wkplc.properties file reference
Overview
Property Description Value Example Default EngineInstallLocation Set by the installer. Should not be changed.. Location of the ConfigEngine root. Directory path with elements delimited by forward slashes (/) /usr/WAS/wp_profile/ConfigEngine Default values are unique for each OS WasSoapPort Port used to connect to the WAS with remote connections. Numeric string 10005 WasRemoteHostName Host name of the remote server that connects to WAS. Host name including the domain, such as my_host_name.mydomain.com your_host_name RegistrySynchronized Whether to synchronized registry. Should never be modified unless a forced synchronization is necessary. true or false
true
General properties: WAS properties
Information about the WAS used in the WebSphere Portal stack.
Property Description Value Example Default VirtualHostName Name of the WAS virtual host. Alphanumeric text string default_host WasUserid User ID for WAS security authentication. For LDAP this value cannot contain spaces and should be the fully qualified DN of a current administrative user for the WAS. For Virtual Manager User Registry database, the short version of the distinguished name must be used. Type the value in lower case, regardless of the case used in the distinguished name (DN).
Custom User Registry wpsbind Tivoli Directory Server uid=wpsbind,cn=users,dc=myco,dc=com Lotus Domino cn=wpsbind,o=myco.com Sun Java System Directory Server uid=wpsbind,ou=people,o=myco.com Novell eDirectory uid=wpsbind,ou=people,o=myco.com Windows AD cn=wpsbind,cn=users,dc=myco,dc=com Windows AD LDS cn=wpsbind,cn=users,dc=myco,dc=com wpsadmin WasPassword Password for the user ID specified for WAS security authentication. Can be specified here or passed via command line using -DWasPassword Alphanumeric text string
ReplaceWithYourWASUserPwd WasHome Directory where WAS product files are installed. The installation program sets this value based on user input during installation. Directory path with elements delimited by forward slashes (/) /usr/WebSphere/AppServer Default values are unique for each OS. WasUserHome Directory where WAS user data is created. The installation program sets this value based on user input during installation. Directory path with elements delimited by forward slashes (/) /usr/WebSphere/AppServer Default values are unique for each OS. ProfileName Name of the WAS profile name. Alphanumeric text string wp_profile wp_profile CellName Name of the WAS cell where the WAS is located. Alphanumeric text string
The default value is based on values defined during the installation process. NodeName Node within the WAS cell where the WAS is located. This value must be unique among other node names in the same cell.Typically this value is the same as the host name for the computer. Alphanumeric text string
The default value is based on values defined during the installation process. ServerName Name of the application server where the WebSphere Portal application is deployed. This value must be unique among other application server names in the same cell. Alphanumeric text string
WebSphere_Portal WasAdminServer Name of the application server for administration. For IBM i, if WAS profile was created with a different WAS administrative server name, you should change this value to reflect that. Alphanumeric text string server1 server1 LTPAPassword Password to encrypt and decrypt the LTPA keys. Alphanumeric text string
no default wasJvmBitType Solaris specific property that specifies whether to use the 64 bit or 32 bit JVM. sparc32 x86 ia32 sparc64 x64 32bit JVM: sparc32, x86, or ia32
64bit JVM: sparc64 or x64sparc32
General properties: WebSphere Portal configuration properties
Provide basic information about WebSphere Portal, such as installation directory, ports numbers, user IDs and passwords, and more.
WpsInstallLocation Directory where WebSphere Portal is installed. Directory path with elements delimited by forward slashes (/) /usr/WAS/PortalServer Default values are unique for each OS. WpsHostName Fully qualified WebSphere Portal host name or the name of the Web server that WAS is configured to use. Set by the installation program based on user input during installation. host name, including the domain; such as: http://WpsHostName:WpsHostPort/WpsContextRoot/WpsDefaultHome In the following example, machinename is the WpsHostName value: http://machinename:80/wps/portal The default value is based on values defined during the installation process. WpsHostPort Transport port number used to access the host machine identified by the WpsHostName property. port number In the following example 80 is the WpsHostPort value: http://localhost:80/wps/portal 80 PortalAdminId User ID for the WebSphere Portal Administrator. The installation program sets this value based on user input during installation. The user ID cannot contain a space: for example, user ID. The user ID cannot be longer than 200 characters. (UNIX only) Some tasks may require you to enter the fully qualified user ID. If fully qualified user ID contains a space; for example:
cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com
.then place the fully qualified user ID in the properties file or into a parent properties file instead of as a flag on the command line. To create a parent properties file called mysecurity.properties, enter the fully qualified user ID, and then run:
/ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties
(Windows only) Some tasks may require you to enter the fully qualified user ID. If fully qualified user ID contains a space; for example:
cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com
.then place quotes around the fully qualified user ID before running the task, like this:
"cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com"
A valid user ID contains only ASCII characters
Development configuration without security PortalAdminId=xyzadmin Tivoli Directory Server uid=,cn=users,dc=myco,dc=com Lotus Domino cn=,o=myco.com Novell eDirectory uid=,ou=people,o=myco.com Sun Java System Directory uid=,ou=people,o=myco.com Windows AD cn=,cn=users,dc=myco,dc=com Windows AD LDS cn=,cn=users,dc=myco,dc=com wpsadmin PortalAdminPwd Password for the WebSphere Portal Administrator. The installation program sets this value based on user input during installation. The password cannot contain a space, for example, pass word. The password cannot be longer than 128 characters. Alphanumeric text string.
no default PortalAdminGroupId Group ID for the WebSphere Portal Administrator group. The installation program sets this value based on user input during installation. Type value in lower case, regardless of the case used in the distinguished name (DN).
Tivoli Directory Server cn=portaladmingroupid,cn=groups,dc=myco,dc=com Lotus Domino cn=portaladmingroupid Windows AD cn=portaladmingroupid,cn=groups,dc=myco,dc=com Windows AD LDS cn=portaladmingroupid,cn=groups,dc=myco,dc=com Sun Java System Directory cn=portaladmingroupid,ou=groups,o=myco.com Novell eDirectory Portal cn=portaladmingroupid,ou=groups,o=myco.com Custom user registry cn=wpsadmins,o=default organization Development configuration without security wpsadmins wpsadmins PortalUniqueID The value is used for the object ID creation mechanism and has to be different for each node. It is usually a MAC address from a communications adapter on this node. Only nodes running on one machine may have the same PortalUniqeID. 12 hex digits unique to this WebSphere Portal instance
00054E48AA0C WpsContextRoot WebSphere Portal context root or base URI. All URLs beginning with this path will be reserved for WebSphere Portal. The value of this property is part of the URL used to access WebSphere Portal from a browser. Alphanumeric text string In the following example, wps is the WpsContextRoot value: http://localhost:80/wps/portal. wps WpsHostBasePort Required for IBM i only. Port block that will be used for the WebSphere Portal Server. port number
10000 SMFLibrary Required for z/OS only. The library where the ifaedjreg.jar file resides No values are available.
no default SMFNativeLibrary Required for z/OS only. Library where the SMF DLLs reside. No values are available.
no default ServerShortName Required for z/OS only. Server's jobname, as specified in the MVS START command JOBNAME parameter. JOBNAME is the name of the task or script that runs when the server is running. MVS (Multiple Virtual Storage) is the name of the OS that runs on the mainframe. This value is also passed as a parameter to the server's start procedures to specify the location of the server's configuration files and identify the server to certain WebSphere for z/OS- exploited z/OS facilities (for example, SAF). The name must be seven or fewer characters and all uppercase. SAF BBOS002 ClusterTransitionName Required for z/OS only. Cluster transition name is the WLM APPLENV (WLM application environment) name for this server. The name must be eight or fewer characters and all uppercase.
