Information about the WAS used in the WebSphere Portal stack.
| Property
| Description
| Value
| Example
| Default
|
| VirtualHostName
| Name of the WAS virtual host.
| Alphanumeric text string
|
| default_host
|
| WasUserid
| User ID for WAS security authentication. For LDAP this value cannot contain spaces and should be the fully qualified DN of a current administrative user for the WAS. For Virtual Manager User Registry database, the short version of the distinguished name must be used.
| Type the value in lower case, regardless of the case used in the distinguished name (DN).
|
| Custom User Registry
| wpsbind
|
| Tivoli Directory Server
| uid=wpsbind,cn=users,dc=myco,dc=com
|
| Lotus Domino
| cn=wpsbind,o=myco.com
|
| Sun Java System Directory Server
| uid=wpsbind,ou=people,o=myco.com
|
| Novell eDirectory
| uid=wpsbind,ou=people,o=myco.com
|
| Windows AD
| cn=wpsbind,cn=users,dc=myco,dc=com
|
| Windows AD LDS
| cn=wpsbind,cn=users,dc=myco,dc=com
|
| wpsadmin
|
| WasPassword
| Password for the user ID specified for WAS security authentication. Can be specified here or passed via command line using -DWasPassword
| Alphanumeric text string
|
| ReplaceWithYourWASUserPwd
|
| WasHome
| Directory where WAS product files are installed. The installation program sets this value based on user input during installation.
| Directory path with elements delimited by forward slashes (/)
| /usr/WebSphere/AppServer
| Default values are unique for each OS.
|
| WasUserHome
| Directory where WAS user data is created. The installation program sets this value based on user input during installation.
| Directory path with elements delimited by forward slashes (/)
| /usr/WebSphere/AppServer
| Default values are unique for each OS.
|
| ProfileName
| Name of the WAS profile name.
| Alphanumeric text string
| wp_profile
| wp_profile
|
| CellName
| Name of the WAS cell where the WAS is located.
| Alphanumeric text string
|
| The default value is based on values defined during the installation process.
|
| NodeName
| Node within the WAS cell where the WAS is located. This value must be unique among other node names in the same cell.Typically this value is the same as the host name for the computer.
| Alphanumeric text string
|
| The default value is based on values defined during the installation process.
|
| ServerName
| Name of the application server where the WebSphere Portal application is deployed. This value must be unique among other application server names in the same cell.
| Alphanumeric text string
|
| WebSphere_Portal
|
| WasAdminServer
| Name of the application server for administration. For IBM i, if WAS profile was created with a different WAS administrative server name, you should change this value to reflect that.
| Alphanumeric text string
| server1
| server1
|
| LTPAPassword
| Password to encrypt and decrypt the LTPA keys.
| Alphanumeric text string
|
| no default
|
| wasJvmBitType
| Solaris specific property that specifies whether to use the 64 bit or 32 bit JVM.
| sparc32 x86 ia32 sparc64 x64
|
32bit JVM: sparc32, x86, or ia32
64bit JVM: sparc64 or x64
| sparc32
|
| WpsInstallLocation
| Directory where WebSphere Portal is installed.
| Directory path with elements delimited by forward slashes (/)
| /usr/WAS/PortalServer
| Default values are unique for each OS.
|
| WpsHostName
| Fully qualified WebSphere Portal host name or the name of the Web server that WAS is configured to use. Set by the installation program based on user input during installation.
| host name, including the domain; such as: http://WpsHostName:WpsHostPort/WpsContextRoot/WpsDefaultHome
| In the following example, machinename is the WpsHostName value: http://machinename:80/wps/portal
| The default value is based on values defined during the installation process.
|
| WpsHostPort
| Transport port number used to access the host machine identified by the WpsHostName property.
| port number
| In the following example 80 is the WpsHostPort value: http://localhost:80/wps/portal
| 80
|
| PortalAdminId
| User ID for the WebSphere Portal Administrator. The installation program sets this value based on user input during installation. The user ID cannot contain a space: for example, user ID. The user ID cannot be longer than 200 characters.
(UNIX only) Some tasks may require you to enter the fully qualified user ID. If fully qualified user ID contains a space; for example:
cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com
.then place the fully qualified user ID in the properties file or into a parent properties file instead of as a flag on the command line. To create a parent properties file called mysecurity.properties, enter the fully qualified user ID, and then run:
/ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties
(Windows only) Some tasks may require you to enter the fully qualified user ID. If fully qualified user ID contains a space; for example:
cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com
.then place quotes around the fully qualified user ID before running the task, like this:
"cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com"
| A valid user ID contains only ASCII characters
|
| Development configuration without security
| PortalAdminId=xyzadmin
|
| Tivoli Directory Server
| uid=,cn=users,dc=myco,dc=com
|
| Lotus Domino
| cn=,o=myco.com
|
| Novell eDirectory
| uid=,ou=people,o=myco.com
|
| Sun Java System Directory
| uid=,ou=people,o=myco.com
|
| Windows AD
| cn=,cn=users,dc=myco,dc=com
|
| Windows AD LDS
| cn=,cn=users,dc=myco,dc=com
|
| wpsadmin
|
| PortalAdminPwd
| Password for the WebSphere Portal Administrator. The installation program sets this value based on user input during installation. The password cannot contain a space, for example, pass word. The password cannot be longer than 128 characters.
