ShowTable of Contents
This document covers the steps to configure IBM® WebSphere® Portal 8.0 with Microsoft Active Directory Lightweight Directory Services (LDAP) and Microsoft SQL Server (remote DB) in detail. It will also cover the installation steps for Microsoft AD-LDS and Microsoft SQL Server with clear screen-shots which will help the user to setup the system from the scratch. It is assumed that WebSphere Portal 8.0 has been installed on a system running Microsoft® Windows 2008
Configuring WebSphere Portal to Microsoft Active Directory Lightweight Directory Services [AD-LDS]
This section will cover the installation for the Microsoft Active Directory Lightweight Directory Services [AD-LDS] on Windows Server 2008 and configuring it with the WebSphere Portal server.
Installing Microsoft AD-LDS
In Windows Server, this service is included in the “Server Roles” of “Server Manager”. Follow the below steps to install the AD-LDS.
1. From “Administrative Tools” , open the “Server Manager”
2. Click on “Roles” from the left navigation tree view.
3. On the main panel window, you can see all the roles installed. And on the right side, you have option to add/remove roles.
4. Click on “Add Roles” link. A wizard opens up and you can see all roles available on the server.
Figure 1 : Adding Server roles
5. From the list of roles, select “Active Directory Lightweight Directory Services”.
6. Click “Next” button and then install.
7. After the installation is completed restart the server. Restarting is not mandatory
Once the installation is complete, you can see an option named “Active Directory Lightweight Directory Services Setup Wizard” under Control panel -> administrative tools.
Figure 2 : Administrative Tools to select the Setup Wizard
AD-LDS allows multiple instances in the same server. To create an instance which will be configured with WebSphere Portal later, follow the below steps
1. Double click on the “Active Directory Lightweight Directory Services Setup Wizard” to open the wizard to create a new or copy of existing instance.
Figure 3 : AD-LDS Setup Wizard
2. Chose option “A unique instance” to create a new AD-LDS instance for WebSphere Portal and click “Next”.
3. Enter a name in “Instance name” option
Figure 4 : Instance name selection window
4. Click “Next” and from this screen, you can choose the port numbers. By default it will take 389 for LDAP and for SSL 636. If these ports are not used in the server, you can keep the default values.
Figure 5 : LDAP Port Selection
5. Click “Next” and select the option “Yes, create an application directory partition” and enter the partition name. We have used “dc=ibm,dc=com”
Figure 6 : Creating application directory partition
6. Click “Next” and from this screen, you can give the locations of where the files will be saved. You can keep the default path.
Figure 7 : File location selection
7. Click “Next” and chose the service account you want to use. [Under which account the AD-LDS should run.] In our scenario, we selected the Administrator account
Figure 8 : Service Account Selection
8. Click “Next” and select the AD-LDS administrators. If you logged into the server as administrator, then leave it as it is, otherwise choose an account.
Figure 9 : Specifying the AD-LDS Administrator
9. Click “Next” and here you can choose the LDIF [Lightweight Directory Interchange Format] files which you want to import into AD-LDS. Select the 4 options as shown below. MS-User.LDF is mandatory and other’s are for adding external properties to user or related classes.
Figure 10 : Importing LDIF Files
10. Click “Next” and this screen gives the complete summary of what you have selected to install
11. Click “Next” to install. In the next screen, click “Finish” which will complete the installation of AD-LDS.
If instance creation and configuration are completed without any errors, then you can see the service with instance name running.
Figure 11 : AD-LDS instance service validation
You can also verify that AD-LDS instance is part of Control Panel -> Programs and Features
Figure 12 : AD-LDS instance in Programs and Features
Connecting to AD-LDS
After creating and validating the AD-LDS instance, you have to configure and create the users. You can use the “ADSI Edit” tool to create the users. From Control Panel -> Administrative Tools open “ADSI Edit” tool
Figure 13 : ADSI Edit tool
Open the Connection Settings window from option Actions -> Connect to. Give a suitable name and from “Computer” setting, give your server name with the port as shown in the screenshot below. If the default port is selected as in our case, the port will be 389. And for “Connection Point”, type “dc=ibm, dc=com” as the Naming Context.
Figure 14 : Connection Setting of ADSI tool
Once you select OK, it should show the complete schema of the available objects. See the schema for user etc...
Figure 15 : Schema of the objects in AD-LDS
The objects what you see in this i.e. CN=Roles etc are created when you imported the LDIF file in the installation step.
You have to create an object [Container] named Users to place all the users in it and also you have to give the “Roles” for the users created. Follow the below steps to create and give access to the users for Portal
1. Right click in the window and from the menu, chose new > object.
Figure 16 : Creating a new object
2. Select “Container” from the list of options.
Figure 17 : Selecting the container for new object
3. Enter “Users” in value box.
Figure 18 : Naming the Value for the new object
Click Finish. Now you can see the “Users” container is created.
