wkplc.properties

wkplc.properties

The wkplc.properties file is read by ConfigEngine tasks when setting portal properties.
When specifying values:

Do NOT enclose any value in quotes. This will cause a failure in the ConfigEngine tasks.
Windows paths must use a forward slash (/) instead of a backward slash. A backward slash is an escaped character.
Windows long paths are acceptable.
Properties are immutable. Once set, they cannot be changed when a configuration task is running.
Property values can be defined on the command line, in this property file, and in a build file.

First the task checks the command line values, so specifying (-DMyNode=somenode) takes precedence.
Second, the task checks the property file values.
Third, the task checks the build file property values.

Values

WasSoapPort

Description
The port used to connect to the WAS with remote connections.
Default value
10005
Examples
None available

WasRemoteHostName

Description
The host name of the remote server that connects to WebSphere Application Server. Enter the host name including the domain, such as my_host.mydomain.com
Default value
@your_host@
Examples

RegistrySynchronized

Description
Tells the system if the registry is synchronized or not. Should never be modified unless a forced synchronization is necessary.
Valid values
true
false
Default value
true
Examples
None available

General properties

2.1. WAS properties

Provide information about the WAS used in the WebSphere Portal stack.

VirtualHostName

Description
The name of the WAS virtual host.
Default value
default_host
Examples
None available

WasUserid

Description

User ID used for WAS security authentication. Type the value in lower case, regardless of the case used in the distinguished name (DN).
For an LDAP configuration:

The ID cannot contain spaces

The ID is the fully qualified distinguished name (DN) of a current administrative user for the WAS.

For a configuration using a Virtual Manager User Registry database, the short version of the distinguished name must be used.
Default value
wpsadmin
Examples
None available

WasPassword

Description
The password for the user ID specified for WAS security authentication. If we use the command line interface, the password can be specified in this file or we can provide the password using the -DWasPassword parameter.
Default value
No default value
Examples
None available

WasHome

Description
Type the directory path to where WAS product files are installed. Use forward slashes (/) to delimit elements in the path.
Default value
@was.root@
Examples
/usr/IBM/WebSphere/AppServer

WasUserHome

Description
The directory where WAS user data (profile) is created. The installation program sets this value based on user information provided during installation. Use forward slashes (/) to delimit elements in the path.
Default value
@was.user.root@
Examples
/usr/WebSphere/wp_profile

CellName

Description
The name of the WAS cell where the application server is located.
Default value
@CellName@
Examples
None available

NodeName

Description
The node within the WAS cell where the WAS is located. This value must be unique among other node names in the same cell. Typically this value is the same as the host name for the computer.
Default value
@NodeName@
Examples
None available

ServerName

Description
The name of the application server where the WebSphere Portal application is deployed. This value must be unique among other application server names in the same cell.
Default value
WebSphere_Portal
Examples
None available

WasAdminServer

Description
The name of the application server for administration.
Default value
server1
Examples
server1

LTPAPassword

Description
Password to encrypt and decrypt the LTPA keys.
Default value
No default value
Examples
None available

wasJvmBitType

Description
This value is a Solaris specific property that specifies whether to use the 64 bit or 32 bit JVM.
Default value
sparc32
Examples
32bit JVM: sparc32, x86, or ia32
64 bit JVM: sparc64 or x64

2.2. WebSphere Portal configuration properties

Provide basic information about WebSphere Portal, such as installation directory, ports numbers, user IDs and passwords, and more.

WpsInstallLocation

Description
The directory where WebSphere Portal is installed. Use forward slashes (/) to delimit elements in the path.
Default value
/usr/IBM/WebSphere/PortalServer
/opt/IBM/WebSphere/PortalServer
/QIBM/ProdData/WebSphere/PortalServer/V85/Server
/QIBM/ProdData/WebSphere/PortalServer/V85/Express
/opt/IBM/WebSphere/PortalServer
/opt/IBM/WebSphere/PortalServer
c:/IBM/WebSphere/PortalServer
Otherwise: c:/IBM/WebSphere/Portal
Examples
/usr/IBM/WebSphere/PortalServer

WpsHostName

Description
The fully qualified WebSphere Portal host name or the name of the Web server that WAS is configured to use. Set by the installation program based on user input during installation.
Default value
localhost
Examples
The host is :

WpsHostPort

Description
The transport port number used to access the host machine identified by the WpsHostName property.
Default value
80
Examples
The port is 80:

PortalAdminId

Description
This ID is the short name for the initial WebSphere Portal administrator user account. This name is used to create a full Distinguished Name (DN), used to create an account in the VMM file-based repository. If the ID includes spaces, then we must take extra steps to enter it on the command line using the -D parameter. (UNIX only)For command line tasks, if you provide the ID using the -D parameter, some tasks require entered the fully qualified user DN. If the fully qualified user DN contains a space, we cannot provide the DN using the -D parameter. For example, if your DN is...
cn=wpsadmin,cn=users,o=Software Group,dc=myco,dc=com

...then place the DN in the properties file or a parent properties file. If we create a parent properties file named mysecurity.properties, they we would run:
./ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties.

An example of the DN provided using the -D parameter is:
ConfigEngine.bat task_name -DuserID="cn=wpsadmin,cn=users,o=Software Group,dc=myco,dc=com"

A valid user ID contains only ASCII characters and can contain the following characters:

Lowercase characters {a-z} and uppercase characters {A-Z}
Numbers {0-9}
Exclamation point {!}, Hyphen {-}, period {.}, question mark {?}, accent grave {`}, tilde {~} Open parenthesis {(}, and
close parenthesis {)}
Open bracket {[} and close bracket {]}
Underscore {_}, which is the only special character allowed in IBM i

Default value
wpsadmin
Examples
None available

PortalAdminPwd

Description
The initial password for the WebSphere Portal administrator ID. The password cannot contain spaces. The password cannot be longer than 128 characters.
A valid password contains only ASCII characters and can contain the following characters:

Lowercase characters {a-z} and uppercase characters {A-Z}
Numbers {0-9}
Exclamation point {!}, Hyphen {-}, period {.}, question mark {?}, accent grave {`}, tilde {~} Open parenthesis {(}, and
close parenthesis {)}
Open bracket {[} and close bracket {]}
Underscore {_}, which is the only special character allowed in IBM i

Default value
No default value
Examples
None available

PortalAdminGroupId

Description
The fully qualified Distinguished Name (DN) for the WebSphere Portal Administrator group. Type the value in lowercase, regardless of the case used in the DN.
Default value
wpsadmins
Examples
Windows Active Directory: cn=,cn=groups,dc=myco,dc=com
Windows Active Directory-Lightweight-Directory-Services: cn=,cn=groups,dc=myco,dc=com
Custom user registry: cn=wpsadmins,o=default organization
IBM Tivoli Directory Server: cn=,cn=groups,dc=myco,dc=com
Lotus Domino: cn=
Oracle Directory Server: cn=,ou=groups,o=myco.com
Novell eDirectory: cn=,ou=groups,o=myco.com
Development configuration without security: wpsadmins

PortalUniqueID

Description
The value is used for the object ID creation mechanism and must be different for each node. The ID is 12 hex digits unique to this WebSphere Portal instance. It is usually a MAC address from a communications adapter on this node. Only nodes that run in one server can have the same PortalUniqeID.
Default value
00054E48AA0C
Examples
None available

WpsContextRoot

Description
All URLs that begin with this path are reserved for WebSphere Portal. The value of this property is part of the URL used to access WebSphere Portal from a browser. Example URL if the context root is wps: http://localhost:80/wps/portal
Default value
wps
Examples
Context root: : wps

WpsHostBasePort

Description
Required for IBM i only. Specify the port block to use for WebSphere Portal Server.
Default value
10000
Examples
None available

SMFLibrary

Description
Required for z/OS only. The library where the ifaedjreg.jar file resides
Default value
No default value
Examples
None available

SMFNativeLibrary

Description
Required for z/OS only. The library where the SMF DLLs reside.
Default value
No default value
Examples
None available

ServerShortName

Description
Required for z/OS only. The server's jobname, as specified in the MVS START command JOBNAME parameter. JOBNAME is the name of the task or script that runs when the server is running. MVS (Multiple Virtual Storage) is the name of the operating system that runs on the mainframe. The value is passed as a parameter to the server's start procedures to specify the location of the server's configuration files and identify the server to certain WebSphere for z/OS- exploited z/OS facilities (for example, SAF). The name must be seven or fewer characters and all uppercase.
Default value
BBOS002
Examples
SAF

ClusterTransitionName

Description
Required for z/OS only. The cluster transition name of the WLM APPLENV (WLM application environment) name for this server. The name must be eight or fewer characters and all uppercase.
Default value
BBOC002
Examples
None available

WpsSMPEHomeDirectory

Description
Required for z/OS only. The location of the SMP/E installation image for the WebSphere Portal SMP/E package.
Default value
No default value
Examples
None available

TransferDomainList

Description
Required for database transfer
The list of database 'domains' that will be transferred by the database-transfer process. Should not be altered unless to include or exclude specific domains from the transfer process. To enter multiple values, use a comma to separate each value, for example "value1,value2".
Valid values
release
community

customization

jcr

feedback

likeminds

Default value
release,community,customization,jcr,feedback,likeminds
Examples
None available

WebSphere Portal cluster properties

The following properties are used if we have a clustered environment.

