Add a database user registry on IBM i in a clustered environment
Add a database user registry to the default federated repository to store user account information for authentication and authorization. We can add multiple database user registries to the default federated repository although we can only add one database user registry at a time.In a clustered environment, start the dmgr and nodeagent and verify they are able to synchronize.
Add a database user registry to the default federated repository
repeat these steps for each additional database user registry to add:Complete these steps on the primary node only.
To help ensure correct properties, we can use...
WP_PROFILE/ConfigEngine/config/helpers/wp_add_DB.properties
- Run backupConfig
- Create the IBM DB2 for i database:
- Login to a remote IBM i session.
- Enter the strsql command to start the interactive sql session.
- Enter the create schema database_name command, where database_name is the name to use for the database.
- Define the DbDriver and DbLibrary parameter values:
- cd WP_PROFILE/ConfigEngine/properties directory.
- Edit wkplc_dbtype.properties
- Set the following parameters under the appropriate database type properties heading:
- db_type.DbDriver
- db_type.DbLibrary
- Save the changes.
- Edit wkplc.properties
- Set parameters under the VMM Federated Database Properties heading:
federated.db.DataSourceName
federated.db.DbType
federated.db.DbUrl
federated.db.id
federated.db.baseDN
federated.db.DbUser
federated.db.DbPassword
federated.db.DbName
- Set SOAP request timeout...
- cd WP_PROFILE/properties
- Edit soap.client.props
- Locate com.ibm.SOAP.requestTimeout and ensure the value is greater than 1000.
- Save and close soap.client.props.
- Complete the following steps in a clustered environment:
- Run the ConfigEngine.sh wp-prep-vmm-db-secured-environment -DWasPassword=foo -DDbDomain=federated.db -Ddb_type.DmgrDbLibrary=/path/to/db/jars -DDmgrNodeName=dmgr_node_name to create the local dmgr WebSphere variable used to access the database jars.
Set db_type to your database type, for example db2_iseries. The /path/to/db/jars should be one of the following options:
- IBM DB2 for i Type 2 driver: /QIBM/ProdData/Java400/ext/db2_classes.jar
- IBM DB2 for i Type 4 driver: /QIBM/ProdData/HTTP/Public/jt400/lib/jt400.jar
- Include each node name as a comma separated list in the command:
Run the task: You do not have to run this task more than once. We can run this task from any node in the cluster.
- Set the property value for federated.db.DbType if using a database user registry or if the cell is migrated from a previous version and set the property value for la.DbType if using a property extension database in wkplc.properties.
- Run the ConfigEngine.sh wp-node-prep-vmm-db-secured-environment -DWasPassword=foo -DDbDomain=federated.db -DVmmNodeName=node_name -Ddb_type.NodeDbLibrary=/path/to/db/jars on each node to create the variable used to access the VMM database jars.
VmmNodeName is a list of one or more nodes names in the cell which share the same database driver paths. The db_type in db_type.NodeDbLibrary should be set to the type of database we are using, for example db2.
- IBM DB2 for i Type 2 driver: /QIBM/ProdData/Java400/ext/db2_classes.jar
- IBM DB2 for i Type 4 driver: /QIBM/ProdData/HTTP/Public/jt400/lib/jt400.jar
- Stop and restart all necessary servers to propagate the changes.
- Run the ConfigEngine.sh wp-create-db -DWasPassword=foo task, from WP_PROFILE/ConfigEngine, to add a database user registry to the default federated repository.
Users who are not in an LDAP do not have awareness and cannot see if other users are online. This can happen if you install WebSphere Portal and then enable a Federated LDAP or Federated database user repository that does not contain that user. Also, users who sign up using the Self Care portlet do not have awareness.
- Stop and restart servers, dmgrs, and node agents.
- To update the user registry where new users and groups are stored:
If we are using multiple LDAP user registries and/or a database user registry, only run this task for the user registry to define as the default user registry where new users and groups are stored.
- Edit wkplc.properties
- Set the following required parameters under the VMM supported entity types configuration heading:
The parameters groupParent and personAccountParent must be set to the same value.
For example:
- personAccountParent=dc=myco,dc=com
- groupParent=dc=myco,dc=com
- Save changes to wkplc.properties.
- Run the ConfigEngine.sh wp-set-entitytypes -DWasPassword=foo task, from WP_PROFILE/ConfigEngine, to delete the old attributes before adding the new attributes.
- Stop and restart all necessary servers to propagate the changes.
- Optional: Run the ConfigEngine.sh wp-query-repository -DWasPassword=foo task, from WP_PROFILE/ConfigEngine, to list the names and types of configured repositories.
If you created a cluster, including additional nodes, and then completed the steps in this task, run update-jcr-admin on the secondary nodes.
Parent: Configure the default federated repository on IBM i in a clustered environment
Related:
Start and stop servers, dmgrs, and node agents
Enable LDAP security after cluster creation