Update Administrator user ID and passwords
Overview
Passwords are stored in the WebSphere Portal and WAS configuration files. If the password for any ID is changed, for example using the portal or LDAP administration interfaces, the password value stored in the appropriate configuration file must be changed.
Change the WebSphere Portal administrator password
- Log on to WebSphere Portal as an administrator
- Select the user ID then set the new password.
Note: When I ran the command worked, the password was successfully changed, but it threw the following exception thrown
-
EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.WIMApplicationException: CWWIM4508E Virtual member manager failed to write to the '/opt/IBM/Portal/WebSphere1/wp_profile/config/cells/MBCell/fileRegistry.xml' file: 'CWWIM6009E All updates must be performed at the deployment manager and not at a managed node.'.
We can also change the Administrator password, like any other user password, using an LDAP editor.
- To change the information stored in the SearchAdminUser alias, log in to the WAS admin console, and edit...
-
Security | Global security | Authentication | Java Authentication and Authorization Service | J2C authentication data | SearchAdminUser
Update the user ID and/or password to match your WebSphere Portal administrator information.
- Change the PortalAdminPwd value in in...
WP_PROFILE/ConfigEngine/properties/wkplc.properties
Change the WAS administrator password in the file registry - managed node - file registry
In dmgr console go to...
-
Users and Groups | Manage Users
...and change passwords for both short and long names.
Stop WebSphere_Portal and the node agent, then run a syncNode...
-
./syncNode.sh mydmgr.tracfone.com 8879 -user wasadmin -password foo!
Change the WasPassword value in...
WP_PROFILE/ConfigEngine/properties/wkplc.properties
Change the WAS administrator password in the file registry - standalone
We can change the password for the WAS administrator user ID using...
- Edit My Profile portlet
- LDAP administration interface
- WAS wsadmin.sh tasks
To change a WAS admin password in the file registry using wsadmin tasks...
- Change the WAS administrator password stored in the file registry...
-
cd WP_PROFILE/bin
./wsadmin.sh -conntype NONE
$AdminTask changeFileRegistryAccountPassword -userId wpsadmin -password new_password
$AdminConfig - Update the RunAsRole for the PZN Scheduler application.
- Log on to the WAS admin console with the new password and select...
-
Applications | Application Types | WebSphere enterprise applications pznscheduler | Detail Properties | User RunAs Roles | RuleEventRunAsRole | Remove
- Enter the full DN of the WAS Administrator in the username field and the new password in the password field.
- Select RuleEventRunAsRole and then click Apply to apply the changes.
- Click OK, save the changes, and then restart the server.
- Log on to the WAS admin console with the new password and select...
Change the WAS administrator password in the LDAP server using the LDAP administration interface
If we are using the IBM Tivoli Directory Server or IBM SecureWay Security Server for z/OS and OS/390 LDAP server, we can change the IBM WAS administrator password in the LDAP server using the LDAP administration interface.
The following directions assume an LDAP tree layout where the users are all in the subtree...
-
cn=users,o=wps
When you change the WAS administrator password, you should also change it in LDAP server.
- Log in to the LDAP server Web Administration Tool and go to...
-
Directory management | Manage entries | o=wps RDN (Expand) | cn=users (Expand) | WAS_admin_user | Edit Attributes | Next | Optional attributes
- Enter the new password in the userPassword field and click OK.
- Exit the Web Administration Tool.
- Update the RunAsRole for the PZNScheduler application.
- Log on to the WAS admin console with the new password and go to...
-
Applications | Application Types | WebSphere enterprise applications | pznscheduler | Detail Properties | User RunAs Roles | RuleEventRunAsRole Remove
- Enter the fully DN of the WAS Administrator in the username field and the new password in the password field.
- Select RuleEventRunAsRole and then click Apply to apply the changes.
- Click OK, save the changes, and then restart the server.
- Log on to the WAS admin console with the new password and go to...
Replace the WAS administrator user ID
- Create a new user in the Manage Users and Groups portlet to replace the current WAS administrative user.
- Replace the old WAS administrative user with the new user:
./ConfigEngine.sh wp-change-was-admin-user -DWasUser=adminid -DWasPassword=foo -DnewAdminId=newadminid -DnewAdminPw=newpassword -DnewAdminGroupId=newadmingroupidThe -DnewAdminGroupID parameter is required only if you plan to replace the old administrative group ID.
