Why and when to perform this task
You can dynamically update Lightweight Directory Access Protocol (LDAP) binding information without first stopping and restarting WebSphere Application Server by using the wsadmin tool.
The resetLdapBindInfo method in SecurityAdmin MBean is used to dynamically update LDAP binding information at WebSphere Application Server security run time, and it takes the bind distinguished name (DN) and bind password parameters as input. The resetLdapBindInfo method validates the bind information against the LDAP server. If validation passes, new binding information is stored in security.xml, and a copy of the information is placed in WebSphere Application Server security run time.
The MBean method also synchronizes the binding information change in security.xml from cell to nodes.
If the new binding information is null, null, the resetLdapBindInfo method first extracts LDAP binding information, including bind DN, bind password, and target binding host from WebSphere Application Server security configuration in security.xml. It then pushes the binding information to WebSphere Application Server security runtime.
Why and when to perform this task
To dynamically update security LDAP binding information by switching to a different binding identity:
Steps for this task
Example
proc LDAPReBind {args} {
global AdminConfig AdminControl ldapBindDn ldapBindPassword
set ldapBindDn [lindex $args 0]
set ldapBindPassword [lindex $args 1]
set secMBeans [$AdminControl queryNames type=SecurityAdmin,*]
set plist [list $ldapBindDn $ldapBindPassword]
foreach secMBean $secMBeans {
set result [$AdminControl invoke $secMBean resetLdapBindInfo $plist]
}
}
Why and when to perform this task
To dynamically update security LDAP binding information by switching to a failover LDAP host:
Steps for this task
If you configure security to use multiple LDAP servers, this MBean call forces WebSphere Application Server security to reconnect to the first available LDAP host in the list. For example, if three LDAP servers are configured in the order of L1, L2, and L3, the reconnection process always starts with the L1 server.
Related tasks
Configuring Lightweight Directory Access Protocol user registries
Related information
Security failover among multiple LDAP servers