BBOC002 WpsSMPEHomeDirectory Required for z/OS only. Location of the SMP/E install image for the WebSphere Portal SMP/E package. No values are available.
no default TransferDomainList Required for database transfer List of database 'domains' that will be transferred by the database-transfer process. Should not be altered unless you want to include or exclude specific domains from the transfer process. Valid database domains include: release,community,customization,jcr,feedback,likeminds release,community,customization,jcr,feedback release,community,customization,jcr,feedback,likeminds
WebSphere Portal cluster properties
The following properties are used if you have a clustered environment.
ClusterName Use this property to specify the cluster name you want to use when creating the cluster. Do not use spaces or special characters in the cluster name. No values are available.
PortalCluster PushFrequency Time, in seconds, to wait before pushing new or modified cache entries to other servers. 1 or greater 1 1 ReplicationType Global sharing policy for this application server. Cache entries are not shared among different application servers. Only invalidation events are send amoung servers in the replication domain. NONE, PUSH, PULL, PUSH_PULL. The default setting is NONE which is the equivalent of NOT_SHARED in the WAS admin UI
NONE PrimaryNode Set to true if this is the primary node in cluster. Set to false if this is an additional cluster node. true false
true
Step-up authentication properties
Step-up authentication enables you to require a stronger level of authentication to access certain pages and assets than the authentication that the client used when initially entering the portal site.
sua_user Key which is used to encrypt the Cookie information. The value does not need to match to a real user. No values are available. myname no default sua_serversecret_password This value is used as an encryption key for the information used in the RememberMe cookie, which is part of the step-up authentication. This does not need to be an existing password. For example, you can use mypassword as the value. No values are available.
no default enable_rememberme This value defines if the Remember me cookie should be enabled when the enable-stepup-authentication task is run. true false.
true disable_rememberme This value defines if the Remember me cookie should be disabled when the disable-stepup-authentication task is run. true false.
true
Virtual portal configuration
Configuration tasks that use the virtual portal configuration properties include: create-virtual-portal, delete-virtual-portal, modify-virtual-portal, list-all-virtual-portals
VirtualPortalTitle If you are creating a virtual portal, this value will be the title of the Virtual Portal. If you deleting or modifying a virtual portal, this is the virtual portal to be deleted or modified. No values are available.
no default VirtualPortalRealm Realm used for the virtual portal defined in VirtualPortalTitle. No values are available.
no default VirtualPortalHostName DNS name of the virtual portal. The virtual portal can be referenced by the DNS name instead of the URL prefix. When the value is left blank, a virtual portal will use the common DNS name by all portals. DNS host name
no default VirtualPortalContext Unique portal context that must be provided for the Virtual Portal. If you set the host name parameter (VirtualPortalHostName), the portal context is ignored. A virtual portal can either be accessed by a DNS/Host name or a URL prefix. When both a DNS/Host name and URL prefix are provided, the DNS/Host name will be used for VirtualPortalContext. URL prefix
no default VirtualPortalNlsFile An optional file which contains language specific information for the Virtual Portal. Create an NLS file to specify additional titles and descriptions in other languages for Virtual Portal. Descriptions can only be provided in an NLS file. Do not use prefixes in that NLS file. If you do not specify an NLS file, the Virtual Portal is created with the title that you give as the value to the VirtualPortalTitle parameter only. Titles and descriptions are not created for other languages. However, if you specify an NLS file, the value given for the virtual portal title in the NLS file overrides the value that you provide for the VirtualPortalTitle property. To create a description for the virtual portal, you have to specify this in a national language support (NLS) file. To modify the title or description of the Virtual Portal, you have to add the new title and description to the NLS file. The path and file name of NLS file.
no default VirtualPortalObjectId This value is the object ID of the virtual portal.The object ID is required to modify and delete Virtual Portals. To determine what this value is, run the following task: list-all-virtual-portals. Do not delete the default Virtual Portal.The Object ID for the default Virtual Portal ends with _0. No values are available.
no default
General security properties
ignoreDuplicateIDs Set to true to recover from an incomplete LDAP repository creation if the repository cannot be deleted. true false
false trimSpaces Set to false and add the attribute to the security ANT target in order to contain trailing spaces of attributes defined in this file. true false
true
Federated security - add or update an LDAP
Use the properties in this section to create (wp-create-ldap) or update (wp-update-federated-ldap) the LDAP configuration in virtual member manager (VMM). If you are updating the LDAP configuration, the federated.ldap.id and federated.ldap.host must match the repository that you want to update.
federated.ldap.id Unique identifier for the repository within the cell. During an update, this value must match the ID of the repository to be updated. Characters that are not allowed in normal XML strings ( & < > " ' )cannot be used in the repository ID. Should be no longer than 36 characters. Alphanumeric text string
no default federated.ldap.host Host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name. During an update, this value must match the ID of the repository to be updated. IP address or domain service name
no default federated.ldap.port LDAP server port. numeric
389 federated.ldap.bindDN Distinguished name for the application server to use when binding to the LDAP repository. No values are available.
no default federated.ldap.bindPassword Password for the application server to use when binding to the LDAP repository. No values are available.
no default federated.ldap.ldapServerType Type of LDAP server to which you connect. AD, ADAM, CUSTOM, DOMINO, IDS, NDS, SUNONE, ZOSDS IDS no default federated.ldap.baseDN LDAP base entry. No values are available.