| Alphanumeric text string.
|
| no default
|
| PortalAdminGroupId
| Group ID for the WebSphere Portal Administrator group. The installation program sets this value based on user input during installation.
| Type value in lower case, regardless of the case used in the distinguished name (DN).
| Tivoli Directory Server
| cn=portaladmingroupid,cn=groups,dc=myco,dc=com
|
| Lotus Domino
| cn=portaladmingroupid
|
| Windows AD
| cn=portaladmingroupid,cn=groups,dc=myco,dc=com
|
| Windows AD LDS
| cn=portaladmingroupid,cn=groups,dc=myco,dc=com
|
| Sun Java System Directory
| cn=portaladmingroupid,ou=groups,o=myco.com
|
| Novell eDirectory Portal
| cn=portaladmingroupid,ou=groups,o=myco.com
|
| Custom user registry
| cn=wpsadmins,o=default organization
|
| Development configuration without security
| wpsadmins
|
| wpsadmins
|
| PortalUniqueID
| The value is used for the object ID creation mechanism and has to be different for each node. It is usually a MAC address from a communications adapter on this node. Only nodes running on one machine may have the same PortalUniqeID.
| 12 hex digits unique to this WebSphere Portal instance
|
| 00054E48AA0C
|
| WpsContextRoot
| WebSphere Portal context root or base URI. All URLs beginning with this path will be reserved for WebSphere Portal. The value of this property is part of the URL used to access WebSphere Portal from a browser.
| Alphanumeric text string
| In the following example, wps is the WpsContextRoot value: http://localhost:80/wps/portal.
| wps
|
| WpsHostBasePort
| Required for IBM i only. Port block that will be used for the WebSphere Portal Server.
| port number
|
| 10000
|
| SMFLibrary
| Required for z/OS only. The library where the ifaedjreg.jar file resides
| No values are available.
|
| no default
|
| SMFNativeLibrary
| Required for z/OS only. Library where the SMF DLLs reside.
| No values are available.
|
| no default
|
| ServerShortName
| Required for z/OS only. Server's jobname, as specified in the MVS START command JOBNAME parameter. JOBNAME is the name of the task or script that runs when the server is running. MVS (Multiple Virtual Storage) is the name of the OS that runs on the mainframe. This value is also passed as a parameter to the server's start procedures to specify the location of the server's configuration files and identify the server to certain WebSphere for z/OS- exploited z/OS facilities (for example, SAF).
| The name must be seven or fewer characters and all uppercase.
| SAF
| BBOS002
|
| ClusterTransitionName
| Required for z/OS only. Cluster transition name is the WLM APPLENV (WLM application environment) name for this server.
| The name must be eight or fewer characters and all uppercase.
|
| BBOC002
|
| WpsSMPEHomeDirectory
| Required for z/OS only. Location of the SMP/E install image for the WebSphere Portal SMP/E package.
| No values are available.
|
| no default
|
| TransferDomainList
| Required for database transfer List of database 'domains' that will be transferred by the database-transfer process. Should not be altered unless you want to include or exclude specific domains from the transfer process.
| Valid database domains include: release,community,customization,jcr,feedback,likeminds
| release,community,customization,jcr,feedback
| release,community,customization,jcr,feedback,likeminds
|
| VirtualPortalTitle
| If you are creating a virtual portal, this value will be the title of the Virtual Portal. If you deleting or modifying a virtual portal, this is the virtual portal to be deleted or modified.
| No values are available.
|
| no default
|
| VirtualPortalRealm
| Realm used for the virtual portal defined in VirtualPortalTitle.
| No values are available.
|
| no default
|
| VirtualPortalHostName
| DNS name of the virtual portal. The virtual portal can be referenced by the DNS name instead of the URL prefix. When the value is left blank, a virtual portal will use the common DNS name by all portals.
| DNS host name
|
| no default
|
| VirtualPortalContext
| Unique portal context that must be provided for the Virtual Portal. If you set the host name parameter (VirtualPortalHostName), the portal context is ignored. A virtual portal can either be accessed by a DNS/Host name or a URL prefix. When both a DNS/Host name and URL prefix are provided, the DNS/Host name will be used for VirtualPortalContext.
| URL prefix
|
| no default
|
| VirtualPortalNlsFile
| An optional file which contains language specific information for the Virtual Portal. Create an NLS file to specify additional titles and descriptions in other languages for Virtual Portal. Descriptions can only be provided in an NLS file. Do not use prefixes in that NLS file. If you do not specify an NLS file, the Virtual Portal is created with the title that you give as the value to the VirtualPortalTitle parameter only. Titles and descriptions are not created for other languages. However, if you specify an NLS file, the value given for the virtual portal title in the NLS file overrides the value that you provide for the VirtualPortalTitle property. To create a description for the virtual portal, you have to specify this in a national language support (NLS) file. To modify the title or description of the Virtual Portal, you have to add the new title and description to the NLS file.
