使用属性文件来启用全局安全性和配置联合用户注册表

您可以使用属性文件来启用全局安全性并配置联合轻量级目录访问协议 (LDAP) 用户注册中心。针对您的环境修改属性文件示例。

开始之前

确定您是否要使用安全套接字层 (SSL) 来访问 LDAP 服务器。如果您使用 SSL 来访问 LDAP 服务器,那么您必须抽取 LDAP 服务器签署者证书,将其存储在缺省信任库中,然后重新启动服务器。该属性文件示例完成以下步骤。

关于此任务

该属性文件示例假设管理用户已经存在于 LDAP 用户注册表中。

而且,该示例指定若干命令:

  • retrieveSignerFromPort,以从端口检索 SSL 签署者证书
  • applyWizardSettings
  • createIdMgrLDAPRepository
  • addIdMgrLDAPServer
  • addIdMgrRepositoryBaseEntry
  • updateIdMgrSupportedEntityType
  • addIdMgrRealmBaseEntry
  • deleteIdMgrRealmBaseEntry

过程

  1. 启动 wsadmin 脚本编制工具。
    要使用 Jython 语言来启动 wsadmin,请从服务器概要文件的 bin 目录运行以下命令:
    wsadmin -lang jython
  2. 创建属性文件,该文件从端口检索 SSL 签署者证书,启用全局安全性并配置联合 LDAP 用户注册表。
    #
    # Extract LDAP server signer certificate and store it in default trust store.
    # Save configuration and restart server after retrieving signer certificate.
    #
    CreateDeleteCommandProperties=true
    SKIP=true
    commandName=retrieveSignerFromPort
    #
    
    #
    #Properties
    #
    port=636 #Integer,required
    keyStoreScope=(cell):!{cellName}:(node):!{nodeName} #String
    sslConfigName=NodeDefaultSSLSettings #String
    host=!{ldapHostName} #String,required
    certificateAlias=ldapalias #String,required
    keyStoreName=NodeDefaultTrustStore #String,required
    sslConfigScopeName=(cell):!{cellName}:(node):!{nodeName} #String
    #
    
    #
    # Enable global security with adminuser and adminpasswd
    #
    
    #
    CreateDeleteCommandProperties=true
    commandName=applyWizardSettings
    #
    
    #
    # Properties
    #
    adminPassword=!{adminPasswd} #String
    userRegistryType=WIMUserRegistry #String,required
    secureApps=true #Boolean,required
    ldapServerType=null #String
    customProps=null #String
    adminName=!{adminUser} #String,required
    ldapPort=null #String
    secureLocalResources=false #Boolean,required
    ldapBindPassword=null #String
    ldapBaseDN=null #String
    customRegistryClass=null #String
    ignoreCase=null #Boolean
    ldapHostName=null #String
    ldapBindDN=null #String
    #
    
    #
    # create IdMgr for LDAP
    #
    
    #
    CreateDeleteCommandProperties=true
    commandName=createIdMgrLDAPRepository
    #
    
    #
    #Properties
    #
    certificateFilter=null #String
    searchTimeLimit=null #Integer
    translateRDN=null #Boolean
    supportSorting=null #Boolean
    ldapServerType=IDS #String,required
    supportTransactions=null #Boolean
    supportAsyncMode=null #Boolean
    primaryServerQueryTimeInterval=null #Integer
    adapterClassName=null #String
    supportExternalName=null #Boolean
    isExtIdUnique=null #Boolean
    sslConfiguration=NodeDefaultSSLSettings #String
    searchCountLimit=null #Integer
    id=!{ldapRegId} #String,required
    searchPageSize=null #Integer
    loginProperties=uid #String
    supportPaging=null #Boolean
    default=true #Boolean
    returnToPrimaryServer=null #Boolean
    certificateMapMode=exactdn #String
    #
    
    #
    # add IdMgr to ldap server
    #
    
    CreateDeleteCommandProperties=true
    commandName=addIdMgrLDAPServer
    #
    
    #
    # Properties
    #
    sslConfiguration=NodeDefaultSSLSettings #String
    id=!{ldapRegId} #String,required
    port=636 #Integer
    derefAliases=null #String
    ldapServerType=IDS #String
    bindPassword=!{bindPasswd} #String
    certificateFilter=null #String
    authentication=simple #String
    sslEnabled=true #Boolean
    connectTimeout=null #Integer
    referal=ignore #String
    host=!{ldapHostName} #String,required
    bindDN=cn=root #String
    certificateMapMode=exactdn #String
    connectionPool=null #Boolean
    #
    
    #
    # configure other LDAP attrs
    #
    
    #
    CreateDeleteCommandProperties=true
    commandName=addIdMgrRepositoryBaseEntry
    #
    
    #
    # Properties
    #
    name=c=us #String,required
    nameInRepository=c=us #String
    id=!{ldapRegId} #String,required
    #
    
    #
    CreateDeleteCommandProperties=true
    commandName=updateIdMgrSupportedEntityType
    #
    
    #
    # Properties
    #
    defaultParent=c=us #String
    name=Group #String,required
    rdnProperties=cn #String
    #
    
    #
    CreateDeleteCommandProperties=true
    commandName=updateIdMgrSupportedEntityType
    #
    
    #
    # Properties
    #
    defaultParent=c=us #String
    name=OrgContainer #String,required
    rdnProperties=o;ou;dc;cn #String
    #
    
    #
    CreateDeleteCommandProperties=true
    commandName=updateIdMgrSupportedEntityType
    #
    
    #
    #Properties
    #
    defaultParent=c=us #String
    name=PersonAccount #String,required
    rdnProperties=uid
    #
    
    #
    # add this IdMgr as base entry to default realm 
    #
    
    #
    CreateDeleteCommandProperties=true
    commandName=addIdMgrRealmBaseEntry
    #
    
    #
    # Properties
    #
    name=defaultWIMFileBasedRealm #String,required
    baseEntry=c=us #String,required
    #
    
    #
    # delete old WIM IdMgr as base entry from default realm.
    #
    
    #
    CreateDeleteCommandProperties=true
    commandName=deleteIdMgrRealmBaseEntry
    #
    
    #
    # Properties
    #
    name=defaultWIMFileBasedRealm #String,required
    baseEntry=o=defaultWIMFileBasedRealm #String,required
    #
    
    
    EnvironmentVariablesSection
    #
    # Environment Variables
    #
    cellName=myCell04
    nodeName=myNode03
    ldapHostName=myLdapHost
    adminUser=myAdminId
    adminPasswd=myAdminPasswd
    ldapRegId=ldapRegId
    bindPasswd=myBindPw
  3. 运行 applyConfigProperties 命令。

    运行 applyConfigProperties 命令会将属性文件应用于配置。在此 Jython 示例中,可选的 -reportFileName 参数生成名为 report.txt 的报告:

    AdminTask.applyConfigProperties(['-propertiesFileName mySecurityConfig.props -reportFileName report.txt'])

结果

该属性文件使用管理命令来启用全局安全性并配置联合 LDAP 用户注册表。

下一步做什么

如果您要应用此属性文件,请保存对配置的更改。


指示主题类型的图标 任务主题



时间戳记图标 最近一次更新时间: last_date
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=txml_config_prop_sec_ldap_example
文件名:txml_config_prop_sec_ldap_example.html