4. Now, expand the “Users” container from left navigation tree and it will be empty as you are yet to create the users in that.
5. Create a user in that “Users” container by right clicking on the surface, from Menu, select new -> Object.
Figure 19 : Creating a new user
6. From the “create object” window select “User”
Figure 20 : Selecting the object for the new user
7. In next screen, give the name of the user as “wpsadmin”. Click Finish. User will be created in the “Users” container.
8. You have to set some properties for the newly created users before moving forward. First you need to reset the password for this user. Right click on user and select “Reset Password” and set the password for the user.
Figure 21 : Resetting the password for new user
9. By default the user account will be disabled after creating it. To enable the user, right click on the user and select “Properties”. From the list of properties available to the user, edit the property “msDS- UserAccountDisabled” to false.
Figure 22 : Enabling the user
10. Once the user is created and the properties are set, you should remember to give the proper role to it. At least grant the read permissions to the service account of the application where you are using these AD-LDS. As “wpsadmin” user is used as Portal Administrators, you should give the “Administrators” role so that it will have permission’s like read, create or delete the users.
For grating permissions, Expand the Roles, and then Administrators
Figure 23 : Granting permission to the user
Right click and select “Properties”, you can see a property named “member”
Figure 24 : Adding the user to Administrators role
Click on “Member” and select “Edit”. Click on “Add DN...” from this window and search for the “wpsadmin” user.
Figure 25 : Giving the Distinguished Name
Select “OK” to finish the step and to save the changes made.
11. You need to create a administrator group. To do that, expand the “Users” container from left navigation tree right click and from Menu, select New -> Object. From “create new object” window select “group”
Figure 26 : Creating the new object for the group
Click on “next” and give “wpsadmins” in the value field, finish it. This will create the administrator group
12. After creating the group, you need to add the “wpsadmin” to “wpsadmins” group. Follow the same steps which you used for adding the “wpsadmin” user to “Administrator” roles.
Figure 27 : Adding “wpsadmin” user to “wpsadmins” group
This completes the installation and configuration of the AD-LDS. Now you can proceed to configure the instance you created with WebSphere Portal.
Setting up AD-LDS as the standalone LDAP
After completing the installation and configuration of AD-LDS instance, you can use the same to configure it with WebSphere Portal.
Note: You can use the wp_security_xxx.properties help file to populate the values into the wkplc.properties file. Check the portal infocentre for those steps. In our scenario, we are directly updating the wkplc.properties file.
Complete the following steps to configure a standalone LDAP user registry
1. Use a text editor to open the wkplc.properties file, located in the wp_profile_root
2. Change the following properties in wkplc.properties file:
Save the changes made in wkplc.properties file
3. You have to validate the values which are modified in previous step. For that, open a command prompt and from the path wp_profile_root
\ConfigEngine execute the following command to validate the properties
ConfigEngine.bat validate-standalone-ldap -DWasPassword=password
Make sure the command executes without any problems.
4. Run the below task to set the portal default file-based repository to stand-alone LDAP user registry
ConfigEngine.bat wp-modify-ldap-security -DWasPassword=password
The commands should get executed successfully and you will see “Build Successful” message in the output.
Figure 28 : Build successful message in the command window
5. Restart the Portal server. Check the SystemOut.log located in directory wp_profile_root
\logs\WebSphere_Portal, you should see the following statements:
[9/3/13 15:51:54:170 IST] 00000000 ServiceInit A JSAS0001I: Security configuration initialized.
[9/3/13 15:51:54:170 IST] 00000000 ServiceInit A JSAS0003I: Authentication mechanism: LTPA
[9/3/13 15:51:54:171 IST] 00000000 ServiceInit A JSAS0004I: Principal name: wpmintel60.in.ibm.com:389/CN=wpsadmin,CN=users,dc=ibm,dc=com.
6. If there are no errors during the startup of Portal server, it confirms that WebSphere Portal is integrated with Windows AD LDAP successfully.
7. Log in to WebSphere Portal with user as wpsadmin. In the Administration Portlet, expand Access and select Users and Groups, you see that all the users created in Windows AD-LDS are displayed in Portal.
8. By default, AD-LDS manages password operations over secured connections. You are not using SSL in this case and AD-LDS doesn't allow you to update the password using non ssl communication.
Note: This is not recommended for a production environment as it’s a compromise over the security
Follow the below steps to allow the password update using non ssl connection.
Open an ADAM Tools command prompt.
