphanumeric text string
no default


Stand-alone security - Modify or updated the LDAP

The following properties are used with the wp-modify-ldap.security and wp-update-standalone-ldap tasks.

standalone.ldap.id Unique identifier for the repository within the cell. Should be no longer than 36 characters. Alphanumeric text string
no default
standalone.ldap.host Host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name. No values are available.
no default
standalone.ldap.port LDAP server port. numeric
no default
standalone.ldap.bindDN Distinguished name for the application server to use when binding to the LDAP repository. No values are available.
no default
standalone.ldap.bindPassword Password for the application server to use when binding to the LDAP repository. Alphanumeric text string
no default
standalone.ldap.ldapServerType Type of LDAP server to which you connect. AD, ADAM, CUSTOM, DOMINO, IDS, NDS, SUNONE, ZOSDS IDS no default
standalone.ldap.userIdMap LDAP filter that maps the short name of a user to an LDAP entry. Not used during node federation to DMGR with WAS LDAP security enabled. This value can be multiple objectclass:property pairs delimited by a semicolon (;). The following examples displays entries of the object class = inetOrgPerson type by their IDs: inetOrgPerson:uid. no default
standalone.ldap.groupIdMap LDAP filter that maps the short name of a group to an LDAP entry. Specifies the piece of information that represents groups when groups display. Use the asterisk (*) as a wildcard character that searches on any object class in this case. Not used during node federation to DMGR with WAS LDAP security enabled. This value can be multiple objectclass:property pairs, delimited by a semicolon (;). The following example displays groups by their names: *:cn no default
standalone.ldap.groupMemberIdMap LDAP filter that identifies user-to-group relationships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. Not used during node federation to DMGR with WAS LDAP security enabled. Lotus Domino and SecureWay Security Server, this value can be multiple objectclass:property pairs, delimited by a semicolon (;). For Tivoli Directory Server, Sun Java System Directory, and Windows AD, this value can be multiple group attribute:member attribute pairs delimited by a semicolon (;).
no default
standalone.ldap.userFilter LDAP user filter that searches the user registry for users. Not used during node federation to DMGR with WAS LDAP security enabled. No values are available. The following example would be used to look up users based on their user IDs:(&(uid=%v)(objectclass=inetOrgPerson)) no default
standalone.ldap.groupFilter LDAP group filter that searches the user registry for groups. Not used during node federation to DMGR with WAS LDAP security enabled. No values are available.
no default
standalone.ldap.serverId User ID in the repository used for internal process communication. Not used during node federation to DMGR with WAS LDAP security enabled. Alphanumeric text string
Tivoli Directory Server uid=,cn=users,dc=myco,dc=com
Lotus Domino cn=,o=myco.com
Novell eDirectory uid=,ou=people,o=myco.com
Sun Java System Directory uid=,ou=people,o=myco.com
Windows AD cn=,cn=users,dc=myco,dc=com
no default
standalone.ldap.serverPassword Password for the user ID in the repository used for internal process communication. Not used during node federation to DMGR with WAS LDAP security enabled. Alphanumeric text string
no default
standalone.ldap.realm Security context of this server. A realm with this name will be created. Alphanumeric text string
no default
standalone.ldap.primaryAdminId WAS administrative user ID. The ID must exist in the LDAP server. Alphanumeric text string
no default
standalone.ldap.primaryAdminPassword Password for the WAS administrative user ID. The ID must exist in the LDAP server. Alphanumeric text string
no default
standalone.ldap.primaryPortalAdminId WebSphere Portal administrative user ID. The ID must exist in the LDAP server. Alphanumeric text string
no default
standalone.ldap.primaryPortalAdminPassword Password for the WebSphere Portal administrative user ID. The ID must exist in the LDAP server. Alphanumeric text string
no default
standalone.ldap.primaryPortalAdminGroup User group with administrative permission in portal. The group must exist in the LDAP server. Alphanumeric text string
no default
standalone.ldap.baseDN LDAP base entry. This is the startpoint for all LDAP searches of WAS Security No values are available.
no default


