Before you begin
This is an optional configuration. Only complete one of these tasks if you want to map a different user ID to the system-level roles for one or more of the IBM
About this task
The connectionsAdmin is mapped to roles that perform the following tasks:
Table 1. Roles associated with connectionsAdmin
|dsx-admin||Used by the Profiles and Communities applications to query their corresponding databases to retrieve user or community data. When other applications need user or community data, they use the connectionsAdmin user to authenticate with Profiles and Communities, and then request the data from Profiles and Communities.|
|search-admin||Used by all applications to control which user IDs can query for seedlist information. The seedlist data is used to create the global index. The Search application uses the connectionsAdmin user ID to authenticate with the other applications, and then makes queries to them on a scheduled basis to keep the index up-to-date.|
|widget-admin||Used by applications that make widgets available within the Communities application, such as Activities, Blogs, Files, and Wikis. People assigned to this role can run administrative commands that make changes to those managed applications, such as to create, delete, or modify membership information. The Communities application uses the connectionsAdmin user ID to authenticate with the other applications, and then passes the requests on to them.|
In addition, the connectionsAdmin user is used by the Home page application to secure the messaging bus connection.
The connectionsAdmin does not represent the administrative user of an application; it represents a system-level user for application to application communication.
To map a different user ID to one of the default roles, complete the following steps:
- Perform one of the following tasks:
- To specify a different system-level user ID for the dsx-admin, search-admin, or widget-admin roles: Create a J2C authentication alias on WebSphere® Application Server by completing the following steps:
- From the IBM WebSphere Application Server Integrated Solutions Console, expand Security, and then select Global security.
- In the Authentication area, expand Java Authentication and Authorization Service, and click J2C authentication data.
- Click New, and then enter an alias name, user ID, and password.
Click OK, and then click Save
Repeat steps c to d for each new role that you want to create.
Save your changes.
- dsx-admin: If you are creating an alias for this role and plan to enable or have enabled single sign-on with a third-party authentication manager, specify a user ID that is present in the corporate directory, and not only in the WebSphere Identity Manager.
- search-admin: If you are creating an alias for this role, specify an alias name with the syntax: searchapplication_nameAlias where application_name is the name of the application for which you want to create the alias. For example, searchBlogsAlias.
- widget-admin: If you are creating an alias for this role, specify an alias name with the syntax: widgetapplication_nameAlias where application_name is the name of the application for which you want to create the alias. For example, widgetActivitiesAlias.
To specify a different system-level user ID for the connectionsBus role: Map the user ID to a security setting in the service integration buses defined for IBM Connections by completing the following steps:
If you are specifying a different system-level user ID for the widget-admin role: Edit the widget-config.xml configuration file for the application or applications affected by this change. To do so, complete the following steps:
- From the WebSphere Application Server Integrated Solutions Console, select Service integration -> Buses.
- Click the bus to which you want to map a different user ID.
Note: All IBM Connections buses have names that begin with Connections.
- Click Security -> Users and groups in the bus connector role.
- Delete the existing user ID by selecting the check box next to the user ID and clicking Delete.
- To add the new user ID, click New, select User name, and then type the name of the new user ID.
- Click OK.
- Repeat steps b to f for each bus.
- Save the changes.
If you are specifying a different system-level user ID for the dsx-admin, search-admin, or widget-admin roles: Map the user in the alias to the role you want by completing the following steps:
- From the profile_root\config\cells\<cellName>\LotusConnections-config directory, open the widget-config.xml file in a text editor.
- Change the remoteHandlerAuthenticationAlias attribute in the lifecycle element for the widgetDef (widget definition) corresponding to the application that is to be changed. Replace the current value with the name of the alias that you created; include the full name of the alias, which is likely to include a node name prefix.
- Repeat the previous step for each application for which you defined a new alias.
- Save the widget-config.xml file.
If you are specifying a different system-level user ID for the dsx-admin role: Update the value of the corresponding attributes in the LotusConnection-config.xml file. To do so, start the wsadmin client , and then complete the following steps:
For Activities, you must map the person that you are mapping to the widget-admin role to the person role as well.
- From the WebSphere Application Server Integrated Solutions Console, expand Applications -> Application Types, and then select WebSphere enterprise applications. Find and click the link to the application that you want to configure.
- Click Security role to user/group mapping. Find the role that you created in the Role column, and then click Map users or Map groups.
- In the Search String box, type the name of the person or group you would like to assign to this role, and then click Search. If the user or group exists in the directory, it is found and displayed in the Available list.
- Select the user or group name from the Available box, and then move it into the Selected column by clicking the arrow button.
- Repeat steps i and j to add additional people or groups.
- Repeat steps f through k to define access levels and assign people to any other aliases that you created.
- Click OK.
- Click OK, and then click Save to save the changes.
Restart the application servers hosting the applications for which you created user roles.
- Enter the following command to access the IBM Connections configuration file: execfile("connectionsConfig.py")
If prompted to specify a service to connect to, type 1 to pick the first node in the list. Most commands can run on any node. If the command writes or reads information to or from a file using a local file path, you must pick the node where the file is stored. This information is not used by the wsadmin client when you are making configuration changes.
- Enter the following command to check out the IBM Connections configuration files:
- working_directory is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you make changes to them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft® Windows® operating system.
AIX® and Linux® only: The directory must grant write permissions or the command does not run successfully.
- cell_name is the name of the WebSphere Application Server cell hosting the IBM Connections application. This argument is case-sensitive, so type it with care. If you do not know the cell name, type the following command while in the wsadmin command processor:print AdminControl.getCell()
- AIX or Linux:LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
- Microsoft Windows:LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
- Use the following commands to update the alias information:
- Open the LotusConnections-config.xml file in a text editor, and then add the following values to the <sloc:serviceReference serviceName="directory"> element in the file:
is the alias you created in Step 1.
- After making changes, you must check the configuration files back in and you must do so during the same wsadmin session in which you checked them out for the changes to take effect. See Applying common configuration property changes for information about how to save and apply your changes.
Parent topic: Managing stored credentials
Installing in console mode
Modifying the installation in interactive mode
Installing a fix pack in console mode
Installing a fix pack in interactive mode
Configuring J2C authentication for Search
Specifying different system users for widget life-cycle events
Synchronizing source changes such as LDAP with Profiles
Changing references to administrative credentials
Updating the messaging bus configuration when the connectionsAdmin user ID changes
Mapping an Active Directory account to administrative roles