WebSphere Issues

02/08/2011

Configure WebSphere Portal with Active Directory over SSL as Federated Repository

Filed under: Active Directory, WebSphere Portal — Ishtiaque @ 12:46 pm

1. Update the following parameteres in the template file wp_profile_root/ConfigEngine/config/helpers/wp_security_federated.properties
federated.ldap.id=fedAD1
federated.ldap.host=ad.ibm.com
federated.ldap.port=636
federated.ldap.bindDN=cn=wpsadmin,cn=users,dc=ibm,dc=com
federated.ldap.bindPassword=wpsadmin
federated.ldap.ldapServerType=AD2003
federated.ldap.baseDN=dc=ibm,dc=com
federated.ldap.sslEnabled=true
federated.ldap.sslConfiguration=NodeDefaultSSLSettings

Run the following command to update parent property file wkplc.properties and validate the connection to LDAP:
-> ConfigEngine validate-federated-ldap -DparentProperties=C:IBMWebSpherewp_profileConfigEngineconfighelperswp_add_federated_ad.properties -DSaveParentProperties=true -DWasPassword=wpsadmin -DPortalAdminPwd=wpsadmin

2. Run the following command to add a federated ldap and then restart WebSphere_Portal server:
-> ConfigEngine.bat wp-create-ldap -DWasPassword=wpsadmin

3. Check that all defined attributes are available in the configured LDAP user registry.Run the following task :
NOTE: After running the following task, check the ConfigEngine/log/ConfigTrace.log file for missing attributes in portal. Then proceed to the following steps.
-> ConfigEngine wp-validate-federated-ldap-attribute-config -DWasPassword=password

4. Run the following task : The task will create “availableAttributes.html” file in wp_profile_root/ConfigEngine/log dir.
-> ConfigEngine.bat wp-query-attribute-config -DWasPassword=password

5. Enter a value for one of the following sets of parameters in the wkplc.properties file found under the VMM Federated repository properties heading to correct any issues found in the config trace file:
federated.ldap.attributes.nonSupported
federated.ldap.attributes.nonSupported.delete
federated.ldap.attributes.mapping.ldapName
federated.ldap.attributes.mapping.portalName
federated.ldap.attributes.mapping.entityTypes

Run the following task to update the LDAP user registry configuration and then restart WebSphere_Portal:
-> ConfigEngine.bat wp-update-federated-ldap-attribute-config -DWasPassword=wpsadmin

6. Update the values for the following required parameters in the wkplc.properties file under the VMM supported entity types configuration heading:
personAccountParent=cn=users,dc=ibm,dc=com
groupParent=cn=groups,dc=ibm,dc=com
personAccountRdnProperties=uid
groupRdnProperties=cn

Run the following command to update Group and PersonAccount entity types and then restart WebSphere_Portal:
-> ConfigEngine wp-update-entitytypes -DWasPassword=wpsadmin

7. Update the following parameters in the property file wkplc.properties:
newAdminId=
newAdminPw=
newAdminGroupId=

Change WAS admin Id by running the command and then restart WebSphere_Portal:
-> ConfigEngine.bat wp-change-was-admin-user -DWasPassword=wpsadmin -Dskip.ldap.validation=true

Change Portal admin Id by running the command and then restart WebSphere_Portal:
-> configEngine.bat wp-change-portal-admin-user -DWasPassword=wpsadmin -Dskip.ldap.validation=true

8. Enter a value for the following required parameters in the wkplc.properties file under the VMM realm configuration section:
realmName=ADrealm1
addBaseEntry=dc=us,dc=ibm,dc=com
securityUse=active
delimiter=/

Run the following command to create realm:
-> ConfigEngine.bat wp-create-realm -DWasPassword=password

9. To update the default parents per entity type and realm
realmName=IDSRealm1
realm.personAccountParent=cn=users,dc=us,dc=ibm,dc=com
realm.groupParent=cn=groups,cn=groups,dc=us,dc=ibm,dc=com
realm.orgContainerParent=dc=us,dc=ibm,dc=com

To update the default parents per entity type and realm.Run the following task and then restart WebSphere_Portal
-> ConfigEngine.bat wp-modify-realm-defaultparents -DWasPassword=password

References:
http://www-10.lotus.com/ldd/portalwiki.nsf/dx/MultipleRealms.pdf/$file/MultipleRealms.pdf

http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1/topic/com.ibm.wp.ent.doc_v615/install/win_add_ldap_ureg_ssl.html

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: