Before attempting this step, ensure that you have installed WebSphere
® Application Server. You will have an application server profile (typically named AppSrv01) on the node 1 and node 2 machines and a deployment manager (DM) profile installed on the deployment manager machine (typically named Dmgr01). During the WebSphere Application Server Installation on the various machines, you are prompted whether you want a deployment manager, application server, or a federated cell profile created with the installation. Select application server (node 1 and node 2) or deployment manager as appropriate.
During the creation of these profiles, administrative security should be enabled. When the wizard prompts you about administrative security, select the check box to enable it and provide a user name and password for this security. The user name and password are used to log in to the administrative console of these profiles.
Note that you do
not need to modify the WebSphere Application Server profiles on any of the node machines prior to installing Lotus Connections because these nodes are synchronized with the deployment manager profile after the federation of each node occurs. This federation occurs during the installation of Lotus Connections, therefore the application server profiles on the nodes should be unmanaged prior to beginning the installation of Lotus Connections. The deployment manager is the master configuration; therefore, some configuration steps are required on the DM profile.
On the deployment manager profile, log into the WebSphere Application Server administrative console with a Web browser and follow the steps below. The administrative console is typically located at the following address on the DM machine (
https://dmgr.example.com:9043/ibm/console
).
1. Configure security with your LDAP server. To do so, select
Security > Secure administration, applications, and infrastructure from the navigation menu. Locate the User Account Repository section and click
Configure.
There are some general properties on the next window, The first option, Realm name, is set to the LDAP server, including the port number. In this case, LDAP server is
ldap.example.com and the default port of
389 is used for LDAP server communication. Therefore, the value entered into this field is
ldap.example.com:389.
Click
Apply to save the change. Next, return to this window and select the
Manage Repositories option, located in the bottom-right
Related Items section. On the next menu, there is a list of repositories. In this instance, there should be only one named
InternalFileRepository. This repository contains the WebSphere Application Server administrator user name entered during the creation of this profile. To configure WebSphere Application Server with the LDAP server, you must add another repository. To do so, click
Add.
Complete LDAP server information as shown. You must provide an identifier name to this repository. Note that you can use the same name for this identifier as the LDAP host name. You must also set the LDAP server type and host name. In the Security section, enter the bind user credentials. You can also set Login properties, such as
uid,
mail or
cn.
After you complete these fields, click
OK to save your changes. Provided there are no errors and the LDAP server is started and configured properly, this action adds the LDAP server as a repository in the list. If there is a mistake in the information entered, an error is displayed when saving the LDAP server information.
To complete LDAP server security enablement, return to the federated repositories window and add the base entry to realm. Select this option from the table in the middle of the page.
Here you must associate the repository with a base entry, which uniquely identifies the users required from the LDAP server. After you complete this step, save this form and return to the federated repositories window. A window is displayed similar to the following:
This scenario assumes that the default user and group objects classes are correct. You might need to consult your LDAP server administrator to verify these properties. If changes are required, consult steps 17-22 in the information center at:
http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/topic/com.ibm.connections.25.help/t_inst_federated_repositories.html
Save all changes and restart the deployment manager. To verify that this step was completed successfully, go to
Users and Groups > Manager Users and try to search for users on the LDAP server. If the users are returned, go to step 2.
2. Enable application and administrative security. To do so, select
Security > Secure administration, applications, and infrastructure from the navigation menu and then select the
Enable application security check box as shown. Next, click the
Administrative User Roles link as shown to assign a user from the LDAP server an administrative user role on the WebSphere Application Server console.
From the Administrative User Roles page, select the
Add button to add a new administrator user. In the next window, enter the name of the user to be assigned as an administrator and specify the role as shown. Click
OK to save.
This user will subsequently be used as the Connections Admin user during the installation.
3. Input the SSO domain. To do so, select
Security > Secure administration, applications, and infrastructure from the navigation menu. In the Authentication section, expand the Web Security menu and select the Single Sign-On (SSO) link. Enter your SSO domain name as shown in the following example:
4. Ensure the maximum heap size is set to 512 MB. This is required to avoid any out of memory errors during installation when clustering is attempted. Follow instructions in the following technote and set the max_allowed value to
512:
http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/index.jsp?topic=/com.ibm.commerce.admin.doc/refs/rigwasadd.htm
5. After you complete these four steps, restart all the WebSphere Application Server profiles in preparation for Lotus Connections installation. You must also make sure that all machines in the cluster have their system clocks synchronized to within five minutes of each other, or clustering might fail. The next step is to run the installation wizard, as instructed in the
S2: Installing Lotus Connections on node 1 topic.
It is strongly recommended that you configure all WebSphere nodes with time synchronization, such as NTP (Network Time Protocol). Consult your operating system documentation for guidance.