ClusterName

Description
Type a name for the cluster. Do not use spaces or special characters in the cluster name.
Default value
PortalCluster
Examples
None available

PushFrequency

Description
Specify the time, in seconds, to wait before pushing new or modified cache entries to other servers. Enter a value of 1 or greater.
Default value
1
Examples
None available

ReplicationType

Description
Set the global sharing policy for this application server. Type NONE if we do not want to share cache among different application servers. Only invalidation events are shared among servers in the replication domain. NONE is the equivalent of NOT_SHARED in the WebSphere Application Server Integrated Solutions Console.
Type PUSH to share cache. Cache insertions, both the cache ID and the content, are distributed to other nodes in the cluster as they are inserted into the cache on any node.
Type PUSH_PULL to share the cache ID but not the cache content. Cache content is pulled by other servers as needed.
Valid values
NONE
PUSH
PUSH_PULL
Default value
NONE
Examples
None available

PrimaryNode

Description
Set the value to true if we are on the primary node and to run tasks on the primary node. Set the value to false if we are on a secondary node and to run tasks on secondary nodes.
Valid values
true
false
Default value
true
Examples
None available

Step-up authentication properties

Step-up authentication allows for different types of authentication, with different trust levels or "strength of authentication". Different pages and portlets can be configured to require different trust levels in order to access those pages and portlets.

sua_user

Description
The key used to encrypt the Cookie information. The value does not need to match to a real user.
Default value
No default value
Examples
myname

sua_serversecret_password

Description
The encryption key for the information used in the RememberMe cookie, which is part of the step-up authentication. This does not need to be an existing password. For example, use mypassword as the value.
Default value
No default value
Examples
None available

enable_rememberme

Description
This value defines if the Remember me cookie should be enabled when the enable-stepup-authentication task is run.
Valid values
true
false
Default value
true
Examples
None available

disable_rememberme

Description
This value defines if the Remember me cookie should be disabled when the disable-stepup-authentication task is run.
Valid values
true
false
Default value
true
Examples
None available

Virtual portal configuration properties

Configuration tasks using the virtual portal configuration properties include: create-virtual-portal, delete-virtual-portal, modify-virtual-portal, list-all-virtual-portals

VirtualPortalTitle

Description
If we are creating a virtual portal, enter the name of the new virtual portal. If we are deleting or modifying a virtual portal, enter the name of virtual portal to delete or modify.
Default value
No default value
Examples
None available

VirtualPortalRealm

Description
Type the realm to use for the virtual portal defined for the VirtualPortalTitle property.
Default value
No default value
Examples
None available

VirtualPortalHostName

Description
Type the DNS of the virtual portal. The virtual portal can be referenced by the DNS name instead of the URL prefix. When the value is left blank, a virtual portal uses the common DNS name for all portals.
Default value
No default value
Examples
None available

VirtualPortalContext

Description
Type the unique portal context that must be provided for the Virtual Portal. If we set the host name parameter (VirtualPortalHostName), the portal context is ignored. A virtual portal can either be accessed by a DNS/Host name or a URL prefix. When both a DNS/Host name and URL prefix are provided, the DNS/Host name is used for VirtualPortalContext.
Default value
No default value
Examples
None available

VirtualPortalNlsFile

Description
Optional: Create a globalization file to specify titles and descriptions in other languages for your virtual portal. If we do not specify a globalization file, the system creates the virtual portal with the title specified for the VirtualPortalTitle parameter. Titles and descriptions are not created for other languages. Type the path and filename of an NLS file which contains language specific information for the Virtual Portal.
The virtual portal title defined in the in the national language support (NLS) file, also called globalization file, overrides the value that you provide for the VirtualPortalTitle property. To create a description for the virtual portal, we must specify it in the globalization file.
To modify the title or description of the virtual portal, we have to add the new title and description to the globalization file.
Do not use prefixes in that globalization file.
Default value
No default value
Examples
None available

VirtualPortalObjectId

Description
The object ID of the virtual portal. The object ID is required to modify and delete virtual portals. To determine object ID, run the following task: list-all-virtual-portals. Do not delete the default virtual portal. The object ID for the default Virtual Portal ends with _0.
Default value
No default value
Examples
None available

General security properties

ignoreDuplicateIDs

Description
Set to true to recover from an incomplete LDAP repository creation if the repository cannot be deleted.
Valid values
true
false
Default value
false
Examples
None available

trimSpaces

Description
Set to false and add the attribute to the security ANT target in order to contain trailing spaces of attributes defined in this file. Set the value to true and the system will remove spaces in any of the values we have specified.
Valid values
true
false
Default value
true
Examples
None available

Federated security properties

7.1. Add or update an LDAP

Use the properties in this section to create (wp-create-ldap) or update (wp-update-federated-ldap) the LDAP configuration in virtual member manager (VMM). If we are updating the LDAP configuration, the federated.ldap.id and federated.ldap.host must match the repository to update.

federated.ldap.id

Description

Set a unique identifier for the repository within the cell. For the task wp-create-ldap, the ID can be an arbitrary string to name the new repository definition. For the task wp-update-federated-ldap, the ID must be the ID of the existing repository definition to update.
Characters that are not allowed in normal XML strings cannot be used in the repository ID. The ID can contain only the following characters: Alphanumeric (a-z, A-Z, 0-9), dash (-), and underscore (_). It cannot start or end with a dash (-) or an underscore (_), and must be a minimum of 3 characters and a maximum of 36 characters in length.
Default value
No default value
Examples
myldapid

federated.ldap.host

Description
Host name of the primary LDAP server. Type either an IP address or a domain name service (DNS) name. If multiple load-balanced LDAP servers are in use, enter the host name of the load balancer. During an update, the value of federated.ldap.host must match the LDAP host name of the existing repository named by the federated.ldap.id property NOTE: It is not possible to use the wp-update-federated-ldap task to change the host name of an existing LDAP repository definition. To do that, delete the old repository definition and add a repository definition by running the wp-create-ldap task again.
Default value
No default value
Examples
..com

federated.ldap.port

Description
Type the LDAP server port. Typically, port values for the LDAP protocol are 389 for non-encrypted traffic, and 636 for encrypted traffic.
Default value
federated.ldap.sslEnabled=false: 389
federated.ldap.sslEnabled=true: 636
Otherwise: 389
Examples
None available

federated.ldap.bindDN

Description

Default value
No default value
Examples
Windows Active Directory: cn=administrator,cn=users,dc=domain,dc=myco,dc=com
Windows Active Directory-Lightweight-Directory-Services: cn=administrator,cn=users,dc=domain,dc=myco,dc=com
Custom: cn=user,dc=myco,dc=com or uid=user,dc=myco,dc=com
IBM Tivoli Directory Server: cn=root
Domino LDAP: cn=username
Oracle Directory Server: cn=Directory Manager
Novell eDirectory: cn=administrator,ou=yourorganization,o=myco
IBM Directory Server: uid=wpsadmin,cn=users,dc=myco,dc=com

federated.ldap.bindPassword

Description
Type the password for the federated.ldap.bindDN user account.
Default value
No default value
Examples
None available

federated.ldap.ldapServerType

Description
Type the value for the LDAP server to integrate with.
Valid values
AD
ADAM
CUSTOM
DOMINO
IDS6
ZOSDS
NDS
SUNONE
Default value
IDS6
Examples
Microsoft Active Directory: AD
Microsoft Active Directory - Lightweight Directory Services: ADAM
Custom: CUSTOM
IBM Lotus Domino: DOMINO
IBM Tivoli Directory Server: IDS6
IBM Tivoli Directory Server for z/OS: ZOSDS
Novell eDirectory: NDS
Oracle Directory Server or SunOne: SUNONE

federated.ldap.baseDN

Description
Specify the point in the LDAP directory information tree (DIT) that serves as the "root" of the portal server's view. WebSphere Portal has visibility only of users and groups that are descendant's of this point in the DIT.
Default value
No default value
Examples
dc=myco,dc=com

7.1.1. Group and PersonAccount entity types

This section contains properties that tell VMM and Portal about the objectclasses and other LDAP attributes of the entity types. The supported entity types for Portal are Group and PersonAccount. VMM supports additional entity types, but Portal does not make use of them. The properties that are important for the 2 entity types are:

Group entity type:

default objectClasses = groupOfNames

default objectClassesForCreate = groupOfNames

default searchFilter =<empty>

default searchBases = <empty>

PersonAccount entity type:

default objectClasses = inetOrgPerson

default objectClassesForCreate = inetOrgPerson

default searchFilter = <empty>

default searchBases = <empty>

7.1.2. LDAP properties for Group member attributes

Provide information used to add or update the federated LDAP Group entity type.

