ShowTable of Contents
|The manual steps to enable security for Lotus Quickr 8.5 are described in the Product Documentation topic, "Adding a Federated LDAP with administrator users and groups and File Repository removed: qp85." Per this documentation: |
If you installed Lotus Quickr with the option "Use Microsoft Windows Services", you must not use a distinguished name (DN) which contains non-ASCII characters in its relative distinguished name (RDN) as WasUserid, PortalAdminId, or PortalAdminGroupId.
Review the list of User Ids and passwords supported by WebSphere Portal. Ensure that there is no duplicated name of Portal Administrator users or groups in the LDAP.
Lotus Quickr 8.5 is installed with security configured against a file repository (defaultWIMFileBasedRealm). The process used in this article uses the Configuration Wizard (configwizard) to configure a federated LDAP server for Quickr 8.5 security.
Configuring the LDAP user repository
To add an LDAP user registry to the default federated repository, perform the steps below, on the primary node only. You must repeat these steps for each additional LDAP user registry that you plan to add.
This procedure removes the default file-based security and reconfigures the administrative users.
1. Start the wizard by going to directory \wp_profile\wizard\ and running the configwizard command for your environment:
- UNIX® environments: configwizard.sh
- Microsoft® Windows®: configwizard.bat or configwizard64.bat
The configwizard welcome screen appears; select Next to continue (see figure 1).
Figure 1. Configuration wizard Welcome screen
2. In the Configuration Task window (see figure 2), select the Configure security option; click Next.
Figure 2. Configure security option
3. Enter the Password that was set during installation for the Quickr Admin User (see figure 3).
Figure 3. Provide WebSphere Application Server credentials
4. Select the Configure Federated Repository option and click Next (see figure 4).
Figure 4. Configure Federated Repository option
5. Select "Switch an existing repository" (see figure 5). This removes the existing configuration to the default file repository (defaultWIMFileBasedRealm).
Figure 5. Switch an existing repository option
6. Select the default file repository to which Lotus Quickr is configured out of the box (see figure 6).
Figure 6. Default InternalFileRepository
7. Enter the host name of the IBM Directory LDAP Server and its port (see figure 7).
Figure 7. Enter the LDAP server host name
8. Specify the Bind distinguished name to be used by WebSphere Portal when it binds to LDAP to do lookups (see figure 8).
Figure 8. Specify Bind distinguished name
9. Enter the full domain name of the users and groups in the IBM Directory LDAP Server (see figure 9).
Figure 9. Specify primary users and groups
10. Set the ID of the repository and enter the Base entry for the suffix used in IBM Directory LDAP Server (see figure 10).
Figure 10. Specify repository information
11. Enter the correct parameters that match your LDAP structure for type Person. InetOrgPerson is the default for IBM Directory LDAP Server (see figure 11).
Figure 11. LDAP settings for Entity type Person
12. Enter the correct Group parameters that match your LDAP structure for type Group. groupOfUniqueNames is the default groups object for IBM Directory LDAP Server (see figure 12).
Figure 12. LDAP settings for Entity type Group
13. In the LDAP Group Member Information window, use the defaults for the IBM Directory LDAP Server (see figure 13), modifying as necessary for your LDAP structure.
Figure 13. LDAP settings for Group member attributes
14. Set the default parent for users and groups in IBM Directory LDAP Server (see figure 14).
Figure 14. LDAP settings for Default Parent
15. Review your settings and click Next to complete the security configuration (figure 15).
Figure 15. Review your settings
16. Once complete, restart the Quickr 8.5 Server and verify that you can log in with a user from the IBM Directory LDAP Server.
The key here is that we removed the default out-of-the-box security and replaced it with a federated LDAP repository, thus changing the administrative user IDs.
About the author
Jeff Johnson is a member of the Lotus Quickr J2EE Support team based at IBM's Research Triangle Park, NC, facility, where he specializes in the combination of Lotus Quickr, Lotus Web Content Management, and WebSphere Portal. Prior to this, Jeff was a member of the WebSphere Portal and Web Content Management Support teams, working exclusively on critical issues that included travel to customer locations for hands-on assistance.