| The path and file name of NLS file.
|
| no default
|
| VirtualPortalObjectId
| This value is the object ID of the virtual portal.The object ID is required to modify and delete Virtual Portals. To determine what this value is, run the following task: list-all-virtual-portals. Do not delete the default Virtual Portal.The Object ID for the default Virtual Portal ends with _0.
| No values are available.
|
| no default
|
| federated.ldap.et.group.searchFilter
| Search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. The syntax is like a standard LDAP searchfilter. If this parameter is blank, VMM will formulate the filter as (&(uid=*)(objectClass=user)).
| an LDAP search filter
| (objectclass=groupOfUniqueNames)
| no default
|
| federated.ldap.et.group.objectClasses
| Specifies one or more object classes (separated by ';') for the entity type.
| object classes
|
| groupOfUniqueNames
|
| federated.ldap.et.group.objectClassesForCreate
| Specifies one or more object classes (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter.
| object classes
|
| no default
|
| federated.ldap.et.group.searchBases
| Search bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If not specified, VMM will search under the nodes defined in nodeMaps tag. Performance improved if you specify search bases, reducing the numberbases. For multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. For virtual portals with no realm assigned, keep searchBase in sync with the nodes where you want search to start.
| One or more search bases
| "cn=u1,dc=myco,dc=com;cn=u2,dc=myco,dc=com"
| no default
|
| federated.ldap.et.personaccount.searchFilter
| The search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. The syntax is like a standard LDAP searchfilter. If no value is specified for this parameter or if this parameter is blank, VMM will formulate the filter as (&(uid=*)(objectClass=user)).
| LDAP search filter
| (objectclass=inetOrgPerson)
| no default
|
| federated.ldap.et.personaccount.objectClasses
| One or more object classes (separated by ';') for the entity type. Only use those objectclasses that are unique to users: If there are both users and groups with objectclass 'top', then not use this object class here.
| object classes
|
| inetorgperson
|
| federated.ldap.et.personaccount.objectClassesForCreate
| One or more object classes (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter.
| object classes
|
| no default
|
| federated.ldap.et.personaccount.searchBases
| Search bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If not specified, VMM will search under the nodes defined in nodeMaps tag. Improve performance if you specify search bases, reducing the number of search bases.
| object classes
| cn=u1,dc=myco,dc=com;cn=u2,dc=myco,dc=com"
| no default
|
| federated.ldap.gm.groupMemberName
| LDAP attribute used as the group member attribute.
| group member attribute
| Member
| uniqueMember
|
| federated.ldap.gm.objectClass
| Group object class that contains the member attribute. If not defined, the member attribute applies to all group object classes.
| group object classes
| groupOfNames
| groupOfUniqueNames
|
| federated.ldap.gm.scope
| Scope of the member attribute.
| direct: The member attribute only contains direct members.
nested: The member attribute that contains the direct members and the nested members.
| nested
| direct
|
| federated.ldap.gm.dummyMember
| If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Sun Java System Directory and Windows AD, the value has to be empty or point to an existing entry in the LDAP directory.
| none available
|
| uid=dummy
|
| federated.ldap.gc.name
| Name of the membership attribute.
| No values are available.
|
| no default
|
| federated.ldap.gc.updateGroupMembership
| Update group membership if member is deleted or renamed.
| Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value.
| true false
| false
|
| federated.ldap.gc.scope
| Scope of the member attribute.
| The valid values for this parameter include the following:
direct: The member attribute only contains direct members.
nested: The member attribute that contains the direct members and the nested members.
all: The membership attribute contains direct groups, nested groups, and dynamic members.
| all
| direct
|
| federated.ldap.adapterClassName
| Implementation class name for the repository adapter.
| class name
|
| com.ibm.ws.wim.adapter.ldap.LdapAdapter
|
| federated.ldap.supportSorting
| This value indicates if sorting is supported or not.
| true false
|
| false
|
| federated.ldap.supportTransactions
| This value indicates if transactions are supported or not.
| true false
|
| false
|
| federated.ldap.isExtIdUnique
| Specifies if the external ID is unique.
| true false
|
| true
|
| federated.ldap.supportExternalName
| This value indicates if external names are supported or not.
| true false
|
| false
|
| federated.ldap.sslEnabled
| Whether secure socket communication is enabled to the LDAP server. When enabled (true), the Secure Sockets Layer (SSL) settings for LDAP are used.
| true false
|
| false
|
| federated.ldap.sslConfiguration
| Name of the application server SSL configuration (such as mySSLconfig) to be used for SSL enabled LDAP server. Application Server SSL configuration names can be found in WAS Administrative console at Security-SSL certificate and key management. This property is used to specify a non-default SSL configuration if federated.ldap.sslEnabled is set to true.
