使用属性文件来启用全局安全性和配置联合用户注册表
您可以使用属性文件来启用全局安全性并配置联合轻量级目录访问协议 (LDAP) 用户注册中心。针对您的环境修改属性文件示例。
开始之前
确定您是否要使用安全套接字层 (SSL) 来访问 LDAP 服务器。如果您使用 SSL 来访问 LDAP 服务器,那么您必须抽取 LDAP 服务器签署者证书,将其存储在缺省信任库中,然后重新启动服务器。该属性文件示例完成以下步骤。
关于此任务
该属性文件示例假设管理用户已经存在于 LDAP 用户注册表中。
而且,该示例指定若干命令:
- retrieveSignerFromPort,以从端口检索 SSL 签署者证书
- applyWizardSettings
- createIdMgrLDAPRepository
- addIdMgrLDAPServer
- addIdMgrRepositoryBaseEntry
- updateIdMgrSupportedEntityType
- addIdMgrRealmBaseEntry
- deleteIdMgrRealmBaseEntry
过程
- 启动 wsadmin 脚本编制工具。 要使用 Jython 语言来启动 wsadmin,请从服务器概要文件的 bin 目录运行以下命令:
wsadmin -lang jython
- 创建属性文件,该文件从端口检索 SSL 签署者证书,启用全局安全性并配置联合 LDAP 用户注册表。
# # Extract LDAP server signer certificate and store it in default trust store. # Save configuration and restart server after retrieving signer certificate. # CreateDeleteCommandProperties=true SKIP=true commandName=retrieveSignerFromPort # # #Properties # port=636 #Integer,required keyStoreScope=(cell):!{cellName}:(node):!{nodeName} #String sslConfigName=NodeDefaultSSLSettings #String host=!{ldapHostName} #String,required certificateAlias=ldapalias #String,required keyStoreName=NodeDefaultTrustStore #String,required sslConfigScopeName=(cell):!{cellName}:(node):!{nodeName} #String # # # Enable global security with adminuser and adminpasswd # # CreateDeleteCommandProperties=true commandName=applyWizardSettings # # # Properties # adminPassword=!{adminPasswd} #String userRegistryType=WIMUserRegistry #String,required secureApps=true #Boolean,required ldapServerType=null #String customProps=null #String adminName=!{adminUser} #String,required ldapPort=null #String secureLocalResources=false #Boolean,required ldapBindPassword=null #String ldapBaseDN=null #String customRegistryClass=null #String ignoreCase=null #Boolean ldapHostName=null #String ldapBindDN=null #String # # # create IdMgr for LDAP # # CreateDeleteCommandProperties=true commandName=createIdMgrLDAPRepository # # #Properties # certificateFilter=null #String searchTimeLimit=null #Integer translateRDN=null #Boolean supportSorting=null #Boolean ldapServerType=IDS #String,required supportTransactions=null #Boolean supportAsyncMode=null #Boolean primaryServerQueryTimeInterval=null #Integer adapterClassName=null #String supportExternalName=null #Boolean isExtIdUnique=null #Boolean sslConfiguration=NodeDefaultSSLSettings #String searchCountLimit=null #Integer id=!{ldapRegId} #String,required searchPageSize=null #Integer loginProperties=uid #String supportPaging=null #Boolean default=true #Boolean returnToPrimaryServer=null #Boolean certificateMapMode=exactdn #String # # # add IdMgr to ldap server # CreateDeleteCommandProperties=true commandName=addIdMgrLDAPServer # # # Properties # sslConfiguration=NodeDefaultSSLSettings #String id=!{ldapRegId} #String,required port=636 #Integer derefAliases=null #String ldapServerType=IDS #String bindPassword=!{bindPasswd} #String certificateFilter=null #String authentication=simple #String sslEnabled=true #Boolean connectTimeout=null #Integer referal=ignore #String host=!{ldapHostName} #String,required bindDN=cn=root #String certificateMapMode=exactdn #String connectionPool=null #Boolean # # # configure other LDAP attrs # # CreateDeleteCommandProperties=true commandName=addIdMgrRepositoryBaseEntry # # # Properties # name=c=us #String,required nameInRepository=c=us #String id=!{ldapRegId} #String,required # # CreateDeleteCommandProperties=true commandName=updateIdMgrSupportedEntityType # # # Properties # defaultParent=c=us #String name=Group #String,required rdnProperties=cn #String # # CreateDeleteCommandProperties=true commandName=updateIdMgrSupportedEntityType # # # Properties # defaultParent=c=us #String name=OrgContainer #String,required rdnProperties=o;ou;dc;cn #String # # CreateDeleteCommandProperties=true commandName=updateIdMgrSupportedEntityType # # #Properties # defaultParent=c=us #String name=PersonAccount #String,required rdnProperties=uid # # # add this IdMgr as base entry to default realm # # CreateDeleteCommandProperties=true commandName=addIdMgrRealmBaseEntry # # # Properties # name=defaultWIMFileBasedRealm #String,required baseEntry=c=us #String,required # # # delete old WIM IdMgr as base entry from default realm. # # CreateDeleteCommandProperties=true commandName=deleteIdMgrRealmBaseEntry # # # Properties # name=defaultWIMFileBasedRealm #String,required baseEntry=o=defaultWIMFileBasedRealm #String,required # EnvironmentVariablesSection # # Environment Variables # cellName=myCell04 nodeName=myNode03 ldapHostName=myLdapHost adminUser=myAdminId adminPasswd=myAdminPasswd ldapRegId=ldapRegId bindPasswd=myBindPw
- 运行 applyConfigProperties 命令。
运行 applyConfigProperties 命令会将属性文件应用于配置。在此 Jython 示例中,可选的 -reportFileName 参数生成名为 report.txt 的报告:
AdminTask.applyConfigProperties(['-propertiesFileName mySecurityConfig.props -reportFileName report.txt'])
结果
该属性文件使用管理命令来启用全局安全性并配置联合 LDAP 用户注册表。
下一步做什么
如果您要应用此属性文件,请保存对配置的更改。


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=txml_config_prop_sec_ldap_example
文件名:txml_config_prop_sec_ldap_example.html