Change from a stand-alone repository to a federated repository on IBM i

Change from a stand-alone repository to a federated repository on IBM i

If you originally configured a standalone LDAP user registry but find that you need a more robust security configuration, we can change to the federated user repository.
In a clustered environment, start the dmgr and nodeagent and verify they are able to synchronize.

Change from a standalone LDAP user registry to a federated repository

To ensure correct properties, use...
WP_PROFILE/ConfigEngine/config/helpers/wp_security_federated.properties

In the following instructions, where the step refers to wkplc.properties, use the wp_security_federated.properties helper file.

Edit wkplc.properties

Set the following required parameters under VMM Federated repository properties:

federated.primaryAdminId
federated.realm
federated.serverId
federated.serverPassword

Save changes to wkplc.properties.

Run the ConfigEngine.sh wp-modify-federated-security -DWasPassword=foo -Dskip.ldap.validation=true task, from WP_PROFILE/ConfigEngine, to change the configuration to use a federated repository.

Stop and restart servers, dmgrs, and node agents.

If you created the clustered environment, including the additional nodes, and then completed the steps in this task, run update-jcr-admin on the secondary nodes.

Parent: Update the user registry on IBM i
Related:
Start and stop servers, dmgrs, and node agents
Enable LDAP security after cluster creation