· At the command prompt, type “dsmgmt”
· At the dsmgmt prompt, type “ds behavior”
· At the ds behavior prompt, type “connections”
· At connections prompt, type “connect to server computername:portnumber” where computername:portnumber represents the AD-LDS instance
· At the connections prompt, type q.
· At the ds behavior prompt, type “allow passwd op on unsecured connection”
· To exit, type q twice.
Note: If you try to create an user with email field, portal may throw error like javax.naming.directory.NoSuchAttributeException. Follow the below link to resolve it.
Unable to create user when populating Email field
Now you have a WebSphere Portal which is configured to Microsoft AD-LDS. For more steps on configuring the WCM with LDAP, refer Portal WIKI.
Configuring WebSphere Portal to MS SQL Server
This section covers the steps to install MSSQL Server and to migrate the data from default database of WebSphere Portal to MS SQL Sever database.
Installing MS SQL Server
Follow the below steps to install the MS SQL Server on a remote machine.
1. Copy the entire directory structure from the SQL Server 2008 installation disc to temp folder
2. Double click on setup.exe file. The main installation page appears as shown below
Figure 29 : SQL Server Installation panel
3. Click on the “Installation” hyperlink on the left hand side of the screen
4. Click on the "New SQL Server stand-alone installation or add features to an existing installation" link on the right side of the screen.
Figure 30 : Installation options
5. If all checks have passed, click on “OK” button. In the next screen, option to enter “product key” will appear. Enter a valid license key and proceed with the installation.
Figure 31 : Entering the product key
6. Click the "I accept the license terms" check box and then click on the “Next” button.
Figure 32 : Accepting the license
7. Click on “Install” button to install the supporting files.
Figure 33 : Setting up supporting files for database installation
8. After successful installation of supporting files, select the features as shown in the below screen shot. At minimum, the following are required and other features are optional to configure with WebSphere Portal.
Figure 34 : Features selection panel
9. In the Instance configuration screen we are keeping the default values .You can change the instance root directory if needed and click on “Next”
Figure 35 : Creating the MSSQL instance
10. This screen shows the details about the installation directory. Click on “Next”.
Figure 36 : Reviewing the disk space summary
11. Set up the service accounts that will be used to run SQL Server. If you have created Windows NT or Active Directory accounts to use with services, use the same. If not, use the built-in Network Service account for all three services listed (this account does not require a password). Change the “Startup Type” to “Automatic” for all three services.
Figure 37 : Specifying the service accounts
12. Change the “Authentication Mode” to Mixed Mode and enter the password for the sysadmin account (sa). Also provide the Windows NT account on the local machine as a SQL Server administrator
Figure 38 : Setting up the database engine authentication security mode
13. In the next step, option for sending the error information to Microsoft will come and can be skipped
Figure 39 : Error reporting panel
14. The next panel will give result of checks for any processes or other installations running which may stop the installation of SQL Server 2008. Click “Next”
Figure 40 : Validating the installation rules
15. In the next panel, you will see the summary of what will be installed. Check that the required services being installed and click on “Install”
Figure 41 : Installation summary panel
16. After services installation is complete, click “Next” and you will see the summary of the successful installation of the SQL Server
Figure 42 : Successful installation panel
Clicking on “Close” will complete the MS SQL Server 2008 installation.
Verification of SQL Server 2008 Installation
Follow below steps to verify the installation of MS SQL server
1. Verify SQL Server 2008 has started from the services
Figure 43 : Verifying the SQL services
2. Management Studio should come up by clicking the “SQL Server Management Studio” from the start ->All Programs
Figure 44 : Login panel for SQL Server Management studio
3. Try running a simple query from Management Studio
Figure 45 : Executing the sample query in the management studio
4. Verify SQL Server Agent is running for scheduled jobs by confirming a green arrow appears next to the SQL Server Agent database symbol
Figure 46 : Verifying the SQL server agent running
5. Go to Start ->Programs -> SQL Server 2008 -> Configuration Tools -> SQL Server Configuration Manager. Click on the SQL Server Network Configuration node and expand it. Click on Protocols for MSSQLSERVER. Make sure TCP/IP protocol is enabled.
Figure 47 : Enabling the TCP/IP network protocol
Installing and Configuring the Microsoft SQL Server JDBC drivers
Follow the below steps to install Microsoft SQL Server JDBC driver 4.0 and to enable the XA connections.
1. Download and install the Microsoft SQL Server JDBC driver which will extract the contents into a folder.
2. Copy file sqljdbc_xa.dll from the xa subdirectory of the extracted JDBC driver folder to Binn directory in the SQL server installed path. For example: C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn
3. Restart the database server. Ensure that the Distributed Transaction Coordinator has been started in the list of services.