| No values are available.
| mySSLconfig
| no default
|
| federated.ldap.certificateMapMode
| Whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. Specify the certificate filter to use for the mapping if client certificate authentication is used for portal server.
| EXACT_DN CERTIFICATE_FILTER
|
| EXACT_DN
|
| federated.ldap.certificateFilter
| Filter used to map attributes in the client certificate to entries within the LDAP repository. Specifies the filter certificate mapping property for the LDAP filter if client certificate authentication is used for portal server.
| The syntax or structure of this filter is: LDAP attribute=${Client certificate attribute}
| uid=${SubjectCN}
| no default
|
| federated.ldap.supportPaging
| This value indicates if paging is supported or not.
| true false
|
| false
|
| federated.ldap.authentication
| This value indicates the authentication method to use.
| none, strong, simple
|
| simple
|
| federated.ldap.loginProperties
| This value indicates the property name used for login.
| cn, uid
| cn
| uid
|
| federated.ldap.referral
| This value indicates how the LDAP server should handle referrals to other LDAP servers.
| ignore follow throw false
|
| ignore
|
| federated.ldap.derefAliases
| This value controls how aliases are dereferenced.
| The valid values for this parameter include the following:
always: always deference aliases
|
| never: never deference aliases
|
| finding: deference aliases only during name resolution
|
| searching: deference aliases only after name resolution
| never
| always
|
| federated.ldap.connectionPool
| Whether to use the connection pool.
| true false
|
| false
|
| federated.ldap.connectTimeout
| Connection timeout measured in seconds.
| numeric
|
| 0
|
| federated.ldap.primaryServerQueryTimeInterval
| This value indicates the polling interval for testing the primary server availability. The value of this parameter is specified in minutes.
| numeric
|
| 15
|
| federated.ldap.returnToPrimaryServer
| This value indicates to return to the primary LDAP server when it is available.
| true false
|
| true
|
| federated.ldap.searchPageSize
| Search page size, which represents the number of entries per page.
| numeric
|
| 50
|
| federated.ldap.searchCountLimit
| Search count limit.
| numeric
|
| 500
|
| federated.ldap.searchTimeLimit
| Search time limit measured in milliseconds.
| numeric
|
| 120000
|
| federated.ldap.translateRDN
| This value indicates whether to translate RDN or not.
| true false
|
| false
|
| federated.ldap.cp.maxPoolSize
| Maximum number of context instances that can be maintained concurrently by the context pool.
| numeric
|
| 20
|
| federated.db.JdbcProviderName
| Name of jdbc provider to be used. Keep la.JdbcProviderName in sync for the same db type. la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types. la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types.
| No values are available.
|
| vmmdbJDBC
|
| federated.db.DbSchema
| VMM Federated domain database schema name. Follow the documentation of the target database server in order to define a valid schema name as restrictions apply for some database management systems.
| No values are available.
|
| federate
|
| federated.db.DbNameOnZos
| Required for DB2 for z/OS and OS/390 only. If running db2_zos as remote database, the name of the remote VMM federated database. If portal is running on z/OS with db2_zos, must be set equal to DbName.
| Alphanumeric text string
|
| WPSTST02
|
| federated.db.XDbName
| TCPIP Alias for the database. This property is only required for non-Windows platforms when using DB2 with Type 2 drivers. If you are using Type 4 drivers, this value is not used. It defines the federated database alias that needs to be set if you want to call create-database JDBC driver. The database loop back alias that needs to be set to use the create-local-database-db2 task. The value must be different from the value of dbdomain.DbName. The values for dbdomain.DbName and dbdomain.XDbName must be different in the wpconfig_dbdomain.properties file. For DB2 Content Manager Runtime Edition, this property is the database for tables.
| Alphanumeric text string
|
Release, Community, Customization, WMM, and the JCR: wps6TCP
|
| Feedback: fdbk6TCP
|
| LikeMinds: lmdb6TCP
| wps6TCP
|
| federated.db.DbNode
| Required for Non-Windows platforms when using DB2 only. Node for the VMM federated domain database and needs to be set if you want to call create-database.
| Alphanumeric text string
| Examples are provided per database domains:
The following example is for Release, Community, Customization, JCR, and VMM databases: wpsNode
| The following example is for Feedback and LikeMinds databases: pznNode
| wpsNode
|
| federated.db.DbStorageGroup
| Required for DB2 for z/OS and OS/390 only. Storage group for the VMM federated database.
| No values are available.
|
| WPSSG
|
| federated.db.DbVolumes
| Required for DB2 for z/OS and OS/390 only. Volumes for the VMM federated database.
| No values are available.
|
| *
|
| federated.db.DbVcat
| Required for DB2 for z/OS and OS/390 only. VCAT for the VMM federated database.
| No values are available.
|
| DSN810
|
| federated.db.Db4KBufferPoolName
| Required for DB2 for z/OS and OS/390 only. 4K bufferpool name for the VMM federated database.
| No values are available.