LDAP entity types: properties for entity type Group

standalone.ldap.et.group.searchFilter Search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. This value can be left blank. If you leave the value blank, no additional filter is applied and the other VMM configuration is used. The syntax is like a standard LDAP search filter. (objectclass=groupOfUniqueNames) no default
standalone.ldap.et.group.objectClasses Specifies one or more object classes (separated by ';') for the group entity type. One or more object classes (separated by ';')
groupOfUniqueNames
standalone.ldap.et.group.objectClassesForCreate Object classes separated by a semi-colon (;) to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. No values are available.
no default
standalone.ldap.et.group.searchBases Search bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If not specified, VMM will search under the nodes defined in nodeMaps tag. Improve performance if you specify search bases, reducing the number of search bases. For multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. For virtual portals with no realm assigned, keep searchBase in sync with the nodes where you want search to start. One or more search bases "cn=u1,dc=myco,dc=com;cn=u2,dc=myco,dc=com" no default
standalone.ldap.et.personaccount.searchFilter Search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. This value can be left blank. This value can be left blank. The syntax is like a standard LDAP search filter. (objectclass=inetorgperson) no default
standalone.ldap.et.personaccount.objectClasses Should match the objectclass used in LDAP for type User. One or more object classes, separated by a semi-colon (;) for the entity type.
inetorgperson
standalone.ldap.et.personaccount.objectClassesForCreate Object classes, separated by a semi-colon (;), to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. No values are available.
no default
standalone.ldap.et.personaccount.searchBases Search bases to use while searching the entity type. No values are available.
no default


Group member attributes

standalone.ldap.gm.groupMemberName LDAP attribute used as the group member attribute. No values are available.
uniqueMember
standalone.ldap.gm.objectClass Group object class that contains the member attribute. If not defined, the member attribute applies to all group object classes group object classes groupOfNames
groupOfUnqiueNames
groupOfUniqueNames
standalone.ldap.gm.scope Scope of the member attribute. The valid values for this parameter include the following:

direct: The member attribute only contains direct members.

nested: The member attribute that contains the direct members and the nested members.

nested direct
standalone.ldap.gm.dummyMember If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Sun Java System Directory and Windows AD, the value has to be empty or point to an existing entry in the LDAP directory. No values are available.
uid=dummy


Default parent, RDN attribute

standalone.ldap.personAccountParent Default parent to be set for the entity type PersonAccount. No values are available.
no default
standalone.ldap.groupParent Default parent to be set for the entity type Group. No values are available.
no default
standalone.ldap.personAccountRdnProperties RDN attribute name for the entity type PersonAccount. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
uid
standalone.ldap.groupRdnProperties RDN attribute name for the entity type Group. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
cn


Advanced Properties for Group configuration

The following properties are only used in a stand-alone security environment.

standalone.ldap.gc.name Name of the membership attribute. No values are available.
Tivoli Directory Server ibm-allGroups
Lotus Domino no example available
Novell eDirectory no example available
Sun Java System Directory no example available
Windows AD memberOf
no default
standalone.ldap.gc.updateGroupMembership This value updates the group membership if the member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value. true false
no default
standalone.ldap.gc.scope Scope of the member attribute. The valid values for this parameter include the following:

direct: The member attribute only contains direct members.

nested: The member attribute that contains the direct members and the nested members.

all: The membership attribute contains direct groups, nested groups, and dynamic members.

all direct
standalone.ldap.derefAliases This value controls how aliases are dereferenced. The valid values for this parameter include the following: always: always deference aliases

never: never deference aliases
deference aliases only during name resolution
searching: deference aliases only after name resolution