no default
Group and PersonAccount entity types
The supported entity types are Group and PersonAccount. Group entity type:default searchFilter = <empty>
default objectClasses = groupOfNames
default objectClassesForCreate = groupOfNames
default searchBases = <empty>PersonAccount entity type:
default searchFilter = <empty>
default objectClasses = inetOrgPerson
default objectClassesForCreate = inetOrgPersondefault searchBases = <empty>
federated.ldap.et.group.searchFilter Search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. The syntax is like a standard LDAP searchfilter. If this parameter is blank, VMM will formulate the filter as (&(uid=*)(objectClass=user)). an LDAP search filter (objectclass=groupOfUniqueNames) no default federated.ldap.et.group.objectClasses Specifies one or more object classes (separated by ';') for the entity type. object classes
groupOfUniqueNames federated.ldap.et.group.objectClassesForCreate Specifies one or more object classes (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. object classes
no default federated.ldap.et.group.searchBases Search bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If not specified, VMM will search under the nodes defined in nodeMaps tag. Performance improved if you specify search bases, reducing the numberbases. For multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. For virtual portals with no realm assigned, keep searchBase in sync with the nodes where you want search to start. One or more search bases "cn=u1,dc=myco,dc=com;cn=u2,dc=myco,dc=com" no default federated.ldap.et.personaccount.searchFilter The search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. The syntax is like a standard LDAP searchfilter. If no value is specified for this parameter or if this parameter is blank, VMM will formulate the filter as (&(uid=*)(objectClass=user)). LDAP search filter (objectclass=inetOrgPerson) no default federated.ldap.et.personaccount.objectClasses One or more object classes (separated by ';') for the entity type. Only use those objectclasses that are unique to users: If there are both users and groups with objectclass 'top', then not use this object class here. object classes
inetorgperson federated.ldap.et.personaccount.objectClassesForCreate One or more object classes (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. object classes
no default federated.ldap.et.personaccount.searchBases Search bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If not specified, VMM will search under the nodes defined in nodeMaps tag. Improve performance if you specify search bases, reducing the number of search bases. object classes cn=u1,dc=myco,dc=com;cn=u2,dc=myco,dc=com" no default federated.ldap.gm.groupMemberName LDAP attribute used as the group member attribute. group member attribute Member uniqueMember federated.ldap.gm.objectClass Group object class that contains the member attribute. If not defined, the member attribute applies to all group object classes. group object classes groupOfNames groupOfUniqueNames federated.ldap.gm.scope Scope of the member attribute. direct: The member attribute only contains direct members. nested: The member attribute that contains the direct members and the nested members.
nested direct federated.ldap.gm.dummyMember If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Sun Java System Directory and Windows AD, the value has to be empty or point to an existing entry in the LDAP directory. none available
uid=dummy
Federated security - add or updated LDAP: Advanced properties for Group configuration
Information used to add or update federated LDAP user registry.
federated.ldap.gc.name Name of the membership attribute. No values are available.
Tivoli Directory Server ibm-allGroups Lotus Domino Novell eDirectory Sun Java System Directory Windows AD memberOf no default federated.ldap.gc.updateGroupMembership Update group membership if member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value. true false false federated.ldap.gc.scope Scope of the member attribute. The valid values for this parameter include the following: direct: The member attribute only contains direct members.
nested: The member attribute that contains the direct members and the nested members.
all: The membership attribute contains direct groups, nested groups, and dynamic members.all direct federated.ldap.adapterClassName Implementation class name for the repository adapter. class name
com.ibm.ws.wim.adapter.ldap.LdapAdapter federated.ldap.supportSorting This value indicates if sorting is supported or not. true false
false federated.ldap.supportTransactions This value indicates if transactions are supported or not. true false
false federated.ldap.isExtIdUnique Specifies if the external ID is unique. true false
true federated.ldap.supportExternalName This value indicates if external names are supported or not. true false
false federated.ldap.sslEnabled Whether secure socket communication is enabled to the LDAP server. When enabled (true), the Secure Sockets Layer (SSL) settings for LDAP are used. true false
false federated.ldap.sslConfiguration Name of the application server SSL configuration (such as mySSLconfig) to be used for SSL enabled LDAP server. Application Server SSL configuration names can be found in WAS Administrative console at Security-SSL certificate and key management. This property is used to specify a non-default SSL configuration if federated.ldap.sslEnabled is set to true. No values are available. mySSLconfig no default federated.ldap.certificateMapMode Whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. Specify the certificate filter to use for the mapping if client certificate authentication is used for portal server. EXACT_DN CERTIFICATE_FILTER
EXACT_DN federated.ldap.certificateFilter Filter used to map attributes in the client certificate to entries within the LDAP repository. Specifies the filter certificate mapping property for the LDAP filter if client certificate authentication is used for portal server. The syntax or structure of this filter is: LDAP attribute=${Client certificate attribute} uid=${SubjectCN} no default federated.ldap.supportPaging This value indicates if paging is supported or not. true false
false federated.ldap.authentication This value indicates the authentication method to use. none, strong, simple
simple federated.ldap.loginProperties This value indicates the property name used for login. cn, uid cn uid federated.ldap.referral This value indicates how the LDAP server should handle referrals to other LDAP servers. ignore follow throw false
ignore federated.ldap.derefAliases This value controls how aliases are dereferenced. The valid values for this parameter include the following: always: always deference aliases never: never deference aliases finding: deference aliases only during name resolution searching: deference aliases only after name resolution never always federated.ldap.connectionPool Whether to use the connection pool. true false
false federated.ldap.connectTimeout Connection timeout measured in seconds. numeric
0 federated.ldap.primaryServerQueryTimeInterval This value indicates the polling interval for testing the primary server availability. The value of this parameter is specified in minutes. numeric
15 federated.ldap.returnToPrimaryServer This value indicates to return to the primary LDAP server when it is available. true false
true federated.ldap.searchPageSize Search page size, which represents the number of entries per page. numeric
50 federated.ldap.searchCountLimit Search count limit. numeric
500 federated.ldap.searchTimeLimit Search time limit measured in milliseconds. numeric
120000 federated.ldap.translateRDN This value indicates whether to translate RDN or not. true false
false federated.ldap.cp.maxPoolSize Maximum number of context instances that can be maintained concurrently by the context pool. numeric
20
Federated security - add or updated database
The following properties are used for creating or updating a database user registry configuration. Database modification tasks of VMM need a connection to a running server instance. Check Server is running prior to running these tasks: wp-create-db or wp-update-db
federated.db.DataSourceName JNDI name of the data source used to access the federated database domain. No values are available.
vmmfeddbDS federated.db.DbType Type of database to be used for VMM Federated database domain for information about supported values. Please check wkplc_comp.properties. The valid values for this parameter include the following: db2 db2_iseries db2_zos oracle sqlserver
db2 federated.db.DbUrl Federated domain database URL for information about supported values. Please check wkplc_comp.properties. No values are available.
jdbc:db2:vmmfeddb federated.db.DbName Name of the VMM federated database. Should also appear as the database element in DbUrl. Please verify that you point to the same database. The TCPIP alias for the database
vmmfeddb federated.db.id Unique identifier for the repository within the cell. Alphanumeric text string
vmmDb federated.db.baseDN Database base entry. This is the start point where all DB entities will be stored under. Verify the uniqueness of this string. string
no default federated.db.DbUser Database administrator user ID. Alphanumeric text string
db2admin federated.db.DbPassword Database administrator password. Alphanumeric text string
ReplaceWithYourDbAdminPwd
Federated security - add or update database: Advanced database properties
federated.db.JdbcProviderName Name of jdbc provider to be used. Keep la.JdbcProviderName in sync for the same db type. la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types. la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types. No values are available.
vmmdbJDBC federated.db.DbSchema VMM Federated domain database schema name. Follow the documentation of the target database server in order to define a valid schema name as restrictions apply for some database management systems. No values are available.
federate federated.db.DbNameOnZos Required for DB2 for z/OS and OS/390 only. If running db2_zos as remote database, the name of the remote VMM federated database. If portal is running on z/OS with db2_zos, must be set equal to DbName. Alphanumeric text string
WPSTST02 federated.db.XDbName TCPIP Alias for the database. This property is only required for non-Windows platforms when using DB2 with Type 2 drivers. If you are using Type 4 drivers, this value is not used. It defines the federated database alias that needs to be set if you want to call create-database JDBC driver. The database loop back alias that needs to be set to use the create-local-database-db2 task. The value must be different from the value of dbdomain.DbName. The values for dbdomain.DbName and dbdomain.XDbName must be different in the wpconfig_dbdomain.properties file. For DB2 Content Manager Runtime Edition, this property is the database for tables. Alphanumeric text string Release, Community, Customization, WMM, and the JCR: wps6TCP Feedback: fdbk6TCP LikeMinds: lmdb6TCP wps6TCP federated.db.DbNode Required for Non-Windows platforms when using DB2 only. Node for the VMM federated domain database and needs to be set if you want to call create-database. Alphanumeric text string Examples are provided per database domains: The following example is for Release, Community, Customization, JCR, and VMM databases: wpsNode The following example is for Feedback and LikeMinds databases: pznNode wpsNode federated.db.DbStorageGroup Required for DB2 for z/OS and OS/390 only. Storage group for the VMM federated database. No values are available.
