After you configure Lightweight Directory Access Protocol
(LDAP) settings for Workplace XT,
additional settings must be made for some configurations that useTivoli® Directory
Server. If the PersonAccount object
class on the LDAP server is not set to inetOrgPerson,
a TCL script must be created to map the login property of the LDAP
server to the login attribute of the WebSphere® Application
Server PersonAccount object
class.
Perform this task only if the
PersonAccount object
class on your federated LDAP server is set to something other than
inetOrgPerson.
To
configure WebSphere Application
Server with Tivoli Directory
Server federated repositories:
- Log on to the host computer using an account that has administrative
privileges.
- Create a TCL script with the following entries:
Tip: When you create the script, ensure you uncomment the variable
declarations (remove the # symbol).
##########################################
## Licensed Materials - Property of IBM
## (C) Copyright IBM Corp. 2011
## All Rights Reserved
##########################################
# Various variable assignments, with appropriate values, must be present
# in order for the rest of the script to run. The following variable
# assignments, with some example values, are applicable.
#
#repository identifier
#set _repoId ""
#PersonAccount Object Class
#set _personAccountObjectClass "inetOrgPerson"
#Login properties
#set _loginProperties "cn"
#Login attributes
#set _loginAttribute "uid"
global AdminTask
global AdminConfig
# Check to see if the PersonAccount will be changed
if {[lsearch $objClassList $_personAccountObjectClass] == -1} {
puts "Setting PersonAccount Object Class to
$_personAccountObjectClass and
mapping Login Property $_loginProperties to
Login Attribute $_loginAttribute."
# Clear the old PersonAccount Object Class
$AdminTask updateIdMgrLDAPEntityType [subst {-id $_repoId
-name PersonAccount -objectClasses -searchBases -searchFilter }]
$AdminConfig save
# Set the new PersonAccount Object Class
$AdminTask updateIdMgrLDAPEntityType [subst {-id $_repoId
-name PersonAccount -objectClasses
$_personAccountObjectClass -searchBases -searchFilter }]
$AdminConfig save
# Map the Login Property to the Login Attribute
$AdminTask addIdMgrLDAPAttr [subst {-id $_repoId -name $_loginProperties
-propertyName
$_loginAttribute -entityTypes "PersonAccount" }]
$AdminConfig save
}
puts "Done configuring Authenticator"
- Modify the variables in the script to as appropriate for
your configuration:
Option |
Description |
Repository identifier (_repoId) |
Enter a unique identifier for the repository. This identifier
uniquely identifies the repository within the cell. |
PersonAccount Object Class (_personAccountObjectClass) |
Enter the name of the object class that maps to the entity
type PersonAccount on the Tivoli Directory Server. The default name
is inetOrgPerson. |
Login properties (_loginProperties) |
Enter the attribute that determines the type of information
that a user enters to log on to the Tivoli Directory
Server. The attribute can be any property on the LDAP user account,
such as serial ID, email address, or user name. The default attribute
is cn. |
Login attribure (_loginAttribute) |
Enter the name of the log in attribute that corresponds to
the federated repository log in property. The default attribute is uid. |
- From the WAS_profile_Home/profile/bin directory,
run the script using wsadmin. For example:
/IBM/WebSphere/AppServer/profiles/profile/bin/wsadmin.sh -user WAS_admin
-password password -conntype SOAP -port SOAP_port -lang jacl
-f /opt/custom_script.tcl