+

Search Tips   |   Advanced Search

Update the stand-alone LDAP user registry on Linux


Changing the LDAP bind password removes any existing attribute mappings. Review all existing attribute mappings before proceeding so we can re-create them after completing this task.

In a clustered environment, start the dmgr and nodeagent and verify they are able to synchronize.

If you need to rerun wp-modify-ldap-security to change the LDAP repositories or because the task failed, choose a new name for the realm using the standalone.ldap.realm parameter or set ignoreDuplicateIDs=true in wklpc.properties, before rerunning the task.


Update the stand-alone LDAP user registry

We can use WP_PROFILE/ConfigEngine/config/helpers/wp_security_xxx.properties to ensure correct properties.

  1. Edit wkplc.properties

  2. Identify the stand-alone LDAP user registry to update:

  3. Specify values as required for any parameters that begin with standalone.ldap under the Standalone LDAP repository heading in wkplc.properties. The task you run updates all stand-alone LDAP properties.

  4. Specify a new realm name in wkplc.properties.

    1. Locate the following parameter under the Standalone LDAP repository heading: standalone.ldap.realm.

    2. Specify a new realm name as the value for the parameter.

      For example, change standalone.ldap.realm=PortalDev to standalone.ldap.realm=DevPortal.

  5. Save changes to wkplc.properties.

  6. Validate the LDAP server settings...

      ./ConfigEngine.sh validate-standalone-ldap -DWasPassword=foo

    In an environment configured with an LDAP with SSL, during the validation task, you will be prompted to add a signer to the truststore.

    For example...

      Add signer to the truststore now?

    If you do, press y then Enter.


  7. Update the stand-alone LDAP user registry

    1. Run the ./stopServer.sh WebSphere_Portal -username wpadmin -password foo task from the WP_PROFILE/bin directory.

    2. ./ConfigEngine.sh wp-update-standalone-ldap -DWasPassword=foo

  8. Stop and restart servers, dmgrs, and node agents.

If you created the clustered environment, including the additional nodes, and then completed the steps in this task, run update-jcr-admin on the secondary nodes.

This task removed any attribute mappings that we added since you enabled the stand-alone LDAP user registry. Therefore, you must re-run the mapping attribute task. The instructions are located in the installing WebSphere Portal section. Choose the appropriate operating system and then the appropriate deployment option. The mapping topic is then located in the "Configuring WebSphere Portal to use a user registry" topic under Adapting the attribute configuration.


Parent: Update the user registry on Linux
Related:
Start and stop servers, dmgrs, and node agents
Enable LDAP security after cluster creation
Related:

IBM Support Portal: PK84702: Not possible to change LDAP attributes without changing realm name