never always
standalone.ldap.authentication This value indicates the authentication method to use. none, strong, simple
simple
standalone.ldap.referral This value indicates how the LDAP server should handle referrals to other LDAP servers. ignore follow throw false
ignore
standalone.ldap.delimiter Delimiter used for this realm. Enter any value but do not leave this field blank.
/
standalone.ldap.ignoreCase Whether the query matches case sensitivity. Not used during node federation to DMGR with WAS when LDAP security is enabled. true false
true
standalone.ldap.sslEnabled Whether secure socket communication is enabled to the LDAP server. When enabled (true), the Secure Sockets Layer (SSL) settings for LDAP are used. true false
false
standalone.ldap.sslConfiguration Name of the application server SSL configuration (such as mySSLconfig) to be used for SSL enabled LDAP server. Application Server SSL configuration names can be found in WAS Administrative console at Security-SSL certificate and key management. This property is used to specify a non default SSL configuration if federated.ldap.sslEnabled is set to true. No values are available.
no default
standalone.ldap.certificateMapMode Whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. Specifies the certificate filter to use for the mapping, if client certificate authentication is used for portal server. EXACT_DN CERTIFICATE_FILTER
EXACT_DN
standalone.ldap.certificateFilter This filter is used to map attributes in the client certificate to entries within the LDAP repository. Specifies the filter certificate mapping property for the LDAP filter if client certificate authentication is used for portal server. The syntax or structure of this filter is: LDAP attribute=${Client certificate attribute} uid=${SubjectCN} no default
standalone.ldap.reuseConnection Should be set to true by default to reuse the LDAP connection. Not used during node federation to DMGR with WAS when LDAP security is enabled. true false
true
standalone.ldap.searchTimeLimit Search time limit measured in milliseconds. numeric
120000
standalone.ldap.connectionPool Whether to use the connection pool. true false
false
standalone.ldap.connectTimeout Connection timeout measured in seconds. numeric
0
standalone.ldap.supportSorting This value indicates if sorting is supported or not. true false
false
standalone.ldap.supportPaging This value indicates if paging is supported or not. true false
false
standalone.ldap.supportTransactions This value indicates if transactions are supported or not. true false
false
standalone.ldap.isExtIdUnique Specifies if the external ID is unique. true false
true
standalone.ldap.supportExternalName This value indicates if external names are supported or not. true false
false
standalone.ldap.translateRDN This value indicates to whether to translate RDN or not. true false
false
standalone.ldap.searchCountLimit Search count limit. numeric
500
standalone.ldap.searchPageSize Search page size, which is the number of entries per page. numeric
50
standalone.ldap.returnToPrimaryServer This value indicates to return to the primary LDAP server when it is available. true false
true
standalone.ldap.primaryServerQueryTimeInterval This value indicates the polling interval for testing the primary server availability. The value of this parameter is specified in minutes. numeric
15
standalone.ldap.loginProperties This value indicates the property name used for the login. cn uid cn uid
standalone.ldap.cp.maxPoolSize Maximum number of context instances that can be maintained concurrently by the context pool. numeric
20


LDAP attribute configuration

If you need to update or validate the stand-alone LDAP attribute configuration, you need to provide values for the following properties. The following configuration tasks use the LDAP attribute configuration properties: wp-validate-standalone-ldap-attribute-config and wp-update-standalone-ldap-attribute-config

standalone.ldap.attributes.nonSupported This value is a comma separated list of attributes that will be added/removed from the list of nonsupported attributes No values are available.
no default
standalone.ldap.attributes.nonSupported.delete If true, then the attributes in federated.ldap.nonSupported will be deleted from the list of nonsupported attributes, else they will be added. No values are available.
no default
standalone.ldap.attributes.mapping.ldapName Name of the attribute in the LDAP server. No values are available.
no default
standalone.ldap.attributes.mapping.portalName Name of the attribute in portal. No values are available.
no default
standalone.ldap.attributes.mapping.entityTypes List of entityTypes the mapping should be applied to. No values are available.
PersonAccount,Group


Stand-alone custom user registry configuration

The following properties require values only if you have a custom user registry (CUR) that you need to update. The properties are used with the following configuration tasks: wp-modify-cur-security and wp-update-standalone-cur

