Portal, V6.1
Enable application groups
Application groups is a concept that allows you to define user groups within the database user registry with members (users or groups) contained in the federated LDAP user registry you configured. The benefit of application groups is that you can create Groups that are only used in IBM WebSphere Portal. Run the wp-create-db task to create your federated
database user registry and run the wp-create-ldap to create your federated LDAP user registry before enabling application groups. Use application groups in the following scenarios:
- Read-only LDAP
- If you have a read-only LDAP, you cannot change the group membership of users and groups. If define access rights for certain users that are in different groups, you can create an Application group for these users with the required access rights.
- Special group setup for WebSphere Portal
- In this scenario setup a special group hierarchy that is only used by WebSphere Portal and not by other applications that access your LDAP. This can help you apply special access control rules just for WebSphere Portal as the roles apply to all members of the group as well.
Application groups only apply to WebSphere Portal; it does not apply to external security managers.
Perform the following steps to enable application groups:
- Run the following task to enable application groups:
Option Description Windows ConfigEngine.bat wp-update-group-repository-relationship –Drepository.id=ldapid –Drepository.forgroups=dbid from the WP_PROFILE\ConfigEngine directory UNIX ./ConfigEngine.sh wp-update-group-repository-relationship –Drepository.id=ldapid –Drepository.forgroups=dbid from the WP_PROFILE/ConfigEngine directory i5/OS ConfigEngine.sh wp-update-group-repository-relationship –Drepository.id=ldapid –Drepository.forgroups=dbid from the WP_PROFILE/ConfigEngine directory - To stop and restart the server1 and WebSphere_Portal servers:
- Open a command prompt and change to the following directory:
- Windows: WP_PROFILE\bin
- UNIX: WP_PROFILE/bin
- i5/OS: WP_PROFILE/bin
- Stop the WAS:
- Windows: stopServer.bat server1 -username adminid -password passwd
- UNIX: ./stopServer.sh server1 -username adminid -password passwd
- i5/OS: stopServer server1 -username adminid -password passwd
- Stop the WebSphere_Portal server:
- Windows: stopServer.bat WebSphere_Portal -username adminid -password passwd
- UNIX: ./stopServer.sh WebSphere_Portal -username adminid -password passwd
- i5/OS: stopServer WebSphere_Portal -username adminid -password passwd
- Start the WAS:
- Windows: startServer.bat server1
- UNIX: ./startServer.sh server1
- i5/OS: startServer server1
- Start the WebSphere_Portal server:
- Windows: startServer.bat WebSphere_Portal
- UNIX: ./startServer.sh WebSphere_Portal
- i5/OS: startServer WebSphere_Portal
Parent topic
Configure additional security features