federated.ldap.et.group.objectClasses

Description
Specify one or more object classes for the group entity type. Separate multiple object classes with a semicolon(;). Use object classes unique to groups only. If there are both users and groups with an objectclass of 'top', then we cannot use the object class 'top' here.
Default value
federated.ldap.ldapServerType=IDS6: groupOfUniqueNames
federated.ldap.ldapServerType=AD: group
federated.ldap.ldapServerType=ADAM: group
federated.ldap.ldapServerType=DOMINO: dominoGroup
federated.ldap.ldapServerType=SUNONE: groupOfUniqueNames
federated.ldap.ldapServerType=SUNONE: groupOfUniqueNames
federated.ldap.ldapServerType=NDS: groupOfNames
Otherwise: groupOfUniqueNames
Examples
IBM Tivoli Directory Server: groupOfUniqueNames
Microsoft Active Directory: group
Microsoft Active Directory - Lightweight Directory Services: group
IBM Lotus Domino: dominoGroup
Oracle Directory Server: groupOfUniqueNames
SunOne: groupOfUniqueNames
Novell eDirectory: groupOfNames

federated.ldap.et.group.objectClassesForCreate

Description
Type one or more object classes to use when an entity type is created. Separate multiple object classes with a semicolon(;). If the value of this property is the same as the federated.ldap.et.group.objectClasses property, then we do not need to type a value for this property. If the LDAP is read-only, meaning portal is not allowed to write to it, then we do not need to type a value for this property.
Type one or more object classes to use when an entity type is created. Separate multiple object classes with a semicolon(;).
If the value of this field is the same as the LDAP group objectclasses, then leave this field empty.
If the LDAP is read-only, meaning portal is not allowed to write to it, then leave this field empty.
Default value
No default value
Examples
(Multiple group objectClasses): groupOfUniqueNames;myPortalObjectClass

federated.ldap.et.group.searchFilter

Description

VMM uses this filter during search requests for groups to the LDAP Server. Leave this property value blank, unless the LDAP group definitions are unusually complex. If the property value is blank, VMM dynamically formulates the filter based on the directory type and the objectclasses set for the entity type. For example, if the objectclass of the group entity is "groupOfUniqueNames" and the naming attribute for a group is "cn", then the default filter would be: (&(cn=*)(objectClass=groupOfUniqueNames))
If we do need to specify the search filter for VMM to use to search for groups, the syntax is like a standard LDAP search filter.
Default value
No default value
Examples
(&(cn=*)(objectClass=myCustomGroupObjectClass))

federated.ldap.et.group.searchBases

Description
VMM performs a search operation for each search base entered, which affects performance. Minimize the number of search bases. Leave the value blank and VMM uses the baseEntries as the search bases that are configured for this repository. Specify one or more search bases if we need to limit where VMM searches for groups to the portion of the subtree below the baseEntries. For example, if the baseEntries are high up in the LDAP tree and a search returns results that should not be included. Separate multiple search bases with a semicolon (;).
If we use the portal configuration tools, it is only possible to create one base entry as specified by the federated.ldap.baseDN property. However, WAS allows multiple base entries per repository definition.
For multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. To ensure that virtual portals without realm assignments remain functional, keep the search base in sync with the nodes where we want the search to start.
Default value
No default value
Examples
Multiple group search bases: "cn=groups1,dc=myco,dc=com;cn=groups2,dc=myco,dc=com"

federated.ldap.et.personaccount.objectClasses

Description
Type one or more object classes for the entity type. Use object classes unique to users. If there are both users and groups with an objectclass of 'top', then we cannot use the object class 'top' here. Separate multiple object classes with a semicolon (;).
Default value
federated.ldap.ldapServerType=IDS6: inetOrgPerson
federated.ldap.ldapServerType=AD: user
federated.ldap.ldapServerType=ADAM: user
federated.ldap.ldapServerType=DOMINO: dominoPerson
federated.ldap.ldapServerType=SUNONE: inetOrgPerson
federated.ldap.ldapServerType=SUNONE: inetOrgPerson
federated.ldap.ldapServerType=NDS: inetOrgPerson
Otherwise: inetorgperson
Examples
IBM Tivoli Directory Server: inetOrgPerson
Microsoft Active Directory: user
Microsoft Active Directory - Lightweight Directory Services: user
IBM Lotus Domino: dominoPerson
Oracle Directory Server: inetOrgPerson
SunOne: inetOrgPerson
Novell eDirectory: inetOrgPerson

federated.ldap.et.personaccount.objectClassesForCreate

Description
Specify one or more object classes to use when an entity type is created. If the value of this property is the same as the federated.ldap.et.personaccount.objectClasses property, leave this value blank. If the LDAP is read-only, meaning portal is not allowed to it, leave this value blank. Separate multiple object classes with a semicolon(;).
Default value
No default value
Examples
Multiple PersonAccount objectClasses: inetOrgPerson;myPortalObjectClass

federated.ldap.et.personaccount.searchFilter

Description

VMM uses this filter during search requests for groups to the LDAP Server. Leave this property value blank, unless the LDAP group definitions are unusually complex. If the property value is blank, VMM dynamically formulates the filter based on the directory type and the objectclasses set for the entity type. For example, if the objectclass of the PersonAccount entity is "inetOrgPerson" and the naming attribute for a user is "uid" then the default filter would be: (&(uid=*)(objectClass=inetOrgPerson))
If we do need to specify the search filter for VMM to use to search for groups, the syntax is like a standard LDAP search filter.
Default value
No default value
Examples
(&(cn=*)(objectClass=myCustomPersonAccountObjectClass))

federated.ldap.et.personaccount.searchBases

Description
VMM performs a search operation for each search base entered, which affects performance. Minimize the number of search bases. Leave the value blank and VMM uses the baseEntries as the search bases that are configured for this repository. Specify one or more search bases if we need to limit where VMM searches for groups to the portion of the subtree below the baseEntries. For example, if the baseEntries are high up in the LDAP tree and a search returns results that should not be included. Separate multiple search bases with a semicolon (;).
If we use the portal configuration tools, it is only possible to create one base entry as specified by the federated.ldap.baseDN property. However, WebSphere Application Server allows multiple base entries per repository definition.
For multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. To ensure that virtual portals without realm assignments remain functional, keep the search base in sync with the nodes where we want the search to start.
Default value
No default value
Examples
Multiple PersonAccount search bases: "cn=users1,dc=myco,dc=com;cn=users2,dc=myco,dc=com"

federated.ldap.gm.groupMemberName

Description
Type the LDAP attribute used as the group member attribute. Attribute within the group object that lists the members of that group.
Default value
federated.ldap.ldapServerType=AD: member
federated.ldap.ldapServerType=ADAM: member
Otherwise: uniqueMember
Examples
For groups of objectclass groupOfUniqueNames: uniqueMember
For groups of objectclass groupOfNames: member

federated.ldap.gm.objectClass

Description
Type the group object class containing the member attribute. If we do not enter a group object class, the member attribute applies to all group object classes.
Default value
federated.ldap.ldapServerType=AD: group
federated.ldap.ldapServerType=ADAM: group
Otherwise: groupOfUniqueNames
Examples
groupOfNames
groupOfUnqiueNames
group

federated.ldap.gm.scope

Description
Set the scope of the member attribute. This is similar to the scope setting for the membership attribute (which is the attribute on the user object that tells what groups the user is a member of), but in this case it tells VMM about the scope of the member record in the group object that tells what users are members of the group. Set the value to direct if the LDAP member attribute in the LDAP server's group objects contains direct members only. Set the value to nested if the LDAP member attribute in the LDAP server's group objects contains direct members and nested members. Note: It is very unusual for this to be anything other than "direct".
Valid values
direct
nested
Default value
direct
Examples
None available

federated.ldap.gm.dummyMember

Description
Many directory servers do not allow the creation of an empty group, meaning a group with no members. A dummy member enables group creation without requiring the creator to specify the first group member at the same time. When a group is created, a dummy member is created to satisfy the directory requirement. For Novell eDirectory, Oracle Directory Server, and Windows Active Directory the dummy member must be empty or point to an existing entry in the LDAP.
Default value
federated.ldap.ldapServerType=AD:
federated.ldap.ldapServerType=ADAM:
federated.ldap.ldapServerType=SUNONE:
federated.ldap.ldapServerType=NDS:
Otherwise: uid=dummy
Examples
None available

7.1.3. Advanced properties for Group configuration

Provide information used to add or update the federated LDAP user registry. The properties in this section are not always needed, depending on how the LDAP user registry is set up and the particular use cases. The federated.ldap.gc.name, federated.ldap.gc.updateGroupMembership, and federated.ldap.gc.scope properties can be set before running the wp-create-ldap task initially. Or, the group configuration can be added to an existing registry instance by setting the gc.ldap.id, gc.name, gc.scope, and gc.updateGroupMembership properties and running the wp-create-ldap-groupconfig task.

federated.ldap.gc.name

Description
A membership attribute is an alternative way of getting group membership information from the LDAP user registry. Leave the field empty if the LDAP does not support the group membership attribute.
Type the LDAP name of an attribute or virtual attribute in a user object that lists the groups of which that user is a member.
A membership attribute is an attribute within the user object containing the list of groups the user is a member of. Many LDAP registries support the group memebership attribute. Also, each user registry implements the group membership attribute differently.
In some cases, the membership attribute is not persisted with the user record. Instead, it is calculated on demand.
In some cases, the membership attribute includes all groups, such as nested groups, dynamic groups, and static groups. If the LDAP implementation includes all groups memberships, then it is more efficient to use a membership attribute instead of manually requesting the information from a client. For more information about when to use the attribute, see the federated.ldap.gc.scope property.
We do not need to use nested or dynamic groups to use a membership attribute. If the directory uses only non-nested, static group memberships, use the standard group membership query method.
Default value
federated.ldap.ldapServerType=IDS6: ibm-allGroups
federated.ldap.ldapServerType=AD: memberOf
federated.ldap.ldapServerType=ADAM: memberOf
federated.ldap.ldapServerType=DOMINO: dominoAccessGroups
federated.ldap.ldapServerType=SUNONE: isMemberOf
federated.ldap.ldapServerType=NDS: groupMembership
federated.ldap.ldapServerType=ZOSDS: ibm-allGroups
Examples
IBM Tivoli Directory Server: ibm-allGroups
Microsoft Active Directory: memberOf
Microsoft Active Directory - Lightweight Directory Services: memberOf
IBM Lotus Domino: dominoAccessGroups
Oracle Directory Server: isMemberOf
SunOne (versions prior to 6.3): nsrole
Novell eDirectory: groupMembership

federated.ldap.gc.updateGroupMembership

Description
Updates the group membership if the member is deleted or renamed. Some LDAP servers, such as IBM Lotus Domino, do not clean up the membership of the user when a user is deleted or renamed. If we choose an LDAP server that does not clean up memberships, then the value of this property is set to true to enable membership cleanup.
Valid values
true
false
Default value
false
Examples
None available