This task verifies the user against a running server instance. If the server is stopped, to skip the validation...
- -Dskip.ldap.validation=true
- If we use an external security manager such as Tivoli Access Manager, manually remove the old administrator user ID from the external security manager.
- Stop and restart all required servers.
Replace the WebSphere Portal administrator user ID
If you change the security configuration, you may need to replace the old IBM WebSphere Portal administrator user ID with a new WebSphere Portal administrator user ID.
For IBM WCM within your clustered environment, complete these steps on every node in the cluster. If Web Content Manager is not configured, complete these steps only on the primary node.
Replace the WebSphere Portal administrator user ID
- Create a new user in the Manage Users and Groups portlet to replace the current WebSphere Portal administrative user.
- Replace the old WebSphere Portal administrative user with the new user:
cd WP_PROFILE/ConfigEngine ./ConfigEngine.sh wp-change-portal-admin-user \ -DWasPassword=foo \ -DnewAdminId=newadminid \ -DnewAdminPw=newpassword \ -DnewAdminGroupId=newadmingroupid-DnewAdminGroupId is required only if you plan to replace the old administrative group ID.
The wp-change-portal-admin-user task verifies the user against a running server instance. If the server is stopped, to skip the validation...
- -Dskip.ldap.validation=true
For z/OS, start the Customization Dialog and select...
-
Portal configuration panel | Advanced configuration tasks | Security configuration tasks | Change administrative users | Change WebSphere Portal Server administrative user | Define variables | Generate customization jobs
- Stop and restart all required servers.
- To change the information stored in the SearchAdminUser alias, log in to the WAS admin console, go to...
-
Security | Global security | Authentication | Java Authentication and Authorization Service | J2C authentication data | SearchAdminUser alias | Edit
...and set the user ID and/or password to match your WebSphere Portal administrator information.
- Synchronize the nodes...
-
System Administration | Nodes | nodes | Full Resynchronize
- If we use an external security manager such as Tivoli Access Manager, manually remove the old administrator user ID from the external security manager.
- If set the default portal administrator user ID to be used as the crawler user ID for Portal Search, adapt that crawler user ID accordingly.
See also: Manage the content sources of a search collection
Change the LDAP bind password
Change database passwords used by WebSphere Portal
If database passwords are modified or have expired, specify the new passwords on the IBM WebSphere Application Server and on the IBM DB2 Universal Database Enterprise Server Edition server so that IBM WebSphere Portal can access them. Update the database passwords in the WAS admin console and on the DB2 server.
- Ensure that the administrative server for WAS is running.
- If this is a clustered environment, start dmgr and nodes, and stop the WebSphere Portal server.
- If the VMM is using the database, update the VMM database password.
- Check if the database user has become disabled due to invalid login attempts. Re-enable the database user if necessary.
- Log in to the WAS admin console and go to...
-
Security | Global security | Java Authentication and Authorization Service | J2C Authentication Data
...and select the alias to change; for example...
- wpsDBAuth
- jcrDBAuth
- fbkDBAuth
- lmDBAuth
- wcmDBAuth
- Update the password accordingly.
- Click Apply, and then click Save to save the configuration. You are informed that security.xml has been changed.
- If we are an administrator and need to change the DB2 password, change the database administrator user password on the system.
- Stop the DB2 server.
- Use the passwd command to change the password.
- Restart the DB2 server.
- Verify the new password by running the task...
- db2 CONNECT TO WPSDB user db2admin using password
- Stop the DB2 server.
- Restart the WAS admin console.
- On the DB2 server, click...
-
Administrative Tools | Services
- Stop all running DB2 services.
- For each service that the DB2 instance uses, display the menu and select Properties.
- Select the Log On tab and change the DB2 administrator's user name and password.
If you do not change the DB2 administrator's user name and password in the properties of each DB2 service, the DB2 database application will not start.
- Repeat for each JDBC Provider, data source, and alias that is affected.
- Verify the WebSphere Portal application server is running...
- http://hostname.example.com:10039/wps/portal
Parent: Administering
See also: Syntax: User IDs and passwords