standalone.cur.id Unique identifier for the repository within the cell. string
no default
standalone.cur.baseDN CUR base entry. No values are available.
no default
standalone.cur.realm Security context of this server. No values are available.
no default
standalone.cur.delimiter Delimiter used for this realm. No values are available.
/
standalone.cur.adapterClassName Implementation class name for the repository adapter. No values are available.
no default
standalone.cur.WasAdapterClassName Implementation class name for the WebSphere custom user registry adapter. No values are available.
no default
standalone.cur.propertyName This value is a custom property name-value pair. A custom property will only be added if the standalone.cur.propertyName is defined. No values are available.
no default
standalone.cur.propertyValue This value is a custom property name-value pair. A custom property will only be added if the standalone.cur.propertyName is defined. No values are available.
no default
standalone.cur.primaryAdminId WAS administrative user ID. The ID must exist in a custom user repository. Alphanumeric text string
no default
standalone.cur.primaryAdminPassword Password for the WAS administrative user ID. The ID must exist in a custom user repository. Alphanumeric text string
no default
standalone.cur.primaryPortalAdminId WebSphere Portal administrative user ID. The ID must exist in the custom user repository. Alphanumeric text string
no default
standalone.cur.primaryPortalAdminPassword Password for the WebSphere Portal administrative user ID. The ID must exist in the custom user repository. Alphanumeric text string
no default
standalone.cur.primaryPortalAdminGroup User group with administrative permission in portal. The group must exist in the custom user repository. Alphanumeric text string
no default
standalone.cur.personAccountParent Default parent to be set for the entity type PersonAccount. No values are available.
no default
standalone.cur.groupParent Default parent to be set for the entity type Group. No values are available.
no default
standalone.cur.personAccountRdnProperties RDN attribute name for the entity type PersonAccount. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
uid
standalone.cur.groupRdnProperties RDN attribute name for the entity type Group. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
cn
standalone.cur.isExtIdUnique Specifies if the external ID is unique. true false
true
standalone.cur.supportExternalName This value indicates if external names are supported or not. true false
false
standalone.cur.supportPaging This value indicates if paging is supported or not. true false
false
standalone.cur.supportSorting This value indicates if sorting is supported or not. true false none available false
standalone.cur.supportTransactions This value indicates if transactions are supported or not. true false
false


VMM property extension database properties

Property extension database was previously called the lookaside database. The property extension database stores additional attributes that cannot be stored in the LDAP user registry. Database modification tasks of VMM need a connection to a running server instance. Check to make sure server is running. The properties are used with the following tasks: wp-configure-la-complete and wp-add-la-property

la.JdbcProviderName Name of JDBC provider portal uses to communicate with its databases. To keep federated.db.JdbcProviderName in sync for the same database type, la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types Alphanumeric text string
vmmdbJDBC
la.DbType Type of database to be used for the VMM property extension database domain. Valid values include the following: db2 db2_i db2_zos oracle sqlserver sqlserver2005
db2
la.DbUrl Federated domain database URL for information about supported values. Please check wkplc_comp.properties. No values are available.
jdbc:db2:vmmladb
la.DbName Name of the VMM property extension database. Should also appear as the database element in DbUrl. Verify that you point to the same database. For non-Windows platforms when using DB2, this value is the TCPIP Alias for the database. For DB2 and DB2 for z/OS, this value cannot exceed 8 characters and can only contain letters and numbers. Refer to database documentation for more information. For DB2, this value must be different from the value of dbdomain.XDbName. If you change the name of the WebSphere Portal data source due to a database migration, manually update this property in the portal_server_root/config/wpconfig_dbdomain.properties file to maintain the proper resource reference mapping. Alphanumeric text string
Community comm
Customization cust
Feedback fdbkdb
JCR jcrdb
LikeMinds lmdb
Release release
VMM vmmdb
vmmladb
la.DataSourceName Name of the datasource to be used for VMM Federated DB domain. Alphanumeric text string
vmmladbDS
la.DbUser Database administrator user ID. This value is specific to DB2. Alphanumeric text string
db2admin
la.DbPassword Database administrator password Alphanumeric text string
ReplaceWithYourDbAdminPwd


VMM property extension database: Advanced properties

la.DbSchema VMM property extension database domain database schema name. Follow the documentation of the target database management system in order to define a valid schema name as restrictions apply for some database management systems. No values are available.
federate
la.DbNameOnZos Required for DB2 for z/OS and OS/390 only. If you are running DB2 for z/OS as remote database, this value is the name of the remote VMM property extension database. If portal is running on z/OS and db2 for z/OS is on the same server, this value must be set equal to DbName value. No values are available.
WPSTST02
la.XDbName Required for Non-Windows platforms when using DB2 locally (on the same server) and DB2 is using the Type 2 JDBC driver. The VMM property extension database alias that needs to be set if you want to use the create-database task. No values are available.
wps6TCP
la.DbNode Required for Non-Windows platforms when using DB2 only. Node for the VMM property extension domain database and needs to be set if you want to use the create-database task. No values are available.
wpsNode
la.DbStorageGroup Required for DB2 for z/OS and OS/390 only. Storage group for the VMM property extension database for the Web Content Management JCR. No values are available.
WPSSG
la.DbVolumes Required for DB2 for z/OS and OS/390 only. Volumes for the VMM lookaside database. No values are available.
*
la.DbVcat Required for DB2 for z/OS and OS/390 only. VCAT for the VMM property extension database. No values are available.
DSN810
la.Db4KBufferPoolName Required for DB2 for z/OS and OS/390 only. 4K bufferpool name for the VMM property extension database. No values are available.
BP0
la.Db32KBufferPoolName Required for DB2 for z/OS and OS/390 only. 32K bufferpool name for the VMM property extension database. No values are available.
BP32K