|
| BP0
|
| federated.db.Db32KBufferPoolName
| Required for DB2 for z/OS and OS/390 only. 32K bufferpool name for the VMM federated database.
| No values are available.
|
| BP32K
|
| federated.db.reportSqlError
| Whether to report SQL errors while setting up databases.
| true false
|
| true
|
| federated.db.saltLength
| Length of the salt which is used when hashing passwords stored in the Member Manager database repository.
| numeric
|
| 12
|
| federated.db.encryptionKey
| Encryption key to encrypt the database user registry.
| No values are available.
| rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s
| rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s
|
| federated.db.adapterClassName
| Implementation class name for the repository adapter.
| No values are available.
|
| com.ibm.ws.wim.adapter.db.DBAdapter
|
| federated.db.supportSorting
| This value indicates if sorting is supported or not.
| true false
|
| false
|
| federated.db.supportTransactions
| This value indicates if transactions are supported or not.
| true false
|
| false
|
| federated.db.isExtIdUnique
| Specifies if the external ID is unique.
| true false
|
| true
|
| federated.db.supportExternalName
| This value indicates if external names are supported or not.
| true false
|
| false
|
| federated.db.entityRetrievalLimit
| Maximum number of entities that the system can retrieve from the database with a single database query.
| numeric
|
| 50
|
| federated.primaryAdminId
| ID of the WAS administrative user. The ID must exist in a user repository.
| Alphanumeric text string
|
| Tivoli Directory Server
| uid=,cn=users,dc=myco,dc=com
|
| Lotus Domino
| cn=,o=myco.com
|
| Novell eDirectory
| uid=,ou=people,o=myco.com
|
| Sun Java System Directory
| uid=,ou=people,o=myco.com
|
| Windows AD
| cn=,cn=users,dc=myco,dc=com
|
| xyzadmin
|
| federated.realm
Realm name to be used. The existing default realm will be renamed.
| Alphanumeric text string
|
| no default
|
| federated.serverId
| User ID in the repository used for internal process communication.
| Alphanumeric text string
|
| Tivoli Directory Server
| uid=,cn=users,dc=myco,dc=com
|
| Lotus Domino
| cn=,o=myco.com
|
| Novell eDirectory
| uid=,ou=people,o=myco.com
|
| Sun Java System Directory
| uid=,ou=people,o=myco.com
|
| Windows AD
| cn=,cn=users,dc=myco,dc=com
|
| no default
|
| federated.serverPassword
| Password for the user ID in the repository used for internal process communication.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.id
| Unique identifier for the repository within the cell. Should be no longer than 36 characters.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.host
| Host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name.
| No values are available.
|
| no default
|
| standalone.ldap.port
| LDAP server port.
| numeric
|
| no default
|
| standalone.ldap.bindDN
| Distinguished name for the application server to use when binding to the LDAP repository.
| No values are available.
|
| no default
|
| standalone.ldap.bindPassword
| Password for the application server to use when binding to the LDAP repository.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.ldapServerType
| Type of LDAP server to which you connect.
| AD, ADAM, CUSTOM, DOMINO, IDS, NDS, SUNONE, ZOSDS
| IDS
| no default
|
| standalone.ldap.userIdMap
| LDAP filter that maps the short name of a user to an LDAP entry. Not used during node federation to DMGR with WAS LDAP security enabled.
| This value can be multiple objectclass:property pairs delimited by a semicolon (;).
| The following examples displays entries of the object class = inetOrgPerson type by their IDs: inetOrgPerson:uid.
| no default
|
| standalone.ldap.groupIdMap
| LDAP filter that maps the short name of a group to an LDAP entry. Specifies the piece of information that represents groups when groups display. Use the asterisk (*) as a wildcard character that searches on any object class in this case. Not used during node federation to DMGR with WAS LDAP security enabled.
| This value can be multiple objectclass:property pairs, delimited by a semicolon (;).
| The following example displays groups by their names: *:cn
| no default
|
| standalone.ldap.groupMemberIdMap
| LDAP filter that identifies user-to-group relationships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. Not used during node federation to DMGR with WAS LDAP security enabled.
| Lotus Domino and SecureWay Security Server, this value can be multiple objectclass:property pairs, delimited by a semicolon (;).
For Tivoli Directory Server, Sun Java System Directory, and Windows AD, this value can be multiple group attribute:member attribute pairs delimited by a semicolon (;).
|
| no default
|
| standalone.ldap.userFilter
| LDAP user filter that searches the user registry for users. Not used during node federation to DMGR with WAS LDAP security enabled.
| No values are available.
| The following example would be used to look up users based on their user IDs:(&(uid=%v)(objectclass=inetOrgPerson))
| no default
|
| standalone.ldap.groupFilter
| LDAP group filter that searches the user registry for groups. Not used during node federation to DMGR with WAS LDAP security enabled.
| No values are available.
|
| no default
|
| standalone.ldap.serverId
| User ID in the repository used for internal process communication. Not used during node federation to DMGR with WAS LDAP security enabled.
