Configure an administrator account in an external user registry
When we use an external user registry, and you set the default administrator ID to a value other than ITIM Manager, we must configure the default administrator account.
The default IBM Security Identity Manager installation creates an administrator account named ITIM Manager. We can optionally choose to use a different administrator account name. This option is useful when we install IBM Security Identity Manager into an environment that already has a WebSphere security domain that uses an external user registry.
The following procedure shows an example of how we can change the default administrator account from ITIM Manager to itimManager. This procedure assumes that we use an IBM Security Directory Server LDAP directory server, with the organizational units shown in the first step.
- Create a text file with the following contents:
dn: eruid=ITIM Manager,ou=systemUser,ou=itim,ou=org,dc=com changetype: modrdn newrdn: eruid=itimManager deleteoldrdn: 1- Run an ldapmodify command that uses the text file we created.
Command syntax.
ldapmodify -h hostIP -D adminDN -w adminPassword -i filePath
Entry Description ldapmodify This command is in TDS_HOME/bin directory. For example:
- Windows
- C:\Program Files\LDAP\V6.4\bin
- UNIX or Linux
- TDS_HOME/bin
hostIP The IP address of the IBM Security Directory Server, where ISIM LDAP data is stored. adminDN The administrator DN. For example, cn=root adminPassword The administrator password filePath The path to the file that we created in the previous step. - Update ISIM properties file ISIM_HOME/data/enRole.properties with the new default administrator ID.
Example entry.
enrole.defaultadmin.id=itimManager- Restart the WebSphere application server, to load the updated values from the property file.
Continue with Verify access for the administrator account.
- Verify access for the administrator account
Verify that the administrator account is configured correctly.Parent topic: Install