federated.ldap.gc.scope

Description
This property tells VMM how much information the LDAP server returns when portal requests the group membership attribute value for a user object.
Set the value to all if the membership attribute contains a complete list of all possible group memberships for a user, already including consideration for group nesting, dynamic memberships, and static direct group memberships.
Set the value to direct if the membership attribute contains only direct static group memberships, but not dynamic or nested group memberships.
Set the value to nested if the membership attribute contains both direct static memberships and memberships from groups that are nested within other groups. Dynamic group memberships are not included. We can configure VMM to additionally resolve dynamic group memberships. To configure dynamic group support, you must use the Integrated Solutions Console.
The Virtual Member Manager (VMM) component within WAS uses this setting to determine what it needs to do to build a sufficiently complete list of group memberships for a user. Setting this parameter to accurately reflect the LDAP registry is important for both performance and correct operation. If the LDAP provides a complete set of group memberships, including nested groups, dynamic groups, and static direct groups, set the scope attribute to all. Otherwise, VMM redundantly resolves the nested group memberships.
Conversely, if the registry provides only direct group memberships, but group nesting is used in the application and directory, then set the scope property to direct. Otherwise, VMM fails to do the required work needed to complete the group membership list. As a result the full set of groups necessary for the application to operate correctly is not available.
Portal asks VMM to retrieve nested group membership information from the LDAP registry. If the security policy and LDAP registry are not set up to use nested groups, then set accessControlDataManagement.enableNestedGroups to false in the Access Control Data Management Service.
Valid values
all
direct
nested
Default value
direct
Examples
None available

federated.ldap.adapterClassName

Description
The implementation class name for the repository adapter.
Default value
com.ibm.ws.wim.adapter.ldap.LdapAdapter
Examples
None available

federated.ldap.supportSorting

Description
This value indicates if sorting is supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.ldap.supportTransactions

Description
This value indicates if transactions are supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.ldap.isExtIdUnique

Description
Specify if the external ID is unique.
Valid values
true
false
Default value
true
Examples
None available

federated.ldap.supportExternalName

Description
Specifies if external names are supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.ldap.sslEnabled

Description
Specify whether secure socket communication is enabled to the LDAP server. If we set the value to true, SSL settings for LDAP are used.
Valid values
true
false
Default value
false
Examples
None available

federated.ldap.sslConfiguration

Description
If we choose to use SSL for the LDAP server connection, use this field to specify a WAS security configuration other than the default, for the encryption setup. To find SSL configuration names open the Integrated Solutions Console and go to Security->SSL certificate and key management, and under Related Items, select SSL configurations. If we leave the value blank, then the default SSL configuration set in WAS is used.
Default value
No default value
Examples
mySSLconfig

federated.ldap.certificateMapMode

Description
Specify the certificate map mode to use if client certificate authentication is used for WebSphere Portal. Select whether to map X.509 certificates into an LDAP directory by exact DN or certificate filter. If we set the value as CERTIFICATE_FILTER, then we must also specify the filter mapping in the federated.ldap.certificateFilter property. If we select EXACT_DN, then the DN in the certificate must exactly match the user entry in the LDAP server, including case and spaces.
Valid values
EXACT_DN
CERTIFICATE_FILTER
Default value
EXACT_DN
Examples
None available

federated.ldap.certificateFilter

Description
Specifies the filter certificate mapping property for the LDAP filter if client certificate authentication is used for WebSphere Portal. The filter is used to map attributes in the client certificate to entries within the LDAP repository. To use this filter, the value for federated.ldap.certificateMapMode must be set to CERTIFICATE_FILTER. Filter syntax: ${Client certificate attribute}
Default value
No default value
Examples
uid=${SubjectCN}

federated.ldap.supportPaging

Description
This value indicates if paging is supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.ldap.authentication

Description
Select the authentication method to use. This corresponds to the "bind method" used by VMM to validate the password for a user during log in. NOTE: VMM currently only supports the Simple method.
Default value
simple
Examples
None available

federated.ldap.loginProperties

Description
The property name used to log in. Usually the login property is the first RDN of the user object DN, such as "uid" or "cn". However, it is possible to log in with some other LDAP attribute. For example, it is possible use an email address to log in, even if the email address is not part of the DN of the user. The only requirement is that any property used here is defined in the PersonAccount entity schema, and if necessary, is mapped to the corresponding underlying LDAP server attribute. It is possible to specify multiple login attributes by delimiting the entries with a semi-colon, for example "uid;mail". When we specify multiple properties, users can log in using any of the listed attributes.
Default value
uid
Examples
Common Name: : cn
Unique ID: : uid

federated.ldap.referral

Description
A referral occurs when the information requested from the LDAP server is stored in another LDAP server. When a referral occurs, we can select to ignore it or to retrieve the information from the other LDAP. Select Follow if the LDAP should attempt to retrieve the information.
Valid values
ignore
follow
Default value
follow
Examples
None available

federated.ldap.derefAliases

Description

This value is required if "federated.ldap.referral=follow". An alias occurs when the information requested from the LDAP is stored in another LDAP. The returned value is an alias for the information stored in the other LDAP. We can select to retrieve the actual value, instead of the alias. Retrieval the actual value is referred to as dereferencing the alias. Select the dereferencing method that we would like to use.

Set the value to never and the alias entries that are encountered during the search operation are processed as 'normal' entries. The alias entries are returned if they match the search filter.

Set the value to always and the alias entries that are encountered during the search operation, in both the search base and entries within the scope of the search, are dereferenced.

Set the value to finding and the LDAP dereference the search base entry but does not dereference any other alias entries within the search scope. Alias entries within the search scope of the dereferenced base are processed as 'normal' entries and are returned if they match the search filter.

Set the value to searching and the LDAP dereferences alias entries within the scope of the search but does not dereference the search base entry (if it contains an alias). The search base is processed as a 'normal' entry (even if it is an alias entry). It is returned if it matches the search filter and is in the search scope.

Valid values
never
always
finding
searching
Default value
always
Examples
None available

federated.ldap.connectTimeout

Description
The connection timeout measured in seconds.
Default value
0
Examples
None available

federated.ldap.primaryServerQueryTimeInterval

Description
The polling interval for testing the primary server availability. The value is specified in minutes.
Default value
15
Examples
None available

federated.ldap.returnToPrimaryServer

Description
Indicates to return to the primary LDAP server when it is available.
Valid values
true
false
Default value
true
Examples
None available

federated.ldap.searchPageSize

Description
The search page size, which represents the number of entries per page.
Default value
No default value
Examples
None available

federated.ldap.searchCountLimit

Description
The search count limit.
Default value
500
Examples
None available

federated.ldap.searchTimeLimit

Description
The search time limit measured in milliseconds.
Default value
120000
Examples
None available

federated.ldap.translateRDN

Description
This value indicates whether to translate RDN or not.
Valid values
true
false
Default value
false
Examples
None available

federated.ldap.cp.maxPoolSize

Description
The maximum number of context instances that can be maintained concurrently by the context pool for this LDAP server by VMM. Specifying a value of 0 allows the pool to grow without bound. The only context pooling property that can be set by the initial LDAP repository setup ConfigEngine task (wp-create-ldap). See the Portal Tuning Guide for recommendations on setting on up context pooling in VMM under Portal. We can set other "cp.*" properties and run the wp-update-ldap-contextpool task to completely configure VMM context pooling. VMM uses the maximum pool size per node in the cluster. Therefore the total number of connections that might be made to the LDAP server is the maximum context pool size value multiplied by the number of nodes in the cluster.
Default value
20
Examples
None available

7.2. Add or update database

The following properties are used for creating or updating a database user registry configuration. Database modification tasks of VMM need a connection to a running server instance. Your server must be running before runningning the following tasks: wp-create-db or wp-update-db

federated.db.DataSourceName

Description
The name of the data source to be used for this VMM database domain. It must comply with the WAS requirements. We cannot use the reserved names releaseDS, communityDS, customizationDS, jcrDS, lmdbDS, and feedback. Use the same name for all portal database domains that are sharing user ID, password, and JDBC database URL.
Default value
vmmfeddbDS
Examples
None available

federated.db.DbType

Description
Database management software to use for the VMM Federated database domain.
Valid values
derby
db2
db2_iseries
db2_zos
oracle
sqlserver2005
Default value
db2
Examples
None available

federated.db.DbUrl

Description
The JDBC database URL to be used to connect with the database of this portal database domain. It must comply with the JDBC Driver software requirements. This property that is combined with the properties database name and schema name must be unique for the portal database domains release, community, customization, and JCR.
Default value
jdbc:db2:vmmfeddb
Examples
Apache Derby: jdbc:derby:wpsdb;create=true
IBM DB2 with type 2 drivers: jdbc:db2:wpsdb
IBM DB2 with type 4 drivers, Linux: jdbc:db2://:50001/wpsdb:returnAlias=0;
IBM DB2 with type 4 drivers, Windows: jdbc:db2://:50000/wpsdb:returnAlias=0;
IBM DB2 for i with type 2 drivers: jdbc:db2:*LOCAL/wpsdb;metadata source=1
IBM DB2 for i with type 4 drivers: jdbc:as400:wpsdb;metadata source=1
Remote IBM DB2 for i with type 4 drivers: jdbc:as400:wpsdb;metadata source=1;prompt=false
DB2 for z/OS: jdbc:db2:
Remote DB2 for z/OS with type 2 drivers: jdbc:db2:wpsdb
Remote DB2 for z/OS with type 4 drivers: jdbc:db2://:/
Oracle Database with type 4 drivers and thin client: jdbc:oracle:thin:@//:1521/
Oracle Database with type 2 drivers and thick client: jdbc:oracle:oci:@//:1521/
Microsoft SQL Server: jdbc:sqlserver://:1433;SelectMethod=cursor;DatabaseName=wpsdb