WPSSG federated.db.DbVolumes Required for DB2 for z/OS and OS/390 only. Volumes for the VMM federated database. No values are available.
* federated.db.DbVcat Required for DB2 for z/OS and OS/390 only. VCAT for the VMM federated database. No values are available.
DSN810 federated.db.Db4KBufferPoolName Required for DB2 for z/OS and OS/390 only. 4K bufferpool name for the VMM federated database. No values are available.
BP0 federated.db.Db32KBufferPoolName Required for DB2 for z/OS and OS/390 only. 32K bufferpool name for the VMM federated database. No values are available.
BP32K
Set up database tables
Information needed to configure tables for federated database.
federated.db.reportSqlError Whether to report SQL errors while setting up databases. true false
true federated.db.saltLength Length of the salt which is used when hashing passwords stored in the Member Manager database repository. numeric
12 federated.db.encryptionKey Encryption key to encrypt the database user registry. No values are available. rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s federated.db.adapterClassName Implementation class name for the repository adapter. No values are available.
com.ibm.ws.wim.adapter.db.DBAdapter federated.db.supportSorting This value indicates if sorting is supported or not. true false
false federated.db.supportTransactions This value indicates if transactions are supported or not. true false
false federated.db.isExtIdUnique Specifies if the external ID is unique. true false
true federated.db.supportExternalName This value indicates if external names are supported or not. true false
false federated.db.entityRetrievalLimit Maximum number of entities that the system can retrieve from the database with a single database query. numeric
50
Federated security - Custom user registry properties
The following properties are used to create or updated a custom user registry (CUR) in a federated security configuration. The properties are referenced with the following tasks are run: wp-create-cur and wp-update-federated-cur
federated.cur.id Unique identifier for the repository within the cell. string
no default federated.cur.adapterClassName Implementation class name for the repository adapter. No values are available.
no default federated.cur.baseDN CUR base entry. No values are available.
no default federated.cur.isExtIdUnique Specifies if the external ID is unique. true false
true federated.cur.supportExternalName This value indicates if external names are supported or not. true false
false federated.cur.supportPaging This value indicates if paging is supported or not. true false
false federated.cur.supportSorting This value indicates if sorting is supported or not. true false
false federated.cur.supportTransactions This value indicates if transactions are supported or not. true false
false
Federated customer user registry custom property
The following properties and values are used to create a custom property using the wp-create-cur-custom-property task.
cur.id ID of the repository, where the custom property will be created. Alphanumeric text string.
no default cur.name Name of the custom property. Alphanumeric text string
no default cur.value Value of the custom property. No values are available.
no default
Federated security - Enable federated repository
The following properties are used when you run the wp-modify-federated-security task. The task will enable a Federated repository and the existing default realm will be renamed.
federated.primaryAdminId ID of the WAS administrative user. The ID must exist in a user repository. Alphanumeric text string
Tivoli Directory Server uid=,cn=users,dc=myco,dc=com Lotus Domino cn=,o=myco.com Novell eDirectory uid=,ou=people,o=myco.com Sun Java System Directory uid=,ou=people,o=myco.com Windows AD cn=,cn=users,dc=myco,dc=com xyzadmin federated.realm Realm name to be used. The existing default realm will be renamed.
Alphanumeric text string
no default federated.serverId User ID in the repository used for internal process communication. Alphanumeric text string
Tivoli Directory Server uid=,cn=users,dc=myco,dc=com Lotus Domino cn=,o=myco.com Novell eDirectory uid=,ou=people,o=myco.com Sun Java System Directory uid=,ou=people,o=myco.com Windows AD cn=,cn=users,dc=myco,dc=com no default federated.serverPassword Password for the user ID in the repository used for internal process communication. Alphanumeric text string
no default
Federated security - Enable federated repository: Advanced federated repository properties
federated.registryClassName Registry class name. No values are available.
com.ibm.ws.wim.registry.WIMUserRegistry federated.ignoreCase Whether the query matches case sensitivity. Not used during node federation to DMGR with WAS when LDAP security is enabled. true false
true
Federated security - LDAP attribute configuration validation
The following properties are used with the wp-validate-federated-ldap-attribute-config and wp-update-federated-ldap-attribute-config tasks.
federated.ldap.attributes.nonSupported Comma separated list of attributes that will be added/removed from the list of nonsupported attributes No values are available.
no default federated.ldap.attributes.nonSupported.delete If true, then the attributes in federated.ldap.nonSupported will be deleted from the list of nonsupported attributes, else they will be added. No values are available.
no default federated.ldap.attributes.mapping.ldapName Name of the attribute in LDAP. Alphanumeric text string
no default federated.ldap.attributes.mapping.portalName Name of the attribute in portal. No values are available.
no default federated.ldap.attributes.mapping.entityTypes List of entityTypes the mapping should be applied to. No values are available.
PersonAccount,Group
The following properties are used the wp-delete-repository task.
federated.delete.baseentry Name of the base entry to be deleted from the default realm. If the base entry exists in other realms, it has to be deleted manually first. Leave this empty only if you want to delete the property extension repository. No values are available.
no default federated.delete.id ID of the repository to be deleted from the VMM configuration. Must be set to LA if you want to delete the property extension repository. Alphanumeric text string
no default
Stand-alone security - Modify or updated the LDAP
The following properties are used with the wp-modify-ldap.security and wp-update-standalone-ldap tasks.
standalone.ldap.id Unique identifier for the repository within the cell. Should be no longer than 36 characters. Alphanumeric text string
no default standalone.ldap.host Host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name. No values are available.
no default standalone.ldap.port LDAP server port. numeric
no default standalone.ldap.bindDN Distinguished name for the application server to use when binding to the LDAP repository. No values are available.
