Configure WebSphere Portal with Active Directory over SSL as Federated Repository

1. Update the following parameteres in the template file wp_profile_root/ConfigEngine/config/helpers/wp_security_federated.properties
federated.ldap.id=fedAD1
federated.ldap.host=ad.ibm.com
federated.ldap.port=636
federated.ldap.bindDN=cn=wpsadmin,cn=users,dc=ibm,dc=com
federated.ldap.bindPassword=wpsadmin
federated.ldap.ldapServerType=AD2003
federated.ldap.baseDN=dc=ibm,dc=com
federated.ldap.sslEnabled=true
federated.ldap.sslConfiguration=NodeDefaultSSLSettings

Run the following command to update parent property file wkplc.properties and validate the connection to LDAP:
-> ConfigEngine validate-federated-ldap -DparentProperties=C:IBMWebSpherewp_profileConfigEngineconfighelperswp_add_federated_ad.properties -DSaveParentProperties=true -DWasPassword=wpsadmin -DPortalAdminPwd=wpsadmin

2. Run the following command to add a federated ldap and then restart WebSphere_Portal server:
-> ConfigEngine.bat wp-create-ldap -DWasPassword=wpsadmin

3. Check that all defined attributes are available in the configured LDAP user registry.Run the following task :
NOTE: After running the following task, check the ConfigEngine/log/ConfigTrace.log file for missing attributes in portal. Then proceed to the following steps.
-> ConfigEngine wp-validate-federated-ldap-attribute-config -DWasPassword=password

4. Run the following task : The task will create “availableAttributes.html” file in wp_profile_root/ConfigEngine/log dir.
-> ConfigEngine.bat wp-query-attribute-config -DWasPassword=password

5. Enter a value for one of the following sets of parameters in the wkplc.properties file found under the VMM Federated repository properties heading to correct any issues found in the config trace file:
federated.ldap.attributes.nonSupported
federated.ldap.attributes.nonSupported.delete
federated.ldap.attributes.mapping.ldapName
federated.ldap.attributes.mapping.portalName
federated.ldap.attributes.mapping.entityTypes

Run the following task to update the LDAP user registry configuration and then restart WebSphere_Portal:
-> ConfigEngine.bat wp-update-federated-ldap-attribute-config -DWasPassword=wpsadmin

6. Update the values for the following required parameters in the wkplc.properties file under the VMM supported entity types configuration heading:
personAccountParent=cn=users,dc=ibm,dc=com
groupParent=cn=groups,dc=ibm,dc=com
personAccountRdnProperties=uid
groupRdnProperties=cn

Run the following command to update Group and PersonAccount entity types and then restart WebSphere_Portal:
-> ConfigEngine wp-update-entitytypes -DWasPassword=wpsadmin

7. Update the following parameters in the property file wkplc.properties:
newAdminId=
newAdminPw=
newAdminGroupId=

Change WAS admin Id by running the command and then restart WebSphere_Portal:
-> ConfigEngine.bat wp-change-was-admin-user -DWasPassword=wpsadmin -Dskip.ldap.validation=true

Change Portal admin Id by running the command and then restart WebSphere_Portal:
-> configEngine.bat wp-change-portal-admin-user -DWasPassword=wpsadmin -Dskip.ldap.validation=true

8. Enter a value for the following required parameters in the wkplc.properties file under the VMM realm configuration section:
realmName=ADrealm1
addBaseEntry=dc=us,dc=ibm,dc=com
securityUse=active
delimiter=/

Run the following command to create realm:
-> ConfigEngine.bat wp-create-realm -DWasPassword=password

9. To update the default parents per entity type and realm
realmName=IDSRealm1
realm.personAccountParent=cn=users,dc=us,dc=ibm,dc=com
realm.groupParent=cn=groups,cn=groups,dc=us,dc=ibm,dc=com
realm.orgContainerParent=dc=us,dc=ibm,dc=com

To update the default parents per entity type and realm.Run the following task and then restart WebSphere_Portal
-> ConfigEngine.bat wp-modify-realm-defaultparents -DWasPassword=password

References:
http://www-10.lotus.com/ldd/portalwiki.nsf/dx/MultipleRealms.pdf/$file/MultipleRealms.pdf

http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1/topic/com.ibm.wp.ent.doc_v615/install/win_add_ldap_ureg_ssl.html

Advertisements

About Ishtiaque

I am IBM Certified Infrastructure Systems Architect, Linux Foundation Certified System Administrator, Oracle Certified Programmer in Java and Web Component Developer, and TOGAF 9 certified with over 10 years of support and development experience in IBM middleware software and Java. Additionally, have a sound grip in databases and OpenStack administration. I hold the following certifications: IBM Certified Infrastructure Systems Architect Linux Foundation Certified System Administrator (LFCS) TOGAF 9 Certified Oracle Certified Expert, Java EE6 Web Component Developer Oracle Certified Professional – Java 6 Programmer ITIL v3 Foundation Certified IBM Certified Solution Architect – Cloud Computing Infrastructure V1 IBM Certified System Administrator – WebSphere Portal V8, V7, V6.1, V6 IBM Certified System Administrator – WebSphere Application Server V7, V6.1 IBM Certified System Administrator – AIX V7 IBM Certified System Administrator – WebSphere MQ V7 IBM Certified Deployment Professional – Business Process Manager Advanced V7.5 IBM Certified Solution Advisor – Cloud Computing Architecture V3 IBM Certified Solution Developer – WebSphere Portal V5.1
This entry was posted in Active Directory, WebSphere Portal. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s