VMM property extension database: Create property extension tables

la.reportSqlError Whether to report SQL errors while setting up databases. true false
true
la.entityRetrievalLimit Maximum number of entities that the system can retrieve from the database with a single database query. numeric
50


VMM property extension database: Add a property

The following properties are used by -add-la-property and wp-add-property configuration tasks. The wp-add-(la-)property uses a secured connection to WAS Check the wp_profile/properties/sas.client.props file and ensure the following setting: com.ibm.CORBA.securityEnabled=true If you are using a remote telnet connection, set com.ibm.CORBA.loginSource to stdin or properties

la.providerURL This value defines the remote endpoint where the portal server or Deployment Manager installation is available. Check the value for localhost:port The port should point to the bootstrap Port of WebSphere_Portal or Deployment Manager. Deployment Manager is used in a cluster environment No values are available. corbaloc:iiop:dmgr.example.com:9809 corbaloc:iiop:localhost:10031
la.propertyName Name of the property that you are adding. Alphanumeric text string email, dept no default
la.entityTypes This value is a list of entity types that the new property is applicable to. Valid values include: Group PersonAccount PersonAccount,Group
no default
la.dataType dataType for property extension database. DATA_TYPE_STRING, DATA_TYPE_INT , DATA_TYPE_DATE , DATA_TYPE_ANY_SIMPLE_TYPE, DATA_TYPE_ANY_URI DATA_TYPE_STRING
DATA_TYPE_INT
DATA_TYPE_DATE
DATA_TYPE_ANY_SIMPLE_TYPE
DATA_TYPE_ANY_URI
DATA_TYPE_BOOLEAN
DATA_TYPE_LONG
DATA_TYPE_DOUBLE
DATA_TYPE_SHORT
no default
la.multiValued Defines if the property can contain multiple attributes or not. true false
no default
repositoryId This value is only used for the wp-add-property task. Adding a property to VMM configuration of a repository does not add the property to the LDAP system. List of repositories that the new property will be added to. The list of repositories must be separated by a comma. Leave the value blank to add the property to all repositories. Alphanumeric text string
no default


VMM LDAP entity type configuration

Provide values for the following properties if you need to create, delete, or add and LDAP entity type configuration. The properties are used with the following configuration tasks: wp-create-ldap-entitytype, wp-delete-ldap-entitytype, and wp-add-ldap-entitytype-rdn

et.ldap.id LDAP server ID. Alphanumeric text string myLDAPServer no default
et.entityTypeName Name of the entity type to be created/updated/deleted. Valid Input values are Group or PersonAccount
no default
et.objectClass Specifies a semi-colon (;) delimited list of object classes to be added. Alpha text string groupOfUniqueNames no default
et.searchFilter Search filter to use to search the entity type. string a filter like departmentNumber=1234 would only allow objects with this department number to be a valid search result no default
et.objectClassesForCreate Specifies a semi-colon (;) delimited list of object classes to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. string groupOfUniqueNames no default
et.searchBases Search bases to use while searching the entity type. string o=foo,o=bar no default
et.rdnName Specifies additional attributes for the wp-add-ldap-entitytype-rdn task. The attribute name used to build the relative distinguished name (RDN) for the entity type. No values are available.
no default
et.ldap.referral Specifies additional attributes for the wp-add-ldap-entitytype-rdn task. This value indicates how the LDAP server should handle referrals to other LDAP servers. ignore follow throw false follow ignore
et.ldap.host
No value specified None available No default value


VMM supported entity types configuration

The wp-update-entitytype task updates the entity type 'entityTypeName' with the value of defaultParent and adds the RDN attribute to the existing list. The wp-set-entitytype task updates the entity type 'entityTypeName' with the value of defaultParent and adds the RDN attribute as only entry in the RDN list

entityTypeName Name of the entity type. Alphanumeric text string
no default
defaultParent Specifies the base entry name that will be used as default parent for the given entity type. Alphanumeric text string
no default
rdnProperties RDN attribute name for the supported entity type in the entity domain name. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
cn
updatePumaSearchBase This value defines if the default search attribute for users and groups in PUMA Store Service should also be updated. No values are available.
false