no default standalone.ldap.bindPassword Password for the application server to use when binding to the LDAP repository. Alphanumeric text string
no default standalone.ldap.ldapServerType Type of LDAP server to which you connect. AD, ADAM, CUSTOM, DOMINO, IDS, NDS, SUNONE, ZOSDS IDS no default standalone.ldap.userIdMap LDAP filter that maps the short name of a user to an LDAP entry. Not used during node federation to DMGR with WAS LDAP security enabled. This value can be multiple objectclass:property pairs delimited by a semicolon (;). The following examples displays entries of the object class = inetOrgPerson type by their IDs: inetOrgPerson:uid. no default standalone.ldap.groupIdMap LDAP filter that maps the short name of a group to an LDAP entry. Specifies the piece of information that represents groups when groups display. Use the asterisk (*) as a wildcard character that searches on any object class in this case. Not used during node federation to DMGR with WAS LDAP security enabled. This value can be multiple objectclass:property pairs, delimited by a semicolon (;). The following example displays groups by their names: *:cn no default standalone.ldap.groupMemberIdMap LDAP filter that identifies user-to-group relationships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. Not used during node federation to DMGR with WAS LDAP security enabled. Lotus Domino and SecureWay Security Server, this value can be multiple objectclass:property pairs, delimited by a semicolon (;). For Tivoli Directory Server, Sun Java System Directory, and Windows AD, this value can be multiple group attribute:member attribute pairs delimited by a semicolon (;).
no default standalone.ldap.userFilter LDAP user filter that searches the user registry for users. Not used during node federation to DMGR with WAS LDAP security enabled. No values are available. The following example would be used to look up users based on their user IDs:(&(uid=%v)(objectclass=inetOrgPerson)) no default standalone.ldap.groupFilter LDAP group filter that searches the user registry for groups. Not used during node federation to DMGR with WAS LDAP security enabled. No values are available.
no default standalone.ldap.serverId User ID in the repository used for internal process communication. Not used during node federation to DMGR with WAS LDAP security enabled. Alphanumeric text string
Tivoli Directory Server uid=,cn=users,dc=myco,dc=com Lotus Domino cn=,o=myco.com Novell eDirectory uid=,ou=people,o=myco.com Sun Java System Directory uid=,ou=people,o=myco.com Windows AD cn=,cn=users,dc=myco,dc=com no default standalone.ldap.serverPassword Password for the user ID in the repository used for internal process communication. Not used during node federation to DMGR with WAS LDAP security enabled. Alphanumeric text string
no default standalone.ldap.realm Security context of this server. A realm with this name will be created. Alphanumeric text string
no default standalone.ldap.primaryAdminId WAS administrative user ID. The ID must exist in the LDAP server. Alphanumeric text string
no default standalone.ldap.primaryAdminPassword Password for the WAS administrative user ID. The ID must exist in the LDAP server. Alphanumeric text string
no default standalone.ldap.primaryPortalAdminId WebSphere Portal administrative user ID. The ID must exist in the LDAP server. Alphanumeric text string
no default standalone.ldap.primaryPortalAdminPassword Password for the WebSphere Portal administrative user ID. The ID must exist in the LDAP server. Alphanumeric text string
no default standalone.ldap.primaryPortalAdminGroup User group with administrative permission in portal. The group must exist in the LDAP server. Alphanumeric text string
no default standalone.ldap.baseDN LDAP base entry. This is the startpoint for all LDAP searches of WAS Security No values are available.
no default
LDAP entity types: properties for entity type Group
standalone.ldap.et.group.searchFilter Search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. This value can be left blank. If you leave the value blank, no additional filter is applied and the other VMM configuration is used. The syntax is like a standard LDAP search filter. (objectclass=groupOfUniqueNames) no default standalone.ldap.et.group.objectClasses Specifies one or more object classes (separated by ';') for the group entity type. One or more object classes (separated by ';')
groupOfUniqueNames standalone.ldap.et.group.objectClassesForCreate Object classes separated by a semi-colon (;) to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. No values are available.
no default standalone.ldap.et.group.searchBases Search bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If not specified, VMM will search under the nodes defined in nodeMaps tag. Improve performance if you specify search bases, reducing the number of search bases. For multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. For virtual portals with no realm assigned, keep searchBase in sync with the nodes where you want search to start. One or more search bases "cn=u1,dc=myco,dc=com;cn=u2,dc=myco,dc=com" no default standalone.ldap.et.personaccount.searchFilter Search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. This value can be left blank. This value can be left blank. The syntax is like a standard LDAP search filter. (objectclass=inetorgperson) no default standalone.ldap.et.personaccount.objectClasses Should match the objectclass used in LDAP for type User. One or more object classes, separated by a semi-colon (;) for the entity type.
inetorgperson standalone.ldap.et.personaccount.objectClassesForCreate Object classes, separated by a semi-colon (;), to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. No values are available.
no default standalone.ldap.et.personaccount.searchBases Search bases to use while searching the entity type. No values are available.
no default
Group member attributes
standalone.ldap.gm.groupMemberName LDAP attribute used as the group member attribute. No values are available.
uniqueMember standalone.ldap.gm.objectClass Group object class that contains the member attribute. If not defined, the member attribute applies to all group object classes group object classes groupOfNames
groupOfUnqiueNamesgroupOfUniqueNames standalone.ldap.gm.scope Scope of the member attribute. The valid values for this parameter include the following: direct: The member attribute only contains direct members.
nested: The member attribute that contains the direct members and the nested members.
nested direct standalone.ldap.gm.dummyMember If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Sun Java System Directory and Windows AD, the value has to be empty or point to an existing entry in the LDAP directory. No values are available.
uid=dummy
Default parent, RDN attribute
standalone.ldap.personAccountParent Default parent to be set for the entity type PersonAccount. No values are available.
no default standalone.ldap.groupParent Default parent to be set for the entity type Group. No values are available.
no default standalone.ldap.personAccountRdnProperties RDN attribute name for the entity type PersonAccount. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
uid standalone.ldap.groupRdnProperties RDN attribute name for the entity type Group. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
cn
Advanced Properties for Group configuration
The following properties are only used in a stand-alone security environment.
standalone.ldap.gc.name Name of the membership attribute. No values are available.
Tivoli Directory Server ibm-allGroups Lotus Domino no example available Novell eDirectory no example available Sun Java System Directory no example available Windows AD memberOf no default standalone.ldap.gc.updateGroupMembership This value updates the group membership if the member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value. true false
no default standalone.ldap.gc.scope Scope of the member attribute. The valid values for this parameter include the following: direct: The member attribute only contains direct members.
nested: The member attribute that contains the direct members and the nested members.
all: The membership attribute contains direct groups, nested groups, and dynamic members.
all direct standalone.ldap.derefAliases This value controls how aliases are dereferenced. The valid values for this parameter include the following: always: always deference aliases never: never deference aliases
deference aliases only during name resolution
searching: deference aliases only after name resolutionnever always standalone.ldap.authentication This value indicates the authentication method to use. none, strong, simple
simple standalone.ldap.referral This value indicates how the LDAP server should handle referrals to other LDAP servers. ignore follow throw false
ignore standalone.ldap.delimiter Delimiter used for this realm. Enter any value but do not leave this field blank.
