Ibm connections 6 install on Linux RedHat version 2


D.Enable security with LDAP



Download 143.99 Kb.
Page4/9
Date28.01.2017
Size143.99 Kb.
#8968
1   2   3   4   5   6   7   8   9

D.Enable security with LDAP


In this process we will start WAS and enable security

D.1.Start the DMGR and nodeagent





  1. Start the DMGR by running: /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh

  2. Start the nodeagent by running /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh

D.2.Enable security with an LDAP Directory


  1. Open a browser to the DMGR Integrated Solutions Console (http://cpdocs2.swg.usma.ibm.com:9060/ibm/console) Because security is enabled, you will be redirected to the ssl port to login - if necessary accept the certificate and login with the user created during the WebSphere Application Server install



  2. Open Security – Global Security

  3. Select Federated Repositories from the Available realm definitions field, and then click Configure.




  4. Click Add Base entry to Realm




  5. and then, on the Repository reference page, click Add Repository - LDAP repository





  1. On the New page, type a repository identifier, such as myFavoriteRepository (I used icldap AD into the Repository identifier field.

  2. Specify the LDAP directory that you are using in the Directory type field.

  3. Type the host name of the primary LDAP directory server in the Primary host name field. The host name is either an IP address or a domain name service (DNS) name.

  4. If your directory does not allow LDAP attributes to be searched anonymously, provide values for the Bind distinguished name and Bind password fields.

  5. Specify the login attribute or attributes that you want to use for authentication in the Login properties field. Separate multiple attributes with a semicolon. For example: uid;mail.

  6. Click Apply





  1. and then Save





  1. Set the base entry fields, and click OK

    NOTE: If this was Domino LDAP, set the first entry to root, and leave the second blank. 'root' is a special setting for WebSphere that tells it not to use a base. This will allow domino customer to find the user in the primary directory and all secondary directories, as well as all flat groups.




    All other ldap directories, the entries to the base of your directory. My ldap directory is IBM Directory Server, so I set the base to dc=ibm,dc=com






  1. and then Save




  2. In the Repository Identifier column, click the link for the repository or repositories that you just added.





  1. In the Additional Properties area, Select Group Federated repositories entity types to LDAP object classes mapping.




  2. Make sure Group and Person Account are set to group and user.
    If this was Domino, they would be set to DominoGroup or DominoPerson
    IBM Directory server is typically groupOfUniqueNames and inetOrgPerson
    Active Directory is group and user




  3. Back in the repositories page, select Group attribute definition



  4. and then click the Member attributes link.





  1. If you are using AD, member with object class group is the typical config.
    If you are using Domino, member with object class dominoGroup or groupOfNames is fine
    If you are using IDS, make sure to include uniquemember with object class groupOfUniqueNames

    I am using IBM Directory Server, so I clicked on New, and entered uniquemember : GroupOfUniqueNames







  1. Click to go back to Group attribute definition





  1. Back on the Group attribute definition page, Enter group membership values in the Name of member attribute and Object class fields. Click Ok

    For IBM Directory Server this would be ibm-allgroups with scope of Nested


    For Domino this would be dominoAccessGroups with scope of Nested
    For AD this would be memberof with scope of Direct






  1. and then click Save to save this setting.





  1. Enable Application security:

    1. Click Global Security in the navigation links at the top of the page.





    1. Select the Administrative Security and Application Security check boxes. Make sure the Java 2 security check box is unchecked

    2. Click Apply


    3. and then click Save to save this configuration.





  1. Log out of the WebSphere Application Server Integrated Solutions Console and restart WebSphere Application Server

    1. Run /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/stopManager.sh -username localadmin -password password

    2. Then /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh




  1. Verify that users in the LDAP directory have been successfully added to the repository:

    1. From the WebSphere Application Server Integrated Solutions Console, select Users and Groups > Manage Users.

    2. In the Search by field, enter a user name that you know to be in the LDAP directory and click Search. If the search succeeds the user exists in your ldap directory.

    3. Click on the user, then click the Groups tab, you should see a list of groups the user belongs to



  2. Once the DMGR is finding users correctly from LDAP, restart the nodeagent to pick up the changes by running

    1. /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin /stopNode.sh -username localadmin -password password

    2. /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin /startNode.sh


Download 143.99 Kb.

Share with your friends:
1   2   3   4   5   6   7   8   9




The database is protected by copyright ©ininet.org 2024
send message

    Main page