| Alphanumeric text string
|
| Tivoli Directory Server
| uid=,cn=users,dc=myco,dc=com
|
| Lotus Domino
| cn=,o=myco.com
|
| Novell eDirectory
| uid=,ou=people,o=myco.com
|
| Sun Java System Directory
| uid=,ou=people,o=myco.com
|
| Windows AD
| cn=,cn=users,dc=myco,dc=com
|
| no default
|
| standalone.ldap.serverPassword
| Password for the user ID in the repository used for internal process communication. Not used during node federation to DMGR with WAS LDAP security enabled.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.realm
| Security context of this server. A realm with this name will be created.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.primaryAdminId
| WAS administrative user ID. The ID must exist in the LDAP server.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.primaryAdminPassword
| Password for the WAS administrative user ID. The ID must exist in the LDAP server.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.primaryPortalAdminId
| WebSphere Portal administrative user ID. The ID must exist in the LDAP server.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.primaryPortalAdminPassword
| Password for the WebSphere Portal administrative user ID. The ID must exist in the LDAP server.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.primaryPortalAdminGroup
| User group with administrative permission in portal. The group must exist in the LDAP server.
| Alphanumeric text string
|
| no default
|
| standalone.ldap.baseDN
| LDAP base entry. This is the startpoint for all LDAP searches of WAS Security
| No values are available.
|
| no default
|
| standalone.ldap.et.group.searchFilter
| Search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. This value can be left blank. If you leave the value blank, no additional filter is applied and the other VMM configuration is used.
| The syntax is like a standard LDAP search filter.
| (objectclass=groupOfUniqueNames)
| no default
|
| standalone.ldap.et.group.objectClasses
| Specifies one or more object classes (separated by ';') for the group entity type.
| One or more object classes (separated by ';')
|
| groupOfUniqueNames
|
| standalone.ldap.et.group.objectClassesForCreate
| Object classes separated by a semi-colon (;) to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter.
| No values are available.
|
| no default
|
| standalone.ldap.et.group.searchBases
| Search bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If not specified, VMM will search under the nodes defined in nodeMaps tag. Improve performance if you specify search bases, reducing the number of search bases. For multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. For virtual portals with no realm assigned, keep searchBase in sync with the nodes where you want search to start.
| One or more search bases
| "cn=u1,dc=myco,dc=com;cn=u2,dc=myco,dc=com"
| no default
|
| standalone.ldap.et.personaccount.searchFilter
| Search filter to use to search the entity type. VMM uses this filter as an addition during search requests in environment. This value can be left blank. This value can be left blank.
| The syntax is like a standard LDAP search filter.
| (objectclass=inetorgperson)
| no default
|
| standalone.ldap.et.personaccount.objectClasses
| Should match the objectclass used in LDAP for type User.
| One or more object classes, separated by a semi-colon (;) for the entity type.
|
| inetorgperson
|
| standalone.ldap.et.personaccount.objectClassesForCreate
| Object classes, separated by a semi-colon (;), to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter.
| No values are available.
|
| no default
|
| standalone.ldap.et.personaccount.searchBases
| Search bases to use while searching the entity type.
| No values are available.
|
| no default
|
| standalone.ldap.gc.name
| Name of the membership attribute.
| No values are available.
|
Tivoli Directory Server
ibm-allGroups
Lotus Domino
no example available
Novell eDirectory
no example available
Sun Java System Directory
no example available
| Windows AD
memberOf
| | | | |
| no default
|
| standalone.ldap.gc.updateGroupMembership
| This value updates the group membership if the member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value.
| true false
|
| no default
|
| standalone.ldap.gc.scope
| Scope of the member attribute.
| The valid values for this parameter include the following:
direct: The member attribute only contains direct members.
nested: The member attribute that contains the direct members and the nested members.
all: The membership attribute contains direct groups, nested groups, and dynamic members.
| all
| direct
|
| standalone.ldap.derefAliases
| This value controls how aliases are dereferenced.
| The valid values for this parameter include the following:
always: always deference aliases
never: never deference aliases
deference aliases only during name resolution
searching: deference aliases only after name resolution
| never
| always
|
| standalone.ldap.authentication
| This value indicates the authentication method to use.
| none, strong, simple
|
| simple
|
| standalone.ldap.referral
| This value indicates how the LDAP server should handle referrals to other LDAP servers.
| ignore follow throw false
|
| ignore
|
| standalone.ldap.delimiter
| Delimiter used for this realm.
| Enter any value but do not leave this field blank.
|
| /
|
| standalone.ldap.ignoreCase
| Whether the query matches case sensitivity. Not used during node federation to DMGR with WAS when LDAP security is enabled.
| true false
|
| true
|
| standalone.ldap.sslEnabled
| Whether secure socket communication is enabled to the LDAP server. When enabled (true), the Secure Sockets Layer (SSL) settings for LDAP are used.