VMM supported entity types configuration: Update the defaultParent of the entity types Group and PersonAccount

The wp-update-entitytypes task updates the defaultParent of the entity types Group and PersonAccount and adds the RDN attributes to the existing list. The wp-set-entitytypes task updates the defaultParent of the entity types Group and PersonAccount and adds the RDN attributes as only entry in the RDN list

personAccountParent Default parent of the entity type PersonAccount. No values are available.
no default
groupParent Default parents of the entity type Group. No values are available.
no default
personAccountRdnProperties RDN attribute name for the entity type PersonAccount. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
uid
groupRdnProperties RDN attribute name for the entity type Group. To reset all the values of the rdnProperties parameter, specify a blank string (""). No values are available.
cn


VMM supported entity types configuration: Group member attribute configuration

If the group member attribute does not exist, it will be created. The following properties are used with the wp-update-ldap-groupmember and wp-delete-ldap-groupmember tasks.

gm.ldap.id LDAP server ID. Alphanumeric text string
no default
gm.groupMemberName LDAP attribute used as the group member attribute. group member attribute The following are examples uniqueMember
Member no default
gm.objectClass Group object class that contains the member attribute. If not defined, the member attribute applies to all group object classes group object classes The following are examples: groupOfNames
groupOfUnqiueNames no default
gm.scope Scope of the member attribute. The valid values for this parameter include the following: direct: The member attribute only contains direct members.
nested: The member attribute that contains the direct members and the nested members. nested no default
gm.dummyMember If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Sun Java System Directory and Windows AD, the value has to be empty or point to an existing entry in the LDAP directory. No values are available.
no default


VMM supported entity types configuration: Create group member configuration

The following properties are used with the wp-create-ldap-groupconfig task.

gc.ldap.id LDAP server ID. Alphanumeric string
stand-alone
gc.name Name of the membership attribute. Alpha text string
Tivoli Directory Server ibm-allGroups
Lotus Domino no example available
SecureWay Security Server no example available
Novell eDirectory no example available
Sun Java System Directory no example available
Windows AD memberOf
ibm-allGroups
gc.updateGroupMembership This value updates the group membership if the member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value. true false
false
gc.scope Scope of the member attribute. The valid values for this parameter include the following: direct nested direct: The member attribute only contains direct members.
nested: The member attribute that contains the direct members and the nested members. direct nested


VMM supported entity types configuration: Context pool

The following properties are used with the wp-update-ldap-contextpool task.

cp.ldap.id LDAP server used for the context pool. Alphanumeric text string
no default
cp.maxPoolSize Maximum number of context instances that can be maintained concurrently by the context pool. numeric
20


VMM supported entity types configuration: Realm configuration

The following properties are used to in multiple realm configuration tasks. If no realm name is specified, the default realm will be updated Thewp-create-realm tasks uses the following properties: ealmName, addBaseEntry, securityUse, and delimiter The wp-update-realm task uses the following properties: realmName, securityUse, and delimiter The wp-delete-realm task uses the following property: deleteRealmName The wp-default-realm task uses the following property: defaultRealmName The wp-add-realm-baseentry task uses the following properties: realmName and addBaseEntry The wp-delete-realm-baseentry task uses the following properties: realmName and deleteBaseEntry The wp-query-realm-baseentry task uses the following property: realmName The wp-modify-realm-defaultparents task uses the following properties: realmName, realm.personAccountParent, realm.groupParent, and realm.orgContainerParent The wp-modify-realm-enable-dn-login task uses the following property: realmName The wp-modify-realm-disable-dn-login task uses the following property: realmName

realmName Name of the realm to be created or updated. If no realm name is given, the default realm will be updated. Alphanumeric text string
no default
addBaseEntry Name of base entry to be added to the realm. No values are available.
no default
securityUse Specifies a string that indicates if this virtual realm will be used in security now, later, or never. Valid values includes: now, later, never, inactive, and nonSelectable
active
delimiter Delimiter used for this realm. /
/
deleteRealmName Name of the realm to be deleted. No values are available.
no default
defaultRealmName Name of the new default realm. No values are available.
no default
deleteBaseEntry Name of the base entry to be deleted from the realm. No values are available.
no default
realm.personAccountParent Default parents to be set for the entity type PersonAccount. The realm entered in realmName will be used to perform the change. No values are available.
no default
realm.groupParent Default parents to be set for the entity type Group. The realm entered in realmName will be used to perform the change. No values are available.
no default
realm.orgContainerParent Default parents to be set for the entity type OrgContainer. The realm entered in realmName will be used to perform the change. No values are available.
no default