federated.db.DbName

Description
The name of the database (location name of the DB2 for z/OS subsystem) to be used for this portal database domain. It must comply with the database management software requirements. This property that is combined with the properties schema name and JDBC database URL must be unique for the portal database domains release, community, customization, and JCR.
Default value
federated.db.DbType=db2: WPVMM
federated.db.DbType=db2_iseries:
federated.db.DbType=db2_zos:
federated.db.DbType=oracle:
federated.db.DbType=sqlserver2005: WPVMM
Otherwise: vmmfeddb
Examples
Apache Derby: vmmfeddb
IBM DB2: WPVMM
IBM DB2 for i: /WPSDB
DB2 for z/OS:
Oracle Database: vmmfeddb
Microsoft SQL Server: WPVMM

federated.db.id

Description
Set a unique identifier for the repository within the cell. Characters that are not allowed in normal XML strings ( & < > " ' ) cannot be used in the repository ID.
Default value
vmmDb
Examples
None available

federated.db.baseDN

Description
The database base entry. The start point where all DB entities will be stored under. Verify the uniqueness of this string.
Default value
No default value
Examples
None available

federated.db.DbUser

Description
The database user ID used to configure the database objects of this federated database domain. It must comply with the database management software requirements. Also used by the data source to connect with the database, unless specified a runtime database user.
Default value
db2admin
Examples
None available

federated.db.DbPassword

Description
The password of the database user ID used to configure the database objects of the federated database domain. It must comply with the database management software requirements. Also used by the data source to connect with the database, unless specified a runtime database user.
Default value
No default value
Examples
None available

7.2.1. Advanced database properties

federated.db.JdbcProviderName

Description
The name of JDBC provider to be used for the VMM database user registry. Note the la.JdbcProviderName can be the same as this value, or different. The la.JdbcProviderName is the JDBC provider for the property extension database. This federated.db.JdbcProviderName is the JDBC provider for the VMM database user registry. Both of these databases can be in the same database provider, or in different providers. If they are in the same database, then the same provider name can be used. If they are in different databases, then different appropriate JDBC provider names must be used.
Default value
vmmdbJDBC
Examples
None available

federated.db.DbSchema

Description
The name to be used to qualify database objects of this VMM database domain. It must comply with the database management software requirements. This property that is combined with the properties database name and JDBC database URL must be unique for the portal database domains release, community, customization, and JCR.
Default value
federate
Examples
None available

federated.db.DbNameOnZos

Description
The name of the database to be used for this portal database domain. It must comply with the database management software requirements.
Default value
WPSTST02
Examples
None available

federated.db.XDbName

Description
The database alias used to create the database for this portal database domain. It must comply with the database management software requirements. Required for IBM DB2 that runs on Linux and UNIX operating systems. Also required for IBM DB2 that runs on a Microsoft Windows operating system that uses type 2 JDBC drivers and is running on the same server as WebSphere Portal.
Default value
wps6TCP
Examples
Release, Community, Customization, VMM, and JCR: wps6TCP
Feedback: fdbk6TCP
LikeMinds: lmdb6TCP

federated.db.DbNode

Description
The name of the database node used to create the database for this portal database domain. It must comply with the database management software requirements. Required for IBM DB2 that run on Linux and UNIX operating systems.
Default value
wpsNode
Examples
Release, Community, Customization, JCR, and VMM: wpsNode
Feedback and LikeMinds: pznNode

federated.db.DbStorageGroup

Description
The name of the DB2 for z/OS storage group to be used for this portal database domain.
Default value
WPSSG
Examples
None available

federated.db.DbVolumes

Description
Defines the volumes of the DB2 for z/OS storage group used for this portal database domain.
Default value
*
Examples
None available

federated.db.DbVcat

Description
Identifies the integrated catalog facility catalog (VCAT) for the DB2 for z/OS storage group used for this portal database domain.
Default value
DSN910
Examples
None available

federated.db.Db4KBufferPoolName

Description
The name of the DB2 for z/OS 4 K buffer pool to be used for this portal database domain.
Default value
BP0
Examples
None available

federated.db.Db32KBufferPoolName

Description
The name of the DB2 for z/OS 32 K buffer pool to be used for this portal database domain.
Default value
BP32K
Examples
None available

7.2.2. Setting up database tables

Provide information needed to configure tables for the federated database.

federated.db.reportSqlError

Description
Specify whether to report SQL errors while setting up the VMM federated database.
Valid values
true
false
Default value
true
Examples
None available

federated.db.saltLength

Description
The length of the salt used when the system hashes passwords stored in the Member Manager database repository.
Default value
12
Examples
None available

federated.db.encryptionKey

Description
The encryption key to encrypt the database user registry.
Default value
rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s
Examples
rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s

federated.db.adapterClassName

Description
The implementation class name for the repository adapter.
Default value
com.ibm.ws.wim.adapter.db.DBAdapter
Examples
None available

federated.db.supportSorting

Description
This value indicates whether sorting is supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.db.supportTransactions

Description
This value indicates if transactions are supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.db.isExtIdUnique

Description
Specifies if the external ID is unique.
Valid values
true
false
Default value
true
Examples
None available

federated.db.supportExternalName

Description
This value indicates if external names are supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.db.entityRetrievalLimit

Description
Specifies the maximum number of entities the system can retrieve from the database with a single database query.
Default value
50
Examples
None available

7.3. Custom user registry properties

The following properties are used to create or updated a custom user registry (CUR) in a federated security configuration. The properties are referenced when the following tasks are run: wp-create-cur and wp-update-federated-cur

federated.cur.id

Description
This ID specifies a unique identifier for the repository within the cell. Characters that are not allowed in normal XML strings ( & < > " ' ) cannot be used in the repository ID.
Default value
No default value
Examples
None available

federated.cur.adapterClassName

Description
The implementation class name for the repository adapter.
Default value
No default value
Examples
None available

federated.cur.baseDN

Description
The CUR base entry.
Default value
No default value
Examples
None available

federated.cur.isExtIdUnique

Description
Whether the external ID is unique.
Valid values
true
false
Default value
true
Examples
None available

federated.cur.supportExternalName

Description
This value indicates whether external names are supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.cur.supportPaging

Description
This value indicates whether paging is supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.cur.supportSorting

Description
This value indicates whether sorting is supported or not.
Valid values
true
false
Default value
false
Examples
None available

federated.cur.supportTransactions

Description
This value indicates whether transactions are supported or not.
Valid values
true
false
Default value
false
Examples
None available

7.3.1. Federated custom user registry (CUR) custom properties

The following properties and values are used to create a custom property using the wp-create-cur-custom-property task.

cur.id

Description
The ID of the repository, where the custom property will be created.
Default value
No default value
Examples
None available

cur.name

Description
The name of the custom property.
Default value
No default value
Examples
None available

cur.value

Description
Value of the custom property:
Default value
No default value
Examples
None available

7.4. Enable federated repository

The following properties are used when running the wp-modify-federated-security task. The task enables a federated repository and the existing default realm is renamed.

federated.primaryAdminId

Description
Type the ID of the WAS administrative user. The ID must exist in a user repository.
Default value
No default value
Examples
Windows Active Directory: cn=,cn=users,dc=myco,dc=com
Windows Active Directory Lightweight-Directory-Services:
Custom User Registry:
IBM Tivoli Directory Server: uid=,cn=users,dc=myco,dc=com
IBM Lotus Domino: cn=,o=myco.com
Novell eDirectory: uid=,ou=people,o=myco.com
Oracle Directory Server: uid=,ou=people,o=myco.com

federated.realm

Description
Specify the realm name to use. The existing default realm is renamed.
Default value
No default value
Examples
None available

federated.serverId

Description
Set a user ID in the repository used for internal process communication.
Default value
No default value
Examples
Windows Active Directory: cn=,cn=users,dc=myco,dc=com
Windows Active Directory-Lightweight-Directory-Services:
Custom User Registry:
IBM Tivoli Directory Server: uid=,cn=users,dc=myco,dc=com
IBM Lotus Domino: cn=,o=myco.com
Novell eDirectory: uid=,ou=people,o=myco.com
Oracle Directory Server: uid=,ou=people,o=myco.com

federated.serverPassword

Description
Set a password for the user ID in the repository used for internal process communication.
Default value
No default value
Examples
None available

7.4.1. Advanced federated repository properties

federated.registryClassName

Description
The registry class name.
Default value
com.ibm.ws.wim.registry.WIMUserRegistry
Examples
None available

federated.ignoreCase

Description
Whether the query matches case sensitivity. This value is not used during node federation to the deployment manager with WAS when LDAP security is enabled.
Valid values
true
false
Default value
true
Examples
None available

7.5. LDAP attribute configuration validation

The following properties are used with the wp-validate-federated-ldap-attribute-config and wp-update-federated-ldap-attribute-config tasks.

federated.ldap.attributes.nonSupported

Description
This value is a comma-separated list of attributes added/removed from the list of nonsupported attributes
Default value
No default value
Examples
None available

federated.ldap.attributes.nonSupported.delete

Description
If true, then the attributes in federated.ldap.nonSupported are deleted from the list of nonsupported attributes, else they are added.
Valid values
true
false
Default value
No default value
Examples
None available

federated.ldap.attributes.mapping.ldapName

Description
The name of the attribute in LDAP.
Default value
No default value
Examples
None available

federated.ldap.attributes.mapping.portalName

Description
The name of the attribute in portal.
Default value
No default value
Examples
None available

federated.ldap.attributes.mapping.entityTypes

Description
The list of entityTypes the mapping applies to.
Valid values
PersonAccount
Group
Default value
PersonAccount
Examples
None available