/ standalone.ldap.ignoreCase Whether the query matches case sensitivity. Not used during node federation to DMGR with WAS when LDAP security is enabled. true false
true standalone.ldap.sslEnabled Whether secure socket communication is enabled to the LDAP server. When enabled (true), the Secure Sockets Layer (SSL) settings for LDAP are used. true false
false standalone.ldap.sslConfiguration Name of the application server SSL configuration (such as mySSLconfig) to be used for SSL enabled LDAP server. Application Server SSL configuration names can be found in WAS Administrative console at Security-SSL certificate and key management. This property is used to specify a non default SSL configuration if federated.ldap.sslEnabled is set to true. No values are available.
no default standalone.ldap.certificateMapMode Whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. Specifies the certificate filter to use for the mapping, if client certificate authentication is used for portal server. EXACT_DN CERTIFICATE_FILTER
EXACT_DN standalone.ldap.certificateFilter This filter is used to map attributes in the client certificate to entries within the LDAP repository. Specifies the filter certificate mapping property for the LDAP filter if client certificate authentication is used for portal server. The syntax or structure of this filter is: LDAP attribute=${Client certificate attribute} uid=${SubjectCN} no default standalone.ldap.reuseConnection Should be set to true by default to reuse the LDAP connection. Not used during node federation to DMGR with WAS when LDAP security is enabled. true false
true standalone.ldap.searchTimeLimit Search time limit measured in milliseconds. numeric
120000 standalone.ldap.connectionPool Whether to use the connection pool. true false
false standalone.ldap.connectTimeout Connection timeout measured in seconds. numeric
0 standalone.ldap.supportSorting This value indicates if sorting is supported or not. true false
false standalone.ldap.supportPaging This value indicates if paging is supported or not. true false
false standalone.ldap.supportTransactions This value indicates if transactions are supported or not. true false
false standalone.ldap.isExtIdUnique Specifies if the external ID is unique. true false
true standalone.ldap.supportExternalName This value indicates if external names are supported or not. true false
false standalone.ldap.translateRDN This value indicates to whether to translate RDN or not. true false
false standalone.ldap.searchCountLimit Search count limit. numeric
500 standalone.ldap.searchPageSize Search page size, which is the number of entries per page. numeric
50 standalone.ldap.returnToPrimaryServer This value indicates to return to the primary LDAP server when it is available. true false
true standalone.ldap.primaryServerQueryTimeInterval This value indicates the polling interval for testing the primary server availability. The value of this parameter is specified in minutes. numeric
15 standalone.ldap.loginProperties This value indicates the property name used for the login. cn uid cn uid standalone.ldap.cp.maxPoolSize Maximum number of context instances that can be maintained concurrently by the context pool. numeric
20
LDAP attribute configuration
If you need to update or validate the stand-alone LDAP attribute configuration, you need to provide values for the following properties. The following configuration tasks use the LDAP attribute configuration properties: wp-validate-standalone-ldap-attribute-config and wp-update-standalone-ldap-attribute-config
standalone.ldap.attributes.nonSupported This value is a comma separated list of attributes that will be added/removed from the list of nonsupported attributes No values are available.
no default standalone.ldap.attributes.nonSupported.delete If true, then the attributes in federated.ldap.nonSupported will be deleted from the list of nonsupported attributes, else they will be added. No values are available.
no default standalone.ldap.attributes.mapping.ldapName Name of the attribute in the LDAP server. No values are available.
no default standalone.ldap.attributes.mapping.portalName Name of the attribute in portal. No values are available.
no default standalone.ldap.attributes.mapping.entityTypes List of entityTypes the mapping should be applied to. No values are available.
PersonAccount,Group
Stand-alone custom user registry configuration
The following properties require values only if you have a custom user registry (CUR) that you need to update. The properties are used with the following configuration tasks: wp-modify-cur-security and wp-update-standalone-cur
standalone.cur.id Unique identifier for the repository within the cell. string
no default standalone.cur.baseDN CUR base entry. No values are available.
no default standalone.cur.realm Security context of this server. No values are available.
no default standalone.cur.delimiter Delimiter used for this realm. No values are available.
/ standalone.cur.adapterClassName Implementation class name for the repository adapter. No values are available.
no default standalone.cur.WasAdapterClassName Implementation class name for the WebSphere custom user registry adapter. No values are available.
no default standalone.cur.propertyName This value is a custom property name-value pair. A custom property will only be added if the standalone.cur.propertyName is defined. No values are available.
no default standalone.cur.propertyValue This value is a custom property name-value pair. A custom property will only be added if the standalone.cur.propertyName is defined. No values are available.
no default standalone.cur.primaryAdminId WAS administrative user ID. The ID must exist in a custom user repository. Alphanumeric text string
no default standalone.cur.primaryAdminPassword Password for the WAS administrative user ID. The ID must exist in a custom user repository. Alphanumeric text string
no default standalone.cur.primaryPortalAdminId WebSphere Portal administrative user ID. The ID must exist in the custom user repository. Alphanumeric text string
no default standalone.cur.primaryPortalAdminPassword Password for the WebSphere Portal administrative user ID. The ID must exist in the custom user repository. Alphanumeric text string
no default standalone.cur.primaryPortalAdminGroup User group with administrative permission in portal. The group must exist in the custom user repository. Alphanumeric text string
no default standalone.cur.personAccountParent Default parent to be set for the entity type PersonAccount. No values are available.
no default standalone.cur.groupParent Default parent to be set for the entity type Group. No values are available.
no default standalone.cur.personAccountRdnProperties RDN attribute name for the entity type PersonAccount. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
uid standalone.cur.groupRdnProperties RDN attribute name for the entity type Group. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
cn standalone.cur.isExtIdUnique Specifies if the external ID is unique. true false
true standalone.cur.supportExternalName This value indicates if external names are supported or not. true false
false standalone.cur.supportPaging This value indicates if paging is supported or not. true false
false standalone.cur.supportSorting This value indicates if sorting is supported or not. true false none available false standalone.cur.supportTransactions This value indicates if transactions are supported or not. true false
false
VMM property extension database properties
Property extension database was previously called the lookaside database. The property extension database stores additional attributes that cannot be stored in the LDAP user registry. Database modification tasks of VMM need a connection to a running server instance. Check to make sure server is running. The properties are used with the following tasks: wp-configure-la-complete and wp-add-la-property
la.JdbcProviderName Name of JDBC provider portal uses to communicate with its databases. To keep federated.db.JdbcProviderName in sync for the same database type, la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types Alphanumeric text string
vmmdbJDBC la.DbType Type of database to be used for the VMM property extension database domain. Valid values include the following: db2 db2_i db2_zos oracle sqlserver sqlserver2005
db2 la.DbUrl Federated domain database URL for information about supported values. Please check wkplc_comp.properties. No values are available.
jdbc:db2:vmmladb la.DbName Name of the VMM property extension database. Should also appear as the database element in DbUrl. Verify that you point to the same database. For non-Windows platforms when using DB2, this value is the TCPIP Alias for the database. For DB2 and DB2 for z/OS, this value cannot exceed 8 characters and can only contain letters and numbers. Refer to database documentation for more information. For DB2, this value must be different from the value of dbdomain.XDbName. If you change the name of the WebSphere Portal data source due to a database migration, manually update this property in the portal_server_root/config/wpconfig_dbdomain.properties file to maintain the proper resource reference mapping. Alphanumeric text string
Community comm Customization cust Feedback fdbkdb JCR jcrdb LikeMinds lmdb Release release VMM vmmdb vmmladb la.DataSourceName Name of the datasource to be used for VMM Federated DB domain. Alphanumeric text string
vmmladbDS la.DbUser Database administrator user ID. This value is specific to DB2. Alphanumeric text string
db2admin la.DbPassword Database administrator password Alphanumeric text string
ReplaceWithYourDbAdminPwd
VMM property extension database: Advanced properties
la.DbSchema VMM property extension database domain database schema name. Follow the documentation of the target database management system in order to define a valid schema name as restrictions apply for some database management systems. No values are available.
federate la.DbNameOnZos Required for DB2 for z/OS and OS/390 only. If you are running DB2 for z/OS as remote database, this value is the name of the remote VMM property extension database. If portal is running on z/OS and db2 for z/OS is on the same server, this value must be set equal to DbName value. No values are available.