| true false
|
| false
|
| standalone.ldap.sslConfiguration
| Name of the application server SSL configuration (such as mySSLconfig) to be used for SSL enabled LDAP server. Application Server SSL configuration names can be found in WAS Administrative console at Security-SSL certificate and key management. This property is used to specify a non default SSL configuration if federated.ldap.sslEnabled is set to true.
| No values are available.
|
| no default
|
| standalone.ldap.certificateMapMode
| Whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. Specifies the certificate filter to use for the mapping, if client certificate authentication is used for portal server.
| EXACT_DN CERTIFICATE_FILTER
|
| EXACT_DN
|
| standalone.ldap.certificateFilter
| This filter is used to map attributes in the client certificate to entries within the LDAP repository. Specifies the filter certificate mapping property for the LDAP filter if client certificate authentication is used for portal server.
| The syntax or structure of this filter is: LDAP attribute=${Client certificate attribute}
| uid=${SubjectCN}
| no default
|
| standalone.ldap.reuseConnection
| Should be set to true by default to reuse the LDAP connection. Not used during node federation to DMGR with WAS when LDAP security is enabled.
| true false
|
| true
|
| standalone.ldap.searchTimeLimit
| Search time limit measured in milliseconds.
| numeric
|
| 120000
|
| standalone.ldap.connectionPool
| Whether to use the connection pool.
| true false
|
| false
|
| standalone.ldap.connectTimeout
| Connection timeout measured in seconds.
| numeric
|
| 0
|
| standalone.ldap.supportSorting
| This value indicates if sorting is supported or not.
| true false
|
| false
|
| standalone.ldap.supportPaging
| This value indicates if paging is supported or not.
| true false
|
| false
|
| standalone.ldap.supportTransactions
| This value indicates if transactions are supported or not.
| true false
|
| false
|
| standalone.ldap.isExtIdUnique
| Specifies if the external ID is unique.
| true false
|
| true
|
| standalone.ldap.supportExternalName
| This value indicates if external names are supported or not.
| true false
|
| false
|
| standalone.ldap.translateRDN
| This value indicates to whether to translate RDN or not.
| true false
|
| false
|
| standalone.ldap.searchCountLimit
| Search count limit.
| numeric
|
| 500
|
| standalone.ldap.searchPageSize
| Search page size, which is the number of entries per page.
| numeric
|
| 50
|
| standalone.ldap.returnToPrimaryServer
| This value indicates to return to the primary LDAP server when it is available.
| true false
|
| true
|
| standalone.ldap.primaryServerQueryTimeInterval
| This value indicates the polling interval for testing the primary server availability. The value of this parameter is specified in minutes.
| numeric
|
| 15
|
| standalone.ldap.loginProperties
| This value indicates the property name used for the login.
| cn uid
| cn
| uid
|
| standalone.ldap.cp.maxPoolSize
| Maximum number of context instances that can be maintained concurrently by the context pool.
| numeric
|
| 20
|
| standalone.cur.id
| Unique identifier for the repository within the cell.
| string
|
| no default
|
| standalone.cur.baseDN
| CUR base entry.
| No values are available.
|
| no default
|
| standalone.cur.realm
| Security context of this server.
| No values are available.
|
| no default
|
| standalone.cur.delimiter
| Delimiter used for this realm.
| No values are available.
|
| /
|
| standalone.cur.adapterClassName
| Implementation class name for the repository adapter.
| No values are available.
|
| no default
|
| standalone.cur.WasAdapterClassName
| Implementation class name for the WebSphere custom user registry adapter.
| No values are available.
|
| no default
|
| standalone.cur.propertyName
| This value is a custom property name-value pair. A custom property will only be added if the standalone.cur.propertyName is defined.
| No values are available.
|
| no default
|
| standalone.cur.propertyValue
| This value is a custom property name-value pair. A custom property will only be added if the standalone.cur.propertyName is defined.
| No values are available.
|
| no default
|
| standalone.cur.primaryAdminId
| WAS administrative user ID. The ID must exist in a custom user repository.
| Alphanumeric text string
|
| no default
|
| standalone.cur.primaryAdminPassword
| Password for the WAS administrative user ID. The ID must exist in a custom user repository.
| Alphanumeric text string
|
| no default
|
| standalone.cur.primaryPortalAdminId
| WebSphere Portal administrative user ID. The ID must exist in the custom user repository.
| Alphanumeric text string
|
| no default
|
| standalone.cur.primaryPortalAdminPassword
| Password for the WebSphere Portal administrative user ID. The ID must exist in the custom user repository.
| Alphanumeric text string
|
| no default
|
| standalone.cur.primaryPortalAdminGroup
| User group with administrative permission in portal. The group must exist in the custom user repository.
| Alphanumeric text string
|
| no default
|
| standalone.cur.personAccountParent
| Default parent to be set for the entity type PersonAccount.
| No values are available.
|
| no default
|
| standalone.cur.groupParent
| Default parent to be set for the entity type Group.
| No values are available.
|
| no default
|
| standalone.cur.personAccountRdnProperties
| RDN attribute name for the entity type PersonAccount. To reset all the values of the rdnProperties parameter, specify a blank string ("").