7.6. Delete federated repository properties

The following properties are used the wp-delete-repository task.

federated.delete.baseentry

Description
The name of the base entry to be deleted from the default realm. If the base entry exists in other realms, it must be deleted manually first. Leave the value empty only to delete the property extension repository.
Default value
No default value
Examples
None available

federated.delete.id

Description
The ID of the repository to be deleted from the VMM configuration. This parameter must be set to LA to delete the property extension repository.
Default value
No default value
Examples
None available

VMM property extension database properties

Property extension database was previously called the lookaside database. The property extension database stores more attributes that cannot be stored in the LDAP user registry. Database modification tasks of VMM need a connection to a running server instance. Make sure the server is running. The properties are used with the following tasks: wp-configure-la-complete and wp-add-la-property

la.JdbcProviderName

Description
The name of JDBC provider for the VMM property extension database. Note the federated.db.JdbcProviderName can be the same as this value, or different. The federated.db.JdbcProviderName is the JDBC provider for the VMM database user registry. This la.JdbcProviderName is the JDBC provider for the VMM property extension database. Both of these databases can be in the same database provider, or in different providers. If they are in the same database, then the same provider name can be used. If they are in different databases, then different appropriate JDBC provider names must be used.
Default value
vmmdbJDBC
Examples
None available

la.DbType

Description
Database management software to be use for the property extension domain.
Valid values
db2
db2_iseries
db2_zos
derby
oracle
sqlserver2005
Default value
db2
Examples
None available

la.DbUrl

Description
The JDBC database URL to be used to connect with the database of the property extension database domain. It must comply with the JDBC Driver software requirements. This property that is combined with the properties database name and schema name must be unique for the portal database domains release, community, customization, and JCR.
Default value
jdbc:db2:vmmladb
Examples
None available

la.DbName

Description

The name of the database (location name of the DB2 for z/OS subsystem) to be used for the property extension database domain. Use the property extension domain store more properties outside of the user registry. It must comply with the database management software requirements. This property that is combined with the properties schema name and JDBC database URL must be unique for the portal database domains release, community, customization, and JCR.
If we change the name of the WebSphere Portal data source due to a database migration, manually update the la.DbName property in the wpconfig_dbdomain.properties file. The file is located here: portal_server_root/config/wpconfig_dbdomain.properties
Default value
la.DbType=db2: VMMLADB
la.DbType=db2_iseries:
la.DbType=db2_zos:
la.DbType=oracle:
la.DbType=sqlserver2005: VMMLADB
Otherwise: vmmladb
Examples
Apache Derby: vmmladb
IBM DB2: VMMLADB
IBM DB2 for i: /VMMLADB
DB2 for z/OS:
Oracle Database: vmmladb
Microsoft SQL Server: VMMLADB

la.DataSourceName

Description
The name of the data source to be used for property extension database domain. It must comply with the WAS requirements. We cannot use the reserved names releaseDS, communityDS, customizationDS, jcrDS, lmdbDS, and feedback. Use the same name for all portal database domains that are sharing user ID, password, and JDBC database URL.
Default value
vmmladbDS
Examples
None available

la.DbUser

Description
The database user ID used to configure the database objects of the property extension database domain. It must comply with the database management software requirements. Also used by the data source to connect with the database, unless specified a runtime database user.
Default value
db2admin
Examples
None available

la.DbPassword

Description
Password for the property extension database administrator user ID. The password must comply with the database management software requirements. The ConfigEngine cannot validate the password complies with the software requirements.
Default value
No default value
Examples
None available

8.1. Advanced properties

la.DbNameOnZos

Description
The name of the database to be used for this portal database domain. It must comply with the database management software requirements.
Default value
WPSTST02
Examples
None available

la.XDbName

Description
The database alias used to create the database for this portal database domain. It must comply with the database management software requirements. Required for IBM DB2 that runs on Linux and UNIX operating systems. Also required for IBM DB2 that runs on a Microsoft Windows operating system that uses type 2 JDBC drivers and is running on the same server as WebSphere Portal.
Default value
wps6TCP
Examples
None available

la.DbNode

Description
The name of the database node used to create the database for this portal database domain. It must comply with the database management software requirements. Required for IBM DB2 that run on Linux and UNIX operating systems.
Default value
wpsNode
Examples
None available

la.DbSchema

Description
The name to be used to qualify database objects of property extension database domain. It must comply with the database management software requirements. This property that is combined with the properties database name and JDBC database URL must be unique for the portal database domains release, community, customization, and JCR.
Default value
federate
Examples
None available

8.2. Create property extension tables

la.reportSqlError

Description
Specify whether to report SQL errors that occur while we are setting up databases.
Valid values
true
false
Default value
true
Examples
None available

la.entityRetrievalLimit

Description
Specifies the maximum number of entities the system can retrieve from the database with a single database query.
Default value
50
Examples
None available

8.3. Add a property

The following properties are used by wp-add-la-property and wp-add-property ConfigEngine tasks. Use wp-add-la-property if we are defining a new property to store in VMM property extension database. Use wp-add-property if we are defining a new property that maps to an attribute in LDAP or a custom registry. These tasks use a secured connection to WAS. Check the file...
wp_profile/properties/sas.client.props

...and verify the following setting:
com.ibm.CORBA.securityEnabled=true

For a remote telnet connection, set com.ibm.CORBA.loginSource to stdin or properties.
la.providerURL

Description
The remote endpoint where the portal server or deployment manager installation is available. Check the value for hostname:port. The port points to the BOOTSTRAP_ADDRESS port of either the WebSphere_Portal server or the deployment manager.
Default value
corbaloc:iiop:localhost:10020
Examples
Stand-alone Server example: corbaloc:iiop:localhost:10020
Clustered example: corbaloc:iiop:dmgr.example.com:9809

la.propertyName

Description
The name of the property we are adding.
Default value
No default value
Examples
email, dept

la.deployfile
Description
Create multiple properties using a single ConfigEngine operation. Specify the path and name of the XML file containing the properties to add. We can specify a path that is relative to the ConfigEngine or the fully qualified file system path. If we specify a value for this property, do not specify a value for la.propertyName, la.dataType, or la.Multivalued.
The following is a sample of an XML deploy file used to add three properties.
      <wplc-add-property>
   <resource propertyName="attribute_name_1" dataType="Int" entityTypes="Group" multiValued="true" />
   <resource propertyName="attribute_name_2" dataType="String" entityTypes="PersonAccount" multiValued="true" />
   <resource propertyName="attribute_name_3" dataType="Base64Binary" entityTypes="Group,PersonAccount" multiValued="false" />
      </wplc-add-property>
      
The resource tag includes attributes specific for the property: propertyName, dataType, entityType, and multiValued.
Default value
No default value
Examples
deploy.xml
la.entityTypes

Description
List of entity types the new property is applicable to. To enter multiple values, use a comma to separate each value, for example "value1,value2".
Valid values
Group
PersonAccount
Default value
No default value
Examples
Group,PersonAccount

la.dataType

Description

Type of data stored in the attribute being created. If mapped to LDAP, the data type must match the corresponding attribute type in LDAP. If this attribute is stored in the VMM property extension database, the data type must match the corresponding attribute type as defined in VMM's database.
While it is possible to add attributes of different types to VMM, the Registration/Edit My Profile Portlet is only capable of working with attributes of type String and Int. For UI support for other types, we would need our own custom form or portlet that can process those types. Portal does not have a UI that reads or updates group attributes. The one exception is the UI that is used to create a group.
Valid values
String
Int
DateTime
Base64Binary
IdentifierType
Boolean
Long
Double
Short
Default value
No default value
Examples
None available

la.multiValued

Description
Defines if the property can contain multiple values or not.
Valid values
true
false
Default value
No default value
Examples
None available

repositoryId

Description
This value is only used for the wp-add-property task. Adding a property to VMM configuration of a repository does not add the property to the LDAP system. List of repositories the new property is added to. The list of repositories must be separated by a comma. Leave the value blank to add the property to all repositories.
Default value
No default value
Examples
None available
VMM LDAP entity type configuration

Provide values for the following properties if create, delete, or add an LDAP entity type configuration. The properties are used with the following ConfigEngine tasks: wp-create-ldap-entitytype , wp-delete-ldap-entitytype , and wp-add-ldap-entitytype-rdn .

et.ldap.id

Description
Specifies the LDAP server ID.
Default value
No default value
Examples
myLDAPServer

et.entityTypeName

Description
Name of the entity type to create, update, or delete.
Valid values
PersonAccount
Group
Default value
No default value
Examples
None available

et.objectClass

Description
Specifies a semi-colon (;) delimited list of object classes to be added.
Default value
No default value
Examples
groupOfUniqueNames

et.searchFilter

Description
Search filter to use to search the entity type. A filter like departmentNumber=1234 would allow only objects with this department number to be a valid search result.
Default value
No default value
Examples
None available

et.objectClassesForCreate

Description
Specifies a semi-colon (;) delimited list of object classes to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, we do not need to specify this parameter.
Default value
No default value
Examples
groupOfUniqueNames

et.searchBases

Description
Search base or bases to use while the system searches the entity type.
Default value
No default value
Examples
o=foo,o=bar

et.rdnName

Description
Specifies more attributes for the wp-add-ldap-entitytype-rdn task. This attribute name is used to build the relative distinguished name (RDN) for the entity type. It is unusual for there to be more than one for a PersonAccount or Group entity type.
Default value
No default value
Examples
None available

et.ldap.referral

Description
Specifies more attributes for the wp-add-ldap-entitytype-rdn task. The value indicates how the LDAP server handles referrals to other LDAP servers. If we type ignore, the LDAP ignores referrals to other LDAP servers. If we type follow, the LDAP follows the redirect to other LDAP servers.
Valid values
ignore
follow
Default value
follow
Examples
None available

et.ldap.host

Description

Default value
No default value
Examples
None available

VMM supported entity types configuration

The wp-update-entitytype task updates the entity type 'entityTypeName' with the value of defaultParent. It also resets the rdnProperties list to contain only rdnProperties entries for the value (or values, if a semicolon-delimited list is supplied) of the RDN attribute name property.