WPSTST02 la.XDbName Required for Non-Windows platforms when using DB2 locally (on the same server) and DB2 is using the Type 2 JDBC driver. The VMM property extension database alias that needs to be set if you want to use the create-database task. No values are available.
wps6TCP la.DbNode Required for Non-Windows platforms when using DB2 only. Node for the VMM property extension domain database and needs to be set if you want to use the create-database task. No values are available.
wpsNode la.DbStorageGroup Required for DB2 for z/OS and OS/390 only. Storage group for the VMM property extension database for the Web Content Management JCR. No values are available.
WPSSG la.DbVolumes Required for DB2 for z/OS and OS/390 only. Volumes for the VMM lookaside database. No values are available.
* la.DbVcat Required for DB2 for z/OS and OS/390 only. VCAT for the VMM property extension database. No values are available.
DSN810 la.Db4KBufferPoolName Required for DB2 for z/OS and OS/390 only. 4K bufferpool name for the VMM property extension database. No values are available.
BP0 la.Db32KBufferPoolName Required for DB2 for z/OS and OS/390 only. 32K bufferpool name for the VMM property extension database. No values are available.
BP32K
VMM property extension database: Create property extension tables
la.reportSqlError Whether to report SQL errors while setting up databases. true false
true la.entityRetrievalLimit Maximum number of entities that the system can retrieve from the database with a single database query. numeric
50
VMM property extension database: Add a property
The following properties are used by -add-la-property and wp-add-property configuration tasks. The wp-add-(la-)property uses a secured connection to WAS Check the wp_profile/properties/sas.client.props file and ensure the following setting: com.ibm.CORBA.securityEnabled=true If you are using a remote telnet connection, set com.ibm.CORBA.loginSource to stdin or properties
la.providerURL This value defines the remote endpoint where the portal server or Deployment Manager installation is available. Check the value for localhost:port The port should point to the bootstrap Port of WebSphere_Portal or Deployment Manager. Deployment Manager is used in a cluster environment No values are available. corbaloc:iiop:dmgr.example.com:9809 corbaloc:iiop:localhost:10031 la.propertyName Name of the property that you are adding. Alphanumeric text string email, dept no default la.entityTypes This value is a list of entity types that the new property is applicable to. Valid values include: Group PersonAccount PersonAccount,Group
no default la.dataType dataType for property extension database. DATA_TYPE_STRING, DATA_TYPE_INT , DATA_TYPE_DATE , DATA_TYPE_ANY_SIMPLE_TYPE, DATA_TYPE_ANY_URI DATA_TYPE_STRING
DATA_TYPE_INT
DATA_TYPE_DATE
DATA_TYPE_ANY_SIMPLE_TYPE
DATA_TYPE_ANY_URI
DATA_TYPE_BOOLEAN
DATA_TYPE_LONG
DATA_TYPE_DOUBLE
DATA_TYPE_SHORTno default la.multiValued Defines if the property can contain multiple attributes or not. true false
no default repositoryId This value is only used for the wp-add-property task. Adding a property to VMM configuration of a repository does not add the property to the LDAP system. List of repositories that the new property will be added to. The list of repositories must be separated by a comma. Leave the value blank to add the property to all repositories. Alphanumeric text string
no default
VMM LDAP entity type configuration
Provide values for the following properties if you need to create, delete, or add and LDAP entity type configuration. The properties are used with the following configuration tasks: wp-create-ldap-entitytype, wp-delete-ldap-entitytype, and wp-add-ldap-entitytype-rdn
et.ldap.id LDAP server ID. Alphanumeric text string myLDAPServer no default et.entityTypeName Name of the entity type to be created/updated/deleted. Valid Input values are Group or PersonAccount
no default et.objectClass Specifies a semi-colon (;) delimited list of object classes to be added. Alpha text string groupOfUniqueNames no default et.searchFilter Search filter to use to search the entity type. string a filter like departmentNumber=1234 would only allow objects with this department number to be a valid search result no default et.objectClassesForCreate Specifies a semi-colon (;) delimited list of object classes to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. string groupOfUniqueNames no default et.searchBases Search bases to use while searching the entity type. string o=foo,o=bar no default et.rdnName Specifies additional attributes for the wp-add-ldap-entitytype-rdn task. The attribute name used to build the relative distinguished name (RDN) for the entity type. No values are available.
no default et.ldap.referral Specifies additional attributes for the wp-add-ldap-entitytype-rdn task. This value indicates how the LDAP server should handle referrals to other LDAP servers. ignore follow throw false follow ignore et.ldap.host
No value specified None available No default value
VMM supported entity types configuration
The wp-update-entitytype task updates the entity type 'entityTypeName' with the value of defaultParent and adds the RDN attribute to the existing list. The wp-set-entitytype task updates the entity type 'entityTypeName' with the value of defaultParent and adds the RDN attribute as only entry in the RDN list
entityTypeName Name of the entity type. Alphanumeric text string
no default defaultParent Specifies the base entry name that will be used as default parent for the given entity type. Alphanumeric text string
no default rdnProperties RDN attribute name for the supported entity type in the entity domain name. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
cn updatePumaSearchBase This value defines if the default search attribute for users and groups in PUMA Store Service should also be updated. No values are available.
false
VMM supported entity types configuration: Update the defaultParent of the entity types Group and PersonAccount
The wp-update-entitytypes task updates the defaultParent of the entity types Group and PersonAccount and adds the RDN attributes to the existing list. The wp-set-entitytypes task updates the defaultParent of the entity types Group and PersonAccount and adds the RDN attributes as only entry in the RDN list
personAccountParent Default parent of the entity type PersonAccount. No values are available.
no default groupParent Default parents of the entity type Group. No values are available.
no default personAccountRdnProperties RDN attribute name for the entity type PersonAccount. To reset all the values of the rdnProperties parameter, specify a blank string (""). string
uid groupRdnProperties RDN attribute name for the entity type Group. To reset all the values of the rdnProperties parameter, specify a blank string (""). No values are available.
cn
VMM supported entity types configuration: Group member attribute configuration
If the group member attribute does not exist, it will be created. The following properties are used with the wp-update-ldap-groupmember and wp-delete-ldap-groupmember tasks.
