You can use properties files to enable global security
and configure federated Lightweight Directory Access Protocol (LDAP)
user registries. Modify the example properties file for your environment.
Before you begin
Determine whether you want to use Secure Sockets Layer
(SSL) to access a LDAP server. If you use SSL to access a LDAP server,
you must extract the LDAP server signer certificate, store it in the
default trust store, and then restart the server. The example properties
file completes these steps.
About this task
The example properties file assumes that the administrative
user already exists in the LDAP user registry.
Further, the
example specifies several commands:
- retrieveSignerFromPort to retrieve an SSL signer certificate from
a port
- applyWizardSettings
- createIdMgrLDAPRepository
- addIdMgrLDAPServer
- addIdMgrRepositoryBaseEntry
- updateIdMgrSupportedEntityType
- addIdMgrRealmBaseEntry
- deleteIdMgrRealmBaseEntry
Procedure
- Start the wsadmin scripting tool.
To start
wsadmin using the Jython language, run the following command from
the
bin directory of the server profile:
wsadmin -lang jython
- Create a properties file that retrieves an SSL signer certificate
from a port, enables global security, and configures a federated LDAP
user registry.
#
# Extract LDAP server signer certificate and store it in default trust store.
# Save configuration and restart server after retrieving signer certificate.
#
CreateDeleteCommandProperties=true
SKIP=true
commandName=retrieveSignerFromPort
#
#
#Properties
#
port=636 #Integer,required
keyStoreScope=(cell):!{cellName}:(node):!{nodeName} #String
sslConfigName=NodeDefaultSSLSettings #String
host=!{ldapHostName} #String,required
certificateAlias=ldapalias #String,required
keyStoreName=NodeDefaultTrustStore #String,required
sslConfigScopeName=(cell):!{cellName}:(node):!{nodeName} #String
#
#
# Enable global security with adminuser and adminpasswd
#
#
CreateDeleteCommandProperties=true
commandName=applyWizardSettings
#
#
# Properties
#
adminPassword=!{adminPasswd} #String
userRegistryType=WIMUserRegistry #String,required
secureApps=true #Boolean,required
ldapServerType=null #String
customProps=null #String
adminName=!{adminUser} #String,required
ldapPort=null #String
secureLocalResources=false #Boolean,required
ldapBindPassword=null #String
ldapBaseDN=null #String
customRegistryClass=null #String
ignoreCase=null #Boolean
ldapHostName=null #String
ldapBindDN=null #String
#
#
# create IdMgr for LDAP
#
#
CreateDeleteCommandProperties=true
commandName=createIdMgrLDAPRepository
#
#
#Properties
#
certificateFilter=null #String
searchTimeLimit=null #Integer
translateRDN=null #Boolean
supportSorting=null #Boolean
ldapServerType=IDS #String,required
supportTransactions=null #Boolean
supportAsyncMode=null #Boolean
primaryServerQueryTimeInterval=null #Integer
adapterClassName=null #String
supportExternalName=null #Boolean
isExtIdUnique=null #Boolean
sslConfiguration=NodeDefaultSSLSettings #String
searchCountLimit=null #Integer
id=!{ldapRegId} #String,required
searchPageSize=null #Integer
loginProperties=uid #String
supportPaging=null #Boolean
default=true #Boolean
returnToPrimaryServer=null #Boolean
certificateMapMode=exactdn #String
#
#
# add IdMgr to ldap server
#
CreateDeleteCommandProperties=true
commandName=addIdMgrLDAPServer
#
#
# Properties
#
sslConfiguration=NodeDefaultSSLSettings #String
id=!{ldapRegId} #String,required
port=636 #Integer
derefAliases=null #String
ldapServerType=IDS #String
bindPassword=!{bindPasswd} #String
certificateFilter=null #String
authentication=simple #String
sslEnabled=true #Boolean
connectTimeout=null #Integer
referal=ignore #String
host=!{ldapHostName} #String,required
bindDN=cn=root #String
certificateMapMode=exactdn #String
connectionPool=null #Boolean
#
#
# configure other LDAP attrs
#
#
CreateDeleteCommandProperties=true
commandName=addIdMgrRepositoryBaseEntry
#
#
# Properties
#
name=c=us #String,required
nameInRepository=c=us #String
id=!{ldapRegId} #String,required
#
#
CreateDeleteCommandProperties=true
commandName=updateIdMgrSupportedEntityType
#
#
# Properties
#
defaultParent=c=us #String
name=Group #String,required
rdnProperties=cn #String
#
#
CreateDeleteCommandProperties=true
commandName=updateIdMgrSupportedEntityType
#
#
# Properties
#
defaultParent=c=us #String
name=OrgContainer #String,required
rdnProperties=o;ou;dc;cn #String
#
#
CreateDeleteCommandProperties=true
commandName=updateIdMgrSupportedEntityType
#
#
#Properties
#
defaultParent=c=us #String
name=PersonAccount #String,required
rdnProperties=uid
#
#
# add this IdMgr as base entry to default realm
#
#
CreateDeleteCommandProperties=true
commandName=addIdMgrRealmBaseEntry
#
#
# Properties
#
name=defaultWIMFileBasedRealm #String,required
baseEntry=c=us #String,required
#
#
# delete old WIM IdMgr as base entry from default realm.
#
#
CreateDeleteCommandProperties=true
commandName=deleteIdMgrRealmBaseEntry
#
#
# Properties
#
name=defaultWIMFileBasedRealm #String,required
baseEntry=o=defaultWIMFileBasedRealm #String,required
#
EnvironmentVariablesSection
#
# Environment Variables
#
cellName=myCell04
nodeName=myNode03
ldapHostName=myLdapHost
adminUser=myAdminId
adminPasswd=myAdminPasswd
ldapRegId=ldapRegId
bindPasswd=myBindPw
- Run the applyConfigProperties command.
Running the applyConfigProperties command
applies the properties file to the configuration. In this Jython example,
the optional -reportFileName parameter produces a
report named report.txt:
AdminTask.applyConfigProperties(['-propertiesFileName mySecurityConfig.props -reportFileName report.txt'])
Results
The properties file uses administrative command to enable
global security and configure a federated LDAP user registry.
What to do next
If you want to apply this properties file, modify the
for your environment.