entityTypeName

Description
Name of the entity type.
Valid values
PersonAccount
Group
Default value
No default value
Examples
None available

defaultParent

Description
Base entry name used as default parent for the entity type.
Default value
No default value
Examples
None available

rdnProperties

Description
RDN attribute name for the supported entity type in the entity domain name. The RDN attribute is the first attribute in the Distinguished Name. Usually the attribute is "uid" or "cn", but it depends on how the DNs in the LDAP server are set up.
Default value
cn
Examples
None available

updatePumaSearchBase

Description
Define whether the default search attribute for users and groups in PUMA Store Service is also updated.
Valid values
true
false
Default value
false
Examples
None available

10.1. Update the defaultParent of the entity types Group and PersonAccount

The wp-update-entitytypes task updates the defaultParent of the entity types Group and PersonAccount and adds the RDN attributes to the existing list. The wp-set-entitytypes task updates the defaultParent of the entity types Group and PersonAccount and adds the RDN attributes as only entry in the RDN list.

personAccountParent

Description
Type the default parent of the entity type PersonAccount. VMM creates new users as a child of the parent when no other explicit parent is specified. This value must be a descendant of the baseDN of the LDAP server and it must be a fully specified DN of the container, including the baseDN value. For example, if federated.ldap.baseDN=dc=myco,dc=com then the parent might be personAccountParent=cn=users,dc=myco,dc=com. It might also be personAccountParent=cn=users,ou=newPeopleGoHere,dc=myco,dc=com.
Default value
No default value
Examples
If the base DN is dc=myco,dc=com: cn=users,dc=myco,dc=com

groupParent

Description
Type the default parent of the entity type Group. When an explicit parent is not specified for a new group, VMM uses the default parent specified here. The parent must be a descendant of the base DN of the LDAP server. It also must be a fully specified DN of the container, including the base DN value.
Default value
No default value
Examples
If base DN is dc=myco,dc=com: cn=groups,dc=myco,dc=com
Another example, for base DN is dc=myco,dc=com: cn=groups,ou=newGroupsGoHere,dc=myco,dc=com

personAccountRdnProperties

Description
The RDN attribute is the first attribute in the Distinguished Name. Usually the attribute is "uid" or "cn", but it depends on how the DNs in the LDAP server are set up. It is possible to specify multiple attribute names that are separated by semicolons, but this is highly unusual. Do not leave this property blank. This property is primarily used when creating a new user through VMM. In combination with the default parent for the entity type, the attribute tells VMM how to create the DN for the new entry. The value (or values, if multiple values are specified in a semicolon-delimited list) is set as rdnProperties entries with the supportedEntityType stanza in VMM's wimconfig.xml configuration file.
Default value
uid
Examples
uid

groupRdnProperties

Description
The RDN attribute is the first attribute in the Distinguished Name. Usually the attribute is "cn" for the Group entity type, but it depends on how the DNs in the LDAP server are set up. It is possible to specify multiple attribute names that are separated by semicolons, but this is highly unusual. Do not leave this property blank. This property is primarily used when creating a new group through VMM. In combination with the default parent for the entity type, the attribute tells VMM how to create the DN for the new entry. The value (or values, if multiple values are specified in a semicolon-delimited list) is set as rdnProperties entries with the supportedEntityType stanza in VMM's wimconfig.xml configuration file.
Default value
cn
Examples
cn

10.2. Group member attribute configuration

If the group member attribute does not exist, it will be created. The following properties are used with the wp-update-ldap-groupmember and wp-delete-ldap-groupmember tasks.

gm.ldap.id

Description
The ID of the LDAP repository definition within which the group definition is updated. The ID is an arbitrary ID that was specified when the repository definition was created.
Default value
No default value
Examples
None available

gm.groupMemberName

Description
The name of the LDAP attribute used as the group member attribute.
Default value
No default value
Examples
For groupOfUniquNames: uniqueMember
For groupOfNames: Member

gm.objectClass

Description
The group object class containing the member attribute. If we do not define this parameter, the member attribute applies to all group object classes
Default value
No default value
Examples
groupOfNames
groupOfUnqiueNames

gm.scope

Description
Type the scope of the member attribute. Attribute within the group objects that lists the members of the group. NOTE: It is unusual for this to be any value other than "direct". Type nested if the LDAP member attribute includes direct and nested members. Type direct if the LDAP member attribute includes direct members only.
Valid values
nested
direct
Default value
direct
Examples
None available

gm.dummyMember

Description
If we create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Oracle Directory Server and Windows Active Directory, the value has to be empty or point to an existing entry in the LDAP directory.
Default value
No default value
Examples
None available

10.3. Create group member configuration

The following properties are used with the wp-create-ldap-groupconfig task.

gc.ldap.id

Description
Unique identifier for an existing repository within the cell. This value must match the ID of the repository to be updated.
Default value
No default value
Examples
None available

gc.name

Description
A membership attribute is an alternative way of getting group membership information from the LDAP user registry. Leave the field empty if the LDAP does not support the group membership attribute.
Type the LDAP name of an attribute or virtual attribute in a user object that lists the groups of which that user is a member.
A membership attribute is an attribute within the user object containing the list of groups the user is a member of. Many LDAP registries support the group memebership attribute. Also, each user registry implements the group membership attribute differently.
In some cases, the membership attribute is not persisted with the user record. Instead, it is calculated on demand.
In some cases, the membership attribute includes all groups, such as nested groups, dynamic groups, and static groups. If the LDAP implementation includes all groups memberships, then it is more efficient to use a membership attribute instead of manually requesting the information from a client. For more information about when to use the attribute, see the federated.ldap.gc.scope property.
We do not need to use nested or dynamic groups to use a membership attribute. If the directory uses only non-nested, static group memberships, use the standard group membership query method.
Default value
federated.ldap.ldapServerType=IDS6: ibm-allGroups
federated.ldap.ldapServerType=AD: memberOf
federated.ldap.ldapServerType=ADAM: memberOf
federated.ldap.ldapServerType=DOMINO: dominoAccessGroups
federated.ldap.ldapServerType=SUNONE: isMemberOf
federated.ldap.ldapServerType=SUNONE: nsrole
federated.ldap.ldapServerType=NDS: groupMembership
Examples
IBM Tivoli Directory Server: ibm-allGroups
Microsoft Active Directory: memberOf
Microsoft Active Directory - Lightweight Directory Services: memberOf
IBM Lotus Domino: dominoAccessGroups
Oracle Directory Server: isMemberOf
SunOne (versions prior to 6.3): nsrole
Novell eDirectory: groupMembership

gc.updateGroupMembership

Description
Updates the group membership if the member is deleted or renamed. Some LDAP servers, such as IBM Lotus Domino, do not clean up the membership of the user when a user is deleted or renamed. If we choose an LDAP server that does not clean up memberships, then the value of this property is set to true to enable membership cleanup.
Valid values
true
false
Default value
false
Examples
None available

gc.scope

Description

Tells VMM how much information the LDAP server returns when VMM requests the group membership attribute value for a user object. The group membership attribute is an attribute on the user object containing the list of groups of which the user is a member. This scope property describes to VMM how complete the list is. For example, the list might include only static groups of which the user is a direct member or it might include dynamic memberships, or the results of resolving any nested group relationships.

Set the value to all if the membership attribute includes a complete list of all possible group memberships for a user, including nested, dynamic, and direct group memberships.

Set the value to direct if the membership attribute includes only direct memberships.

Set the value to nested if the membership attribute included both direct and nested memberships, but it does not include dynamic memberships. Nested refers to groups within other groups.

