AIX stand-alone: Add realm support


Overview

A realm is a group of users from one or more user registries that form a coherent group. A realm is mapped to a Virtual Portal to allow defined users to log in.

Perform the steps below for each base entry that exists in your LDAP and/or database user registry to create multiple realm support.

Before configuring realm support for Portal, add all LDAP user registries and/or database user registries to the federated repository. To create multiple realms, set required base entries within the user registries.

In single server environments, you do not have to start or stop the WebSphere_Portal and server1 servers to complete the following steps. In clustered environments, stop all application servers on system, including WebSphere_Portal, then start the nodeagent and dmgr servers before you begin any of the following steps.


Add realm support to user registry model

  1. Use backupConfig to create a backup of the portal configuration

  2. Edit...

      WP_PROFILE/ConfigEngine/properties/wkplc.properties

  3. Enter a value under the VMM realm configuration heading:

    • realmName
    • securityUse
    • delimiter
    • addBaseEntry

  4. Save changes to wkplc.properties.

  5. Add a new realm to the Virtual Member Manager configuration...

        cd WP_PROFILE/ConfigEngine


      ./ConfigEngine.sh wp-create-realm -DWasPassword=foo

    To create multiple realms, ensure that federated repository contains the required unique base entries. Stop and restart the appropriate servers for installation environment, and then update wkplc.properties with the base entry information and rerun the wp-create-realm task. Repeat these steps until all realms are created.

    You can review configuration updates at any time by logging on to the dmgr console.

  6. Stop and restart the appropriate servers to propagate the changes.

  7. Enter a value under the VMM realm configuration heading and then save changes:

    • realmName
    • realm.personAccountParent
    • realm.groupParent
    • realm.orgContainerParent

  8. Update the default parents per entity type and realm...

        cd WP_PROFILE/ConfigEngine


      ./ConfigEngine.sh wp-modify-realm-defaultparents -DWasPassword=foo

    Stop and restart the appropriate servers for installation environment before rerunning this task for any additional entity types and realms.

  9. Stop and restart the appropriate servers to propagate the changes.

  10. Add additional base entries to the realm configuration.

    For example, if you had two additional base entries (base entry 1 and base entry 2) to add to the realm you just created, you would update wkplc.properties with the information from base entry 1 and then run this task. Then you would update the properties file with the information for base entry 2 and then run this task:

    1. Edit wkplc.properties

    2. Enter a value under the VMM realm configuration heading:

      • realmName
      • addBaseEntry

    3. Save changes to wkplc.properties.

    4. Add additional LDAP base entries to the realm configuration.

        WP_PROFILE/ConfigEngine
        ./ConfigEngine.sh wp-add-realm-baseentry -DWasPassword=foo task,

    5. Stop and restart all necessary servers to propagate changes.

  11. Replace the WAS and Portal administrator user ID. Required if you change the default realm:

    1. Create a new user in the Manage Users and Groups portlet to replace the current WAS administrative user.

    2. Create a new user in the Manage Users and Groups portlet to replace the current WebSphere Portal administrative user.

    3. Create a new group in the Manage Users and Groups portlet to replace the current group.

    4. Replace the old WAS administrative user ID and group ID with the new user and group.

          cd WP_PROFILE/ConfigEngine


        ./ConfigEngine.sh wp-change-was-admin-user -DWasPassword=foo -DnewAdminId=newadminid -DnewAdminPw=newpassword -DnewAdminGroupId=newadmingroupid

        Provide the full distinguished name (DN) for the newAdminId and newAdminGroupId parameters.
        Additional parameter for stopped servers:

        This task verifies the user against a running server instance. If the server is stopped, add the -Dskip.ldap.validation=true parameter to the task to skip the validation.

    5. Verify that the task completed successfully. In a clustered environment, restart the dmgr, the node agent(s), and WebSphere_Portal servers. In a standalone environment, restart the server1 and WebSphere_Portal servers.

    6. Replace the old WebSphere Portal administrative user ID and group ID with the new user and group.

        ./ConfigEngine.sh wp-change-portal-admin-user -DWasPassword=foo -DnewAdminId=newadminid -DnewAdminPw=newpassword -DnewAdminGroupId=newadmingroupid

      Provide the full distinguished name (DN) for the newAdminId and newAdminGroupId parameters.
      Additional parameter for stopped servers: This task verifies the user against a running server instance. If the server is stopped, add the parameter...

        -Dskip.ldap.validation=true

      to the task to skip the validation.

    7. Verify that the task completed successfully. In a clustered environment, restart the dmgr, the node agent(s), and WebSphere_Portal servers. In a standalone environment, restart the server1 and WebSphere_Portal servers.

  12. To set the realm you created as the default realm:

    Only users defined in base entries that exist in the default realm are able to log into WebSphere Portal. If you find that a user cannot log in to WebSphere Portal, check to see if the base entry that contains the user exists in the default realm. You can run the wp-query-realm-baseentry task to see what base entries are part of the default realm. If the default realm is missing the base entry, run the wp-add-realm-baseentry task to add the base entry to the default realm.

    1. Edit...

        WP_PROFILE/ConfigEngine/properties/wkplc.properties

    2. For defaultRealmName, type the realmName property value you want to use as the default realm.

    3. Save changes to wkplc.properties.

    4. Set this realm as the default realm...

          cd WP_PROFILE/ConfigEngine


        ./ConfigEngine.sh wp-default-realm -DWasPassword=foo

    5. Stop and restart all necessary servers to propagate changes.

  13. To query a realm for a list of its base entries:

    1. Edit...

        WP_PROFILE/ConfigEngine/properties/wkplc.properties

    2. For realmName, type the name of the realm you want to query.

    3. Save changes to wkplc.properties.

    4. List the base entries for a specific realm...

          cd WP_PROFILE/ConfigEngine


        ./ConfigEngine.sh wp-query-realm-baseentry -DWasPassword=foo

  14. To enable the full distinguished name login if the short names are not unique for the realm:

    1. Edit wkplc.properties

    2. Enter a value for realmName or leave blank to update the default realm.

    3. Save changes to wkplc.properties.

    4. Enable the distinguished name login...

          cd WP_PROFILE/ConfigEngine


        ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=foo

      To disable...

        ./ConfigEngine.sh wp-modify-realm-disable-dn-login -DWasPassword=foo task

    5. Stop and restart all necessary servers to propagate changes.


Parent

Configure the default federated repository

 


+

Search Tips   |   Advanced Search