| string
|
| uid
|
| standalone.cur.groupRdnProperties
| RDN attribute name for the entity type Group. To reset all the values of the rdnProperties parameter, specify a blank string ("").
| string
|
| cn
|
| standalone.cur.isExtIdUnique
| Specifies if the external ID is unique.
| true false
|
| true
|
| standalone.cur.supportExternalName
| This value indicates if external names are supported or not.
| true false
|
| false
|
| standalone.cur.supportPaging
| This value indicates if paging is supported or not.
| true false
|
| false
|
| standalone.cur.supportSorting
| This value indicates if sorting is supported or not.
| true false
| none available
| false
|
| standalone.cur.supportTransactions
| This value indicates if transactions are supported or not.
| true false
|
| false
|
| la.providerURL
| This value defines the remote endpoint where the portal server or Deployment Manager installation is available. Check the value for localhost:port The port should point to the bootstrap Port of WebSphere_Portal or Deployment Manager. Deployment Manager is used in a cluster environment
| No values are available.
| corbaloc:iiop:dmgr.example.com:9809
| corbaloc:iiop:localhost:10031
|
| la.propertyName
| Name of the property that you are adding.
| Alphanumeric text string
| email, dept
| no default
|
| la.entityTypes
| This value is a list of entity types that the new property is applicable to.
| Valid values include: Group PersonAccount PersonAccount,Group
|
| no default
|
| la.dataType
| dataType for property extension database.
| DATA_TYPE_STRING, DATA_TYPE_INT , DATA_TYPE_DATE , DATA_TYPE_ANY_SIMPLE_TYPE, DATA_TYPE_ANY_URI
|
DATA_TYPE_STRING
DATA_TYPE_INT
DATA_TYPE_DATE
DATA_TYPE_ANY_SIMPLE_TYPE
DATA_TYPE_ANY_URI
DATA_TYPE_BOOLEAN
DATA_TYPE_LONG
DATA_TYPE_DOUBLE
DATA_TYPE_SHORT
| no default
|
| la.multiValued
| Defines if the property can contain multiple attributes or not.
| true false
|
| no default
|
| repositoryId
| This value is only used for the wp-add-property task. Adding a property to VMM configuration of a repository does not add the property to the LDAP system. List of repositories that the new property will be added to. The list of repositories must be separated by a comma. Leave the value blank to add the property to all repositories.
| Alphanumeric text string
|
| no default
|
| realmName
| Name of the realm to be created or updated. If no realm name is given, the default realm will be updated.
| Alphanumeric text string
|
| no default
|
| addBaseEntry
| Name of base entry to be added to the realm.
| No values are available.
|
| no default
|
| securityUse
| Specifies a string that indicates if this virtual realm will be used in security now, later, or never.
| Valid values includes: now, later, never, inactive, and nonSelectable
|
| active
|
| delimiter
| Delimiter used for this realm.
| /
|
| /
|
| deleteRealmName
| Name of the realm to be deleted.
| No values are available.
|
| no default
|
| defaultRealmName
| Name of the new default realm.
| No values are available.
|
| no default
|
| deleteBaseEntry
| Name of the base entry to be deleted from the realm.
| No values are available.
|
| no default
|
| realm.personAccountParent
| Default parents to be set for the entity type PersonAccount. The realm entered in realmName will be used to perform the change.
| No values are available.
|
| no default
|
| realm.groupParent
| Default parents to be set for the entity type Group. The realm entered in realmName will be used to perform the change.
| No values are available.
|
| no default
|
| realm.orgContainerParent
| Default parents to be set for the entity type OrgContainer. The realm entered in realmName will be used to perform the change.
| No values are available.
|
| no default
|
| newAdminId
| New ID of the administrative user. The "short name" for this new ID should not be identical to the original administrative user ID. The user ID cannot contain a space for example, user ID. On Windows, if the user ID contains a space, place quotes around the fully qualified user ID before running the task. On UNIX, if fully qualified user ID contains a space, place the fully qualified user ID in the properties file or into a parent properties file instead entering it as a flag on the command line. For example, create a parent properties file called mysecurity.properties, enter the fully qualified user ID and then run the task: ./ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties.
| Alphanumeric text string.
|
| Development configuration without security
| PortalAdminId=xyzadmin
|
| Tivoli Directory Server
| uid=,cn=users,dc=myco,dc=com
|
| Lotus Domino
| cn=,o=myco.com
|
| Novell eDirectory uid=,ou=people,o=myco.com
|
| Sun Java System Directory
| uid=,ou=people,o=myco.com
|
| Windows AD
| cn=,cn=users,dc=myco,dc=com
|
| Windows AD LDS
| cn=,cn=users,dc=myco,dc=com
|
| Windows when the fully qualified user ID contains a space
| "cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com"
|
| no default
|
| newAdminPw
| New password of the administrative user.
| Alphanumeric text string
|
| no default
|
| newAdminGroupId
| New ID of the portal administrative group.
| No values are available.
|
| no default
|