VMM supported entity types configuration: Base entry configuration

The following properties are used by the wp-create-base-entry, wp-update-base-entry, and wp-delete-base-entry. When running the wp-update-base-entry task, if the base entry does not exist, the task will create the entry.

id ID of the repository, where the base entry will be created, updated, or deleted. When a base entry is created, it will automatically be added to the default realm. Alphanumeric text string
no default
baseDN Name of the base entry to be created, updated, or deleted. No values are available.
no default
nameInRepository Distinguished name in the repository that uniquely identifies the base entry name. In most cases this should be the same as baseDN. No values are available.
no default


VMM supported entity types configuration: Change administrative users

The following properties are used by the wp-change-was-admin-user and wp-change-portal-admin-user tasks. The wp-change-portal-admin-user task will also change the admin group if the ID is set.

newAdminId New ID of the administrative user. The "short name" for this new ID should not be identical to the original administrative user ID. The user ID cannot contain a space for example, user ID. On Windows, if the user ID contains a space, place quotes around the fully qualified user ID before running the task. On UNIX, if fully qualified user ID contains a space, place the fully qualified user ID in the properties file or into a parent properties file instead entering it as a flag on the command line. For example, create a parent properties file called mysecurity.properties, enter the fully qualified user ID and then run the task: ./ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties. Alphanumeric text string.
Development configuration without security PortalAdminId=xyzadmin
Tivoli Directory Server uid=,cn=users,dc=myco,dc=com
Lotus Domino cn=,o=myco.com
Novell eDirectory uid=,ou=people,o=myco.com
Sun Java System Directory uid=,ou=people,o=myco.com
Windows AD cn=,cn=users,dc=myco,dc=com
Windows AD LDS cn=,cn=users,dc=myco,dc=com
Windows when the fully qualified user ID contains a space "cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com"
no default
newAdminPw New password of the administrative user. Alphanumeric text string
no default
newAdminGroupId New ID of the portal administrative group. No values are available.
no default


VMM supported entity types configuration: Change attribute configuration

The wp-update-attribute-config task sets the overall required and unsupported properties.

user.attributes.required New (comma separated) list of attributes that are required for user creation No values are available.
sn
user.attributes.nonsupported New (comma separated) list of attributes that will be ignored by portal. No values are available.
certificate,identifier


VMM supported entity types configuration: Restore VMM security

The following properties are used with the wp-restore-default-repository-configuration task.

restore.file.realm Specifies the realm name to be used. A realm with this name will be created. No values are available.
federatedRealm
restore.file.delimiter Delimiter used for this realm. Enter any value but do not leave this field blank.
/
restore.file.primaryAdminId ID (shortname) of the WAS administrative user. The ID must exist in a user repository. No values are available.
adminUID
restore.file.primaryAdminPassword Password (shortname) of the WAS administrative user. No values are available.
adminPWD
restore.file.primaryPortalAdminGroup User group (short name) with administrative permission in portal. The group must exist in the LDAP server. No values are available.
adminGroupCN


VMM supported entity types configuration: Community Isolation and external users

The following properties are used with the wp-configure-community-isolation and wp-configure-external-users task.

communityIsolation.enabled Whether or not the boolean flag should enable community isolation (peer groups). true false
false
externalUsers.enabled Whether or not the boolean flag should enable or disable external users. true false
false
externalUsers.parentDN Parent distinguished name (DN) for new external users. Alphanumeric text string ou=externalUsers,o=defaultWIMFileBasedRealm no default


Additional properties for internal use only

AdditionalPropertiesToFilter Do not change the value of this attribute unless specifically directed to do so by IBM Support No information available.
newAdminPw
wps.userdir Do not change the value of this attribute unless specifically directed to do so by IBM Support. No information available.
PortalServer
WcmConfigured No value specified None available No default value
WcmAuthoringConfigured
No value specified None available No default value


Parent

Configuration properties reference

 


+

Search Tips   |   Advanced Search