You can use properties files to create, modify, or delete
Lightweight Directory Access Protocol (LDAP) user registry properties.
Before you begin
Determine the changes that you want to make to your LDAP
configuration or its configuration objects.
Start the wsadmin
scripting tool. To start wsadmin using the Jython language, run the wsadmin
-lang Jython command from the bin directory
of the server profile.
About this task
Using a properties file, you can create, modify, or delete
a LDAP user registry object.
Run administrative commands using
wsadmin to create or change a properties file for a LDAP user registry,
validate the properties, and apply them to your configuration.
Table 1. Actions for LDAP user registry
properties files. You can create, modify, and delete
LDAP properties.
Action |
Procedure |
create |
Set required properties and then run the applyConfigProperties
command. |
modify |
Edit properties and then run the applyConfigProperties
command.. |
delete |
Run the deleteConfigProperties command to delete
a property. If the deleted property has a default value, the property
is set to the default value. To delete the entire LDAPUserRegistry
object, uncomment #DELETE=true and then run the deleteConfigProperties
command. |
create Property |
Not applicable |
delete Property |
Not applicable |
Optionally, you can use interactive mode with the commands:
AdminTask.command_name('-interactive')
Procedure
- Create a properties file for a LDAPUserRegistry object.
- Set LDAPUserRegistry properties as needed.
Open
an editor on an LDAPUserRegistry properties file. Modify the Environment
Variables section to match your system and set any property value
that needs to be changed.
An example LDAPUserRegistry properties
file follows. The example file creates an IBM_DIRECTORY_SERVER type
LDAP registry. The properties differ for different types of LDAP registry.
The LDAP registry type is used as a key to identify various configured
LDAP registries. Ensure that there is only one LDAP registry configuration
for each type of LDAP registry.
#
# Header
#
ResourceType=LDAPUserRegistry
ImplementingResourceType=Security
ResourceId=Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER
#DELETE=true
#
#
#Properties
#
useRegistryRealm=false #boolean,default(false)
serverPassword="{xor}"
sslConfig=
primaryAdminId=
useRegistryServerId=false #boolean,default(false)
limit=0 #integer,default(0)
searchTimeout=120 #long,default(0)
bindPassword=
serverId=
realm=
baseDN=
ignoreCase=true #boolean,default(false)
type=IBM_DIRECTORY_SERVER #ENUM(NETSCAPE|DOMINO502|CUSTOM|ACTIVE_DIRECTORY|NDS|IBM_DIRECTORY_SERVER|
IPLANET|SECUREWAY),default(IBM_DIRECTORY_SERVER)
reuseConnection=true #boolean,default(false)
sslEnabled=false #boolean,default(false)
monitorInterval=0 #long,default(0)
bindDN=
#
# Header LDAPSearchFilter Section
#
ResourceType=LDAPSearchFilter
ImplementingResourceType=Security
ResourceId=Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER:LDAPSearchFilter=
AttributeInfo=searchFilter
#
#
#Properties
#
krbUserFilter="(&(krbPrincipalName=%v)(objectclass=ePerson))"
groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember"
certificateFilter=
userIdMap="*:uid"
userFilter="(&(uid=%v)(objectclass=ePerson))"
groupIdMap="*:cn"
groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))"
certificateMapMode=EXACT_DN #ENUM(CERTIFICATE_FILTER|EXACT_DN),default(EXACT_DN)
#
# Header EndPoint
#
ResourceType=EndPoint
ImplementingResourceType=Security
ResourceId=Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER:EndPoint=
AttributeInfo=hosts
#
#
#Properties
#
port=389 #integer,required,default(0)
host= #required
EnvironmentVariablesSection
#Environment Variables
cellName=myCell
- Run the applyConfigProperties command to create or change
a LDAP user registry configuration.
Running the applyConfigProperties
command applies the properties file to the configuration. In this
Jython example, the optional -reportFileName parameter
produces a report named report.txt:
AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt '])
- Modify an existing properties file.
- Obtain a properties file for the LDAPUserRegistry object
that you want to change.
You can extract a properties
file for a LDAPUserRegistry object using the extractConfigProperties
command.
- Open the properties file in an editor and change the
properties as needed.
Ensure that the environment variables
in the properties file match your system.
- Run the applyConfigProperties command.
- If you no longer need the LDAP user registry object or
an existing property, you can delete the entire LDAP object or one
or more properties.
Results
You can use the properties file to configure and manage
the LDAP object and its properties.
What to do next
Save the changes to your configuration.