Create a superuser 

For IBM Lotus Sametime integration, you need to create a superuser who has access to all communities, public and restricted.


Before starting

Users who are granted the superuser role can access all communities with the following caveats:


About this task

With additional configuration on the IBM Connections server, it is possible to create a superuser who can see all communities, public and restricted. For Sametime integration, you need to create a user of this type, and add their login and password credentials to the Sametime Advanced server so that you can connect on their behalf to list all of the communities.


Procedure

  1. To determine the user realm for the new administrative user, do the following:

    1. In the IBM WAS Integrated Solutions Console (assuming federated repositories), expand Security, select Global security, and then select Federated Repositories.

    2. Click Configure.

    3. On the main Federated repositories page, note the value for the realm name for your application server.

  2. From the dmgr host:

      cd $DMGR_PROFILE/bin
      ./wsadmin.sh -jython
      execfile("communitiesAdmin.py")

      If prompted to specify a service to connect to, type 1 to pick the first node in the list. Most commands can run on any node. If the command writes or reads information to or from a file using a local file path, pick the node where the file is stored.

  3. Check out the Communities configuration files using the following command:

      CommunitiesConfigService.checkOutPolicyConfig("<working_directory>", "<cell_name>")

      where:

      • <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied. The files are kept in this working directory while you make changes to them.

          Note: AIX and Linux only: The directory must grant write permissions or the command will not run successfully.

      • <cell_name> is the name of the WAS cell hosting the IBM Connections application. This argument is required. If you do not know the cell name, you can determine it by typing the following command in the wsadmin command processor:

          print AdminControl.getCell()

      For example:

      CommunitiesConfigService.checkOutPolicyConfig("/opt/my_temp_dir", "CommServerNode01Cell")

  • From the temporary directory to which you just checked out the IBM Connections configuration files, open the communities-policy.xml file in a text editor.

  • To add an administrative user with rights to access all IBM Connections communities, add the following grant statement to the file:

      <comm:grant>
        <comm:principal class="com.ibm.ws.security.common.auth.WSPrincipalImpl" name="<YOUR_REALM_NAME>/<YOUR_LOGIN_ID>" />
        <comm:permission class="com.ibm.tango.auth.permission.CommunityManagementPermission" communityType="*" action="*" />
        <comm:permission class="com.ibm.tango.auth.permission.CommunityMembershipPermission" communityType="*" action="*" />
        <comm:permission class="com.ibm.tango.auth.permission.CommunityAccessPermission" communityType="*" action="*" />
        <comm:permission class="com.ibm.tango.auth.permission.CommunityReferencePermission" communityType="*" action="*" />
        <comm:permission class="com.ibm.tango.auth.permission.CommunityBroadcastPermission" communityType="*" action="*" />
      </comm:grant>

      where:

      • <YOUR_REALM_NAME> is the realm name you identified in step 1.

          Note: If the realm contains a port number, then specify the port number as well. For example:

          <comm:principal class="com.ibm.ws.security.common.auth.WSPrincipalImpl" name="w2k3dc.litbg01.example.com:389/buser99" />

      • <YOUR_LOGIN_ID> is the login ID of the user who you want to set up as the administrator for communities.

          Note: If multiple login properties are used, the login ID should be based on the first property. For example, if the login properties are configured as uid;email, the login ID used must be based on uid.

  • Save your changes to the communities-policy.xml file.

  • Check in the updated file using the following wsadmin client command:

      CommunitiesConfigService.checkInPolicyConfig("<working_directory>", "<cell_name>")

  • To exit the wsadmin client, type exit at the prompt.

  • Stop and restart the server hosting the Communities application.

    Results

    When the user specified in the policy file logs in to Communities, they should now be able to view and edit all communities and community resources.


    Parent topic

    Configure the Sametime Advanced server


    Related tasks


    Starting the wsadmin client
    Add owners and members to a community

    +

    Search Tips   |   Advanced Search