Select the option that reflects the LDAP registry configuration. If the selection does not match the LDAP configuration, poor performance and failures might occur.
If the group membership attribute for the user objects within the LDAP returns only direct membership information and we select nested, when your application requests nested group information the operation will return incomplete results. Based on the selection, VMM expects the LDAP to return the nested group information. Does not do the additional work to determine the nested group information.
If the LDAP returns nested group information and VMM is configured to support dynamic groups, VMM tries to resolve the dynamic group membership information that is requested by an application. Use the Integrated Solutions Console to configure dynamic groups in VMM.
If the LDAP provides a complete set of group memberships, including nested groups, dynamic groups, and static direct groups, and set the scope attribute to direct, VMM redundantly tries to resolve the nested group memberships.
Portal asks VMM to retrieve nested group membership information from the LDAP registry. If the security policy and LDAP registry are not set up to use nested groups, then set accessControlDataManagement.enableNestedGroups to false in the Access Control Data Management Service.
Valid values
all
direct
nested
Default value
direct
Examples
None available

10.4. Context pool

The following properties are used with the wp-update-ldap-contextpool task.

cp.ldap.id

Description
The name of the LDAP repository configuration for which the context pool settings are to be updated.
Default value
No default value
Examples
None available

cp.maxPoolSize

Description
Specifies the maximum number of context instances that can be maintained concurrently in the context pool for this LDAP server by VMM. This value must be greater than or equal to the preferred context pool size. However, specifying a value of 0 allows the pool to grow without bound. VMM uses the buffer pool size per node in the cluster. Therefore the total number of connections that might be made to the LDAP server is the maximum context pool size value multiplied by the number of nodes in the cluster.
Default value
20
Examples
None available

cp.initPoolSize

Description
Specifies the initial (minimum) size of the context pool for this LDAP server in VMM. This value must be less than or equal to the preferred context pool size.
Default value
1
Examples
None available

cp.prefPoolSize

Description
Specify the preferred size of the context pool for this LDAP server in VMM. The size must be greater than or equal to the initial context pool size, and less than or equal to the maximum context pool size, unless the maximum size is set to 0. If this value is less than the maximum size (or if the maximum size is set to 0) and the pool grows larger than the preferred size due to transient high load conditions, the pool shrinks back to the preferred size when the high load condition subsides. The preferred size value is treated as a "hint" which VMM gives a best effort to maintain, not a hard limit that is strictly enforced always.
Default value
3
Examples
None available

cp.poolTimeout

Description
Specifies the maximum lifetime of a context instance. Lesser of the LDAP server or firewall connection time-out, if applicable. A value of 0 means a context will never time out. This value is specified in seconds.
Default value
2700
Examples
None available

cp.poolWaitTime

Description
Time that a thread waits for a context to become available. The timeout applies only when maximum size of the pool is reached (so that no more contexts can be allocated) but all existing context instances are busy. This value, which is specified in milliseconds, must not be more than a few seconds.
Default value
3000
Examples
None available

10.5. Realm configuration

The following properties are used to in multiple realm ConfigEngine tasks. If no realm name is specified, the default realm is updated.updated. The wp-create-realm tasks uses the following properties: realmName, addBaseEntry, securityUse, and delimiter The wp-update-realm task uses the following properties: realmName, securityUse, and delimiter The wp-delete-realm task uses the following property: deleteRealmName The wp-default-realm task uses the following property: defaultRealmName The wp-add-realm-baseentry task uses the following properties: realmName and addBaseEntry The wp-delete-realm-baseentry task uses the following properties: realmName and deleteBaseEntry The wp-query-realm-baseentry task uses the following property: realmName The wp-modify-realm-defaultparents task uses the following properties: realmName, realm.personAccountParent, realm.groupParent, and realm.orgContainerParent The wp-modify-realm-enable-dn-login task uses the following property: realmName The wp-modify-realm-disable-dn-login task uses the following property: realmName

realmName

Description
Name of the realm to create or update. If no realm name is provided, the default realm is updated.
Default value
No default value
Examples
None available

addBaseEntry

Description
Name of base entry to be added to the realm.
Default value
No default value
Examples
None available

securityUse

Description
Indicates whether a virtual realm within the VMM configuration is actively in use currently in the security setup of the server; or is not currently in use but is eligible to be used; or is not eligible for use at all. The default is "active".
Valid values
active
inactive
nonSelectable
Default value
active
Examples
None available

delimiter

Description
Specifies the delimiter used for this realm.
Default value
/
Examples
None available

defaultRealmName

Description
Name of the new default realm.
Default value
No default value
Examples
None available

deleteBaseEntry

Description
Name of the base entry to be deleted from the realm.
Default value
No default value
Examples
None available

realm.personAccountParent

Description
Specifies the default parents to be set for the entity type PersonAccount. The realm that is entered in realmName is used to make the change.
Default value
No default value
Examples
None available

realm.groupParent

Description
Specifies the default parents to be set for the entity type Group. The realm that is entered in realmName is used to make the change.
Default value
No default value
Examples
None available

realm.orgContainerParent

Description
Specifies the default parents to be set for the entity type OrgContainer. The realm that is entered in realmName is used to make the change.
Default value
No default value
Examples
None available

10.6. Base entry configuration

The following properties are used by the wp-create-base-entry , wp-update-base-entry , and wp-delete-base-entry. When we run the wp-update-base-entry task, if the base entry does not exist, the task creates the entry.

id

Description
The ID of the repository, where the base entry is created, updated, or deleted. When a base entry is created, it is automatically added to the default realm.
Default value
No default value
Examples
None available

baseDN

Description
Name of the base entry to create, update, or delete.
Default value
No default value
Examples
None available

nameInRepository

Description
The distinguished name (DN) in the repository that uniquely identifies the base entry name. In most cases, the name is not the same value as the base DN.
Default value
No default value
Examples
None available

10.7. Change administrative users

The following properties are used by the wp-change-was-admin-user and wp-change-portal-admin-user tasks. The wp-change-portal-admin-user task also changes the admin group if the ID is set.

newAdminId

Description
Type the fully qualified DN that exists in the LDAP registry to use as the Portal Administrator account. The short login name for this administrator account must not be identical to the original admin ID short login name. If the DN includes spaces, then we must take extra steps to enter it on the command line using the -D parameter.
For command line tasks, if you provide the DN using the -D parameter, some tasks require entered the fully qualified DN. If the fully qualified DN contains a space, we cannot provide the ID using the -D parameter. For example, if your DN is cn=someuser,cn=users,o=Software Group,dc=myco,dc=com, then place the DN in the properties file or a parent properties file. If we create a parent properties file named mysecurity.properties, the command is: ./ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties.
A valid user DN can contain the following characters:

Lowercase characters {a-z} and upper case characters {A-Z}
Numbers {0-9}
Exclamation point {!}, hyphen {-}, period {.}, question mark {?}, accent grave {`}, tilde {~}
Open parenthesis {(} and close parenthesis {)}
Open bracket {[} and close bracket {]}
Underscore {_}, which is the only special character allowed in IBM i
Must be less than 200 characters

Default value
No default value
Examples
Windows Active Directory: cn=,cn=users,dc=myco,dc=com
Windows Active Directory 2003: cn=,cn=users,dc=myco,dc=com
Windows Active Directory-Lightweight-Directory-Services: cn=,cn=users,dc=myco,dc=com
IBM Tivoli Directory Server: uid=,cn=users,dc=myco,dc=com
IBM Tivoli Directory Server for z/OS: uid=,cn=users,dc=myco,dc=com
IBM Lotus Domino: cn=,o=myco.com
Novell eDirectory: uid=,ou=people,o=myco.com
Oracle Directory Server: uid=,ou=people,o=myco.com
Custom: uid=,cn=users,dc=myco,dc=com

newAdminPw

Description
Type the password for the DN that already exists in the user registry. Valid passwords contains only ASCII characters and the following characters:

Lowercase letter {a-z} and uppercase letters {A-Z}
Numbers {0-9}
Exclamation point {!}, hyphen {-}, period {.}, question mark {?}, accent grave {`}, and tilde {~}
Open parenthesis {(} and close parenthesis {)}
Open bracket {[} and close bracket {]}
Underscore {_}, which is the only special character allowed in IBM i
The password cannot contain a space
Must be 128 characters or less

Default value
No default value
Examples
None available

newAdminGroupId

Description
Type the DN of the existing group from LDAP to use as the portal administrative group.
Default value
No default value
Examples
Windows Active Directory: cn=,cn=groups,dc=myco,dc=com
Windows Active Directory-Lightweight-Directory-Services: cn=,cn=groups,dc=myco,dc=com
IBM Tivoli Directory Server: cn=,cn=groups,dc=myco,dc=com
IBM Lotus Domino: cn=,o=myco.com
Novell eDirectory: cn=,ou=groups,o=myco.com
Oracle Directory Server: cn=,ou=groups,o=myco.com

10.8. Change attribute configuration

The wp-update-attribute-config task sets the overall required and unsupported properties.

user.attributes. required

Description
Specifies the new (comma separated) list of attributes that are required for user creation
Default value
sn
Examples
None available

user.attributes.nonsupported

Description
Specifies the new (comma separated) list of attributes that are ignored by portal.
Default value
certificate,identifier
Examples
None available

10.9. Restore VMM security

The following properties are used with the wp-restore-default-repository-configuration task.

restore.file.realm

Description
Specifies the realm name to be used. A realm with this name is created .
Default value
federatedRealm
Examples
None available

restore.file.delimiter

Description
Specifies the delimiter used for this realm. Set any value but do not leave this field blank.
Default value
/
Examples
None available

restore.file.primaryAdminId

Description
Specifies the ID (short name) of the WAS administrative user. The ID must exist in a user repository.
Default value
adminUID
Examples
None available

restore.file.primaryAdminPassword

Description
Password (short name) of the WAS administrative user.
Default value
adminPWD
Examples
None available

restore.file.primaryPortalAdminGroup

Description
The user group (short name) with administrative permission in portal. The group must exist in the LDAP server.
Default value
adminGroupCN
Examples
None available

10.10. Community Isolation and external users

The following properties are used with the wp-configure-community-isolation and wp-configure-external-users task.

communityIsolation.enabled

Description
Whether the Boolean flag enables community isolation (peer groups).
Valid values
true
false
Default value
false
Examples
None available

externalUsers.enabled

Description
Whether the Boolean flag enables or disables external users.
Valid values
true
false
Default value
false
Examples
None available

externalUsers.parentDN

Description
The parent distinguished name (DN) for new external users.
Default value
No default value
Examples
ou=externalUsers,o=defaultWIMFileBasedRealm

More properties for internal use only

AdditionalPropertiesToFilter

Description
Do not change the value of this attribute unless directed to do so by IBM Support
Default value
newAdminPw
Examples
None available

wps.userdir

Description
Do not change the value of this attribute unless directed to do so by IBM Support.
Default value
PortalServer
Examples
None available

Parent Reference: Configuration properties