gm.ldap.id LDAP server ID. Alphanumeric text string
no default gm.groupMemberName LDAP attribute used as the group member attribute. group member attribute The following are examples uniqueMember Member no default gm.objectClass Group object class that contains the member attribute. If not defined, the member attribute applies to all group object classes group object classes The following are examples: groupOfNames groupOfUnqiueNames no default gm.scope Scope of the member attribute. The valid values for this parameter include the following: direct: The member attribute only contains direct members. nested: The member attribute that contains the direct members and the nested members. nested no default gm.dummyMember If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Sun Java System Directory and Windows AD, the value has to be empty or point to an existing entry in the LDAP directory. No values are available.
no default
VMM supported entity types configuration: Create group member configuration
The following properties are used with the wp-create-ldap-groupconfig task.
gc.ldap.id LDAP server ID. Alphanumeric string
stand-alone gc.name Name of the membership attribute. Alpha text string
Tivoli Directory Server ibm-allGroups Lotus Domino no example available SecureWay Security Server no example available Novell eDirectory no example available Sun Java System Directory no example available Windows AD memberOf ibm-allGroups gc.updateGroupMembership This value updates the group membership if the member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value. true false
false gc.scope Scope of the member attribute. The valid values for this parameter include the following: direct nested direct: The member attribute only contains direct members. nested: The member attribute that contains the direct members and the nested members. direct nested
VMM supported entity types configuration: Context pool
The following properties are used with the wp-update-ldap-contextpool task.
cp.ldap.id LDAP server used for the context pool. Alphanumeric text string
no default cp.maxPoolSize Maximum number of context instances that can be maintained concurrently by the context pool. numeric
20
VMM supported entity types configuration: Realm configuration
The following properties are used to in multiple realm configuration tasks. If no realm name is specified, the default realm will be updated Thewp-create-realm tasks uses the following properties: ealmName, addBaseEntry, securityUse, and delimiter The wp-update-realm task uses the following properties: realmName, securityUse, and delimiter The wp-delete-realm task uses the following property: deleteRealmName The wp-default-realm task uses the following property: defaultRealmName The wp-add-realm-baseentry task uses the following properties: realmName and addBaseEntry The wp-delete-realm-baseentry task uses the following properties: realmName and deleteBaseEntry The wp-query-realm-baseentry task uses the following property: realmName The wp-modify-realm-defaultparents task uses the following properties: realmName, realm.personAccountParent, realm.groupParent, and realm.orgContainerParent The wp-modify-realm-enable-dn-login task uses the following property: realmName The wp-modify-realm-disable-dn-login task uses the following property: realmName
realmName Name of the realm to be created or updated. If no realm name is given, the default realm will be updated. Alphanumeric text string
no default addBaseEntry Name of base entry to be added to the realm. No values are available.
no default securityUse Specifies a string that indicates if this virtual realm will be used in security now, later, or never. Valid values includes: now, later, never, inactive, and nonSelectable
active delimiter Delimiter used for this realm. /
/ deleteRealmName Name of the realm to be deleted. No values are available.
no default defaultRealmName Name of the new default realm. No values are available.
no default deleteBaseEntry Name of the base entry to be deleted from the realm. No values are available.
no default realm.personAccountParent Default parents to be set for the entity type PersonAccount. The realm entered in realmName will be used to perform the change. No values are available.
no default realm.groupParent Default parents to be set for the entity type Group. The realm entered in realmName will be used to perform the change. No values are available.
no default realm.orgContainerParent Default parents to be set for the entity type OrgContainer. The realm entered in realmName will be used to perform the change. No values are available.
no default
VMM supported entity types configuration: Base entry configuration
The following properties are used by the wp-create-base-entry, wp-update-base-entry, and wp-delete-base-entry. When running the wp-update-base-entry task, if the base entry does not exist, the task will create the entry.
id ID of the repository, where the base entry will be created, updated, or deleted. When a base entry is created, it will automatically be added to the default realm. Alphanumeric text string
no default baseDN Name of the base entry to be created, updated, or deleted. No values are available.
no default nameInRepository Distinguished name in the repository that uniquely identifies the base entry name. In most cases this should be the same as baseDN. No values are available.
no default
VMM supported entity types configuration: Change administrative users
The following properties are used by the wp-change-was-admin-user and wp-change-portal-admin-user tasks. The wp-change-portal-admin-user task will also change the admin group if the ID is set.
newAdminId New ID of the administrative user. The "short name" for this new ID should not be identical to the original administrative user ID. The user ID cannot contain a space for example, user ID. On Windows, if the user ID contains a space, place quotes around the fully qualified user ID before running the task. On UNIX, if fully qualified user ID contains a space, place the fully qualified user ID in the properties file or into a parent properties file instead entering it as a flag on the command line. For example, create a parent properties file called mysecurity.properties, enter the fully qualified user ID and then run the task: ./ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties. Alphanumeric text string.
Development configuration without security PortalAdminId=xyzadmin Tivoli Directory Server uid=,cn=users,dc=myco,dc=com Lotus Domino cn=,o=myco.com Novell eDirectory uid=,ou=people,o=myco.com Sun Java System Directory uid=,ou=people,o=myco.com Windows AD cn=,cn=users,dc=myco,dc=com Windows AD LDS cn=,cn=users,dc=myco,dc=com Windows when the fully qualified user ID contains a space "cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com" no default newAdminPw New password of the administrative user. Alphanumeric text string
no default newAdminGroupId New ID of the portal administrative group. No values are available.
no default
VMM supported entity types configuration: Change attribute configuration
The wp-update-attribute-config task sets the overall required and unsupported properties.
user.attributes.required New (comma separated) list of attributes that are required for user creation No values are available.
sn user.attributes.nonsupported New (comma separated) list of attributes that will be ignored by portal. No values are available.
certificate,identifier
VMM supported entity types configuration: Restore VMM security
The following properties are used with the wp-restore-default-repository-configuration task.
restore.file.realm Specifies the realm name to be used. A realm with this name will be created. No values are available.
federatedRealm restore.file.delimiter Delimiter used for this realm. Enter any value but do not leave this field blank.
/ restore.file.primaryAdminId ID (shortname) of the WAS administrative user. The ID must exist in a user repository. No values are available.
adminUID restore.file.primaryAdminPassword Password (shortname) of the WAS administrative user. No values are available.
adminPWD restore.file.primaryPortalAdminGroup User group (short name) with administrative permission in portal. The group must exist in the LDAP server. No values are available.
adminGroupCN
VMM supported entity types configuration: Community Isolation and external users
The following properties are used with the wp-configure-community-isolation and wp-configure-external-users task.
communityIsolation.enabled Whether or not the boolean flag should enable community isolation (peer groups). true false
false externalUsers.enabled Whether or not the boolean flag should enable or disable external users. true false
false externalUsers.parentDN Parent distinguished name (DN) for new external users. Alphanumeric text string ou=externalUsers,o=defaultWIMFileBasedRealm no default
Additional properties for internal use only
AdditionalPropertiesToFilter Do not change the value of this attribute unless specifically directed to do so by IBM Support No information available.
newAdminPw wps.userdir Do not change the value of this attribute unless specifically directed to do so by IBM Support. No information available.
PortalServer WcmConfigured No value specified None available No default value WcmAuthoringConfigured
No value specified None available No default value
Parent
Configuration properties reference