Creating a superuserAdded by IBM on February 2, 2011 | Version 1 (Original)
|For IBM® Lotus® Sametime® integration, you need to create a superuser who has access to all communities, public and restricted.
For IBM® Lotus® Sametime® integration, you need to create a superuser who has access to all communities, public and restricted.
About this task
With additional configuration on the IBM Lotus Connections server, it is possible to create a superuser who can see all communities, public and restricted. For Sametime integration, you need to create a user of this type, and add their login and password credentials to the Sametime Advanced server so that you can connect on their behalf to list all of the communities.
- To determine the user realm for the new administrative user, do the following:
- In the IBM WebSphere® Application Server Integrated Solutions Console (assuming federated repositories), expand Security, select Global security, and then select Federated Repositories.
- Click Configure.
- On the main Federated repositories page, note the value for the realm name for your application server.
- Start the wsadmin client from the following directory of the system on which you installed the deployment manager:
You must start the client from this directory or subsequent commands that you enter do not execute correctly.
- Start the Communities Jython script interpreter.
- Use the following command to access the Communities configuration files:
If you are asked to select a server, you can select any server.
- Check out the Communities configuration files using the following command:
- <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied. The files are kept in this working directory while you make changes to them.
Note: AIX® and Linux® only: The directory must grant write permissions or the command will not run successfully.
- <cell_name> is the name of the WebSphere Application Server cell hosting the Lotus Connections application. This argument is required. If you do not know the cell name, you can determine it by typing the following command in the wsadmin command processor:
- From the temporary directory to which you just checked out the Lotus Connections configuration files, open the communities-policy.xml file in a text editor.
- To add an administrative user with rights to access all Lotus Connections communities, add the following grant statement to the file:
<comm:principal class="com.ibm.ws.security.common.auth.WSPrincipalImpl" name="<YOUR_REALM_NAME>/<YOUR_LOGIN_ID>" />
<comm:permission class="com.ibm.tango.auth.permission.CommunityManagementPermission" communityType="*" action="*" />
<comm:permission class="com.ibm.tango.auth.permission.CommunityMembershipPermission" communityType="*" action="*" />
<comm:permission class="com.ibm.tango.auth.permission.CommunityAccessPermission" communityType="*" action="*" />
<comm:permission class="com.ibm.tango.auth.permission.CommunityReferencePermission" communityType="*" action="*" />
<comm:permission class="com.ibm.tango.auth.permission.CommunityBroadcastPermission" communityType="*" action="*" />
- <YOUR_REALM_NAME> is the realm name you identified in step 1.
If the realm contains a port number, then you must specify the port number as well. For example:
<comm:principal class="com.ibm.ws.security.common.auth.WSPrincipalImpl" name="w2k3dc.litbg01.example.com:389/buser99" />
- <YOUR_LOGIN_ID> is the login ID of the user who you want to set up as the administrator for communities.
Note: If multiple login properties are used, the login ID should be based on the first property. For example, if the login properties are configured as uid;email, the login ID used must be based on uid.
- Save your changes to the communities-policy.xml file.
- Check in the updated file using the following wsadmin client command:
- To exit the wsadmin client, type exit at the prompt.
- Stop and restart the server hosting the Communities application.
When the user specified in the policy file logs in to Communities, they should now be able to view and edit all communities and community resources.
Parent topic: Configuring the Sametime Advanced server
Starting the wsadmin client