Enable your LDAP security using the configuration wizard. The LDAP user registry stores user information and is used to authenticates users.
Before you begin
The LDAP software must be installed and set up appropriately before you can use the configuration wizard to configure LDAP security.
In a clustered environment, you must stop all application servers on the system including WebSphere_Portal and server1. Start the nodeagent and deployment manager servers before starting the Enable LDAP Security task.
You will need to have the following information available to enable your LDAP.
LDAP Server information
- Host name: Host name for the LDAP
- Port: Port number for the LDAP
LDAP Bind information
- LDAP Type: Describe the type of Lightweight Directory Access Protocol. For supported LDAPs, see the Supported LDAP directories section in the appropriate Lotus Quickr system requirements file.
- Bind distinguished name: This is the name that the WebSphere® Application Server will use to connect to your LDAP.
- Bind Password
Primary Administrative information
- WebSphere Application Server administrative user name
- WebSphere Application Server administrative user password
- WebSphere Portal administrative user name
- WebSphere Portal administrative user password
- WebSphere Portal administrative group name
- WPS content administrative group name
The WebSphere Application Server administrative user name and the WebSphere Portal administrative user name are typically the same.
- Repository identifier: This uniquely identifies the LDAP repository within the WebSphere configuration, for example: LDAP1. If you need to update information about the repository, like updating the password of the bind distinguished name, you will need to reference the repository using this repository identifier.
- Base entry: A base for all distinguished names served by this LDAP. For example, if all your users are of the form uid=<id>, o=myorganization, dc=example, dc=com then your base DN could be o=myorganization,dc=example,dc=com
Enabling LDAP security with the configuration wizard, note that you can enable LDAP security with the default realm only. If you do not use the configuration wizard, you can perform configuration by typing configuration tasks using a command line
Starting the wizard on AIX, UNIX and Windows
To start the configuration wizard, you must type the appropriate command using a command line.
The location of the script is:
- UNIX®: quickr_install_root/wp_profile/wizard/configwizard.sh
- AIX®: quickr_install_root/wp_profile/wizard/configwizard.sh
- Windows®: quickr_install_root\\wp_profile\\wizard\\configwizard.bat
- Windows 64 bit: quickr_install_root\\wp_profile\\wizard\\configwizard64.bat
The command syntax is:
- UNIX: ./configwizard.sh
- AIX: ./configwizard.sh
- Windows: configwizard.bat
- Windows 64 bit: configwizard.bat
Completing the connection in a clustered environment
In a clustered environment, you must perform the following tasks on the secondary node to complete the LDAP connection.
- Enable JCR security by entering the following command on the secondary node:
Directory structure/ConfigEngine/ConfigEngine.bat enable-jcr-security -DPortalAdminId="<ReplaceWithYourPortalAdmId>"
-DWasUserid="<ReplaceWithYourWasUserid>" -DWasPassword=<ReplaceWithYourPwd> 2>&1 > "<log_path>/log13.log"
- Update the ICM.PROPERTIES file with new PortalAdminID by entering: jcr.admin.uniqueName=<FULL DN> For example: jcr.admin.uniqueName=cn=wpsadmin,cn=users,l=SharedLDAP,c=us,ou=lotus,o=software group,DC=IBM,DC=COM
- Restart the Portal and Node Agent.
- For some fields that require input, you might have to enter a value that represents a new entity, such as a new database. For other fields, you might have to enter a value that represents an existing entity, such as a user ID and password that you have already created. Consult the help panels for additional information.
Note: Passwords should not contain spaces. See Special characters in user IDs and passwords for more information.
- If you update the properties files with the information for the source database before using the configuration wizard, the values in those files will be shown in the configuration wizard.
- If you enable security and your environment is configured with a database other than the default database, do not run the Transfer data to a different database task again. This task will not transfer the data inserted during the Enable LDAP security task, and will cause the site to become inoperable. To recover from this situation, you would have to disable and then re-enable security.
- If your connection fails because of a timeout issue, edit the /usr/IBM/Quickr/wp_profile/properties/soap.client.props file and change com.ibm.SOAP.requestTimeout=180 to com.ibm.SOAP.requestTimeout=6000. After you successfully connect to your LDAP, change the value back.
- After installing LDAP, you must map the WebSphere Portal ibm-primaryEmail and mail attributes to the corresponding LDAP e-mail attribute. Several IBM Lotus Quickr features require this mapping. See the topic Mapping the e-mail attribute to LDAP for information.
Parent topic: LDAP user registry: qp85Related tasksMapping the email attribute to LDAP: qp85