[Fix Pack 9 or later]

Working with LDAP properties files

You can use properties files to create, modify, or delete Lightweight Directory Access Protocol (LDAP) user registry properties.

Before you begin

Determine the changes that you want to make to your LDAP configuration or its configuration objects.

Start the wsadmin scripting tool. To start wsadmin using the Jython language, run the wsadmin -lang Jython command from the bin directory of the server profile.

About this task

Using a properties file, you can create, modify, or delete a LDAP user registry object.

Run administrative commands using wsadmin to create or change a properties file for a LDAP user registry, validate the properties, and apply them to your configuration.

Table 1. Actions for LDAP user registry properties files. You can create, modify, and delete LDAP properties.
Action Procedure
create Set required properties and then run the applyConfigProperties command.
modify Edit properties and then run the applyConfigProperties command..
delete Run the deleteConfigProperties command to delete a property. If the deleted property has a default value, the property is set to the default value. To delete the entire LDAPUserRegistry object, uncomment #DELETE=true and then run the deleteConfigProperties command.
create Property Not applicable
delete Property Not applicable

Optionally, you can use interactive mode with the commands:

AdminTask.command_name('-interactive')

Procedure

  1. Create a properties file for a LDAPUserRegistry object.
    1. Set LDAPUserRegistry properties as needed.

      Open an editor on an LDAPUserRegistry properties file. Modify the Environment Variables section to match your system and set any property value that needs to be changed.

      An example LDAPUserRegistry properties file follows. The example file creates an IBM_DIRECTORY_SERVER type LDAP registry. The properties differ for different types of LDAP registry. The LDAP registry type is used as a key to identify various configured LDAP registries. Ensure that there is only one LDAP registry configuration for each type of LDAP registry.

      #
      # Header 
      #
      ResourceType=LDAPUserRegistry
      ImplementingResourceType=Security
      ResourceId=Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER
      #DELETE=true
      #
      
      #
      #Properties
      #
      useRegistryRealm=false #boolean,default(false)
      serverPassword="{xor}"
      sslConfig=
      primaryAdminId=
      useRegistryServerId=false #boolean,default(false)
      limit=0 #integer,default(0)
      searchTimeout=120 #long,default(0)
      bindPassword=
      serverId=
      realm=
      baseDN=
      ignoreCase=true #boolean,default(false)
      type=IBM_DIRECTORY_SERVER #ENUM(NETSCAPE|DOMINO502|CUSTOM|ACTIVE_DIRECTORY|NDS|IBM_DIRECTORY_SERVER|IPLANET|SECUREWAY),default(IBM_DIRECTORY_SERVER)
      reuseConnection=true #boolean,default(false)
      sslEnabled=false #boolean,default(false)
      monitorInterval=0 #long,default(0)
      bindDN=
      
      
      #
      # Header LDAPSearchFilter Section
      #
      ResourceType=LDAPSearchFilter
      ImplementingResourceType=Security
      ResourceId=Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER:LDAPSearchFilter=
      AttributeInfo=searchFilter
      #
      
      #
      #Properties
      #
      krbUserFilter="(&(krbPrincipalName=%v)(objectclass=ePerson))"
      groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember"
      certificateFilter=
      userIdMap="*:uid"
      userFilter="(&(uid=%v)(objectclass=ePerson))"
      groupIdMap="*:cn"
      groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))"
      certificateMapMode=EXACT_DN #ENUM(CERTIFICATE_FILTER|EXACT_DN),default(EXACT_DN)
      
      #
      # Header EndPoint 
      #
      ResourceType=EndPoint
      ImplementingResourceType=Security
      ResourceId=Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER:EndPoint=
      AttributeInfo=hosts
      #
      
      #
      #Properties
      #
      port=389 #integer,required,default(0)
      host= #required
      
      
      EnvironmentVariablesSection
      #Environment Variables
      cellName=myCell
    2. Run the applyConfigProperties command to create or change a LDAP user registry configuration.

      Running the applyConfigProperties command applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:

      AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt '])
  2. Modify an existing properties file.
    1. Obtain a properties file for the LDAPUserRegistry object that you want to change.

      You can extract a properties file for a LDAPUserRegistry object using the extractConfigProperties command.

    2. Open the properties file in an editor and change the properties as needed.

      Ensure that the environment variables in the properties file match your system.

    3. Run the applyConfigProperties command.
  3. If you no longer need the LDAP user registry object or an existing property, you can delete the entire LDAP object or one or more properties.
    • To delete the entire object, specify DELETE=true in the header section of the properties file and run the deleteConfigProperties command; for example:
      AdminTask.deleteConfigProperties('[-propertiesFileName myObjectType.props -reportFileName report.txt]') 
    • To delete one or more properties, specify only the properties to be deleted in the properties file and then run the deleteConfigProperties command.

Results

You can use the properties file to configure and manage the LDAP object and its properties.

What to do next

Save the changes to your configuration.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 20, 2010 7:53:43 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-dist&topic=txml_config_prop_sec_ldap
File name: txml_config_prop_sec_ldap.html