Figure 48 : Verifying the Distributed Transaction Coordinator service
4. Login to the Microsoft SQL Server Management studio as the system administrator i.e. “sa”. Select File -> Open -> File and select xa_install.sql from the “xa” folder of the extracted JDBC driver. Execute the script by selecting Query -> Execute.
5. Create an additional value in the Windows registry for WebSphere Portal by following these steps:
a. Open the Windows Registry Editor and navigate to the element HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\XADLL
b. From the menu bar, select Edit -> New -> String Value to create a new parameter named sqljdbc_xa.dll in that element.
c. Change the value of the new parameter to the location of the sqljdbc_xa.dll file copied in the previous step, for example: C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqljdbc_xa.dll
6. Perform the following steps to enable XA Transactions in Windows Component Services
a. Click Start -> Settings -> Administrative Tools -> Component Services.
b. Expand the tree view to locate the computer where you want to turn on support for XA transactions (for example, My Computer).
c. Display the menu for the computer name and click Properties.
d. Click “Options” and tune the Transaction Timeout that suits your environment. (The recommended minimum is 180 seconds).
Figure 49 : Enabling the XA transactions
e. Expand “My computer” and distributed transactions -> local DTC and click Properties.
f. Under Security tab, select XA Transactions to enable this support (MSDTC service will be restarted). Click OK to save your changes.
7. Restart SQL Server.
8. Copy the “sqljdbc4.jar” from the installable folder to a temp directory on the machine where WebSphere Portal is installed. This path will be used when you edit the wkplc_dbtype.properties file later.
Configuring WebSphere Portal with MS SQL
You need to prepare the installed MS SQL and edit the portal properties file before we run ConfigEngine task to migrate the data from WebSphere Portal to MS SQL database.
Preparing MS SQL
Preparing MS SQL for Portal requires creating database and users, granting privileges to them.
Login to MS SQL server configuration management studio with the account which was created during install to create the required databases. Click on new query and paste the below query to create the database used by WebSphere Portal Server.
create database RELEASE collate SQL_Latin1_General_CP1_CS_AS;
create database COMMUNITY collate SQL_Latin1_General_CP1_CS_AS;
create database CUSTOMIZATION collate SQL_Latin1_General_CP1_CS_AS;
create database JCRDB collate SQL_Latin1_General_CP1_CS_AS;
create database FDBKDB collate SQL_Latin1_General_CP1_CS_AS;
create database LMDB collate SQL_Latin1_General_CP1_CS_AS;
Click on new query and paste the below query to create the database users which will be used by WebSphere Portal Server to access the database.
CREATE LOGIN RELEASEUSR WITH PASSWORD = 'Portal4you';
CREATE LOGIN COMMUNITYUSR WITH PASSWORD = 'Portal4you';
CREATE LOGIN CUSTOMIZATIONUSR WITH PASSWORD = 'Portal4you';
CREATE LOGIN ICMADMIN WITH PASSWORD = 'Portal4you';
CREATE LOGIN FEEDBACK WITH PASSWORD = 'Portal4you';
CREATE LOGIN LMDBUSR WITH PASSWORD = 'Portal4you';
Granting privileges to database users
Click on new query and paste the below query to grant the privileges for the database users.
exec sp_grantdbaccess @loginame = 'RELEASEUSR';
exec sp_addrolemember @rolename = 'db_owner' , @membername = 'RELEASEUSR';
exec sp_grantdbaccess @loginame = 'COMMUNITYUSR';
exec sp_addrolemember @rolename = 'db_owner' , @membername = 'COMMUNITYUSR';
exec sp_grantdbaccess @loginame = 'CUSTOMIZATIONUSR';
exec sp_addrolemember @rolename = 'db_owner' , @membername = 'CUSTOMIZATIONUSR';
exec sp_grantdbaccess @loginame = 'ICMADMIN';
exec sp_addrolemember @rolename = 'db_owner' , @membername = 'ICMADMIN';
exec sp_grantdbaccess @loginame = 'FEEDBACK';
exec sp_addrolemember @rolename = 'db_owner' , @membername = 'FEEDBACK';
exec sp_grantdbaccess @loginame = 'LMDBUSR';
exec sp_addrolemember @rolename = 'db_owner' , @membername = 'LMDBUSR';
Again from the new query, execute the below query to add role to users for XA transactions
exec sp_grantdbaccess 'FEEDBACK', 'FEEDBACK'
exec sp_addrolemember [SqlJDBCXAUser], 'FEEDBACK'
exec sp_grantdbaccess 'LMDBUSR', 'LMDBUSR'
exec sp_addrolemember [SqlJDBCXAUser], 'LMDBUSR'
exec sp_grantdbaccess 'ICMADMIN', 'ICMADMIN'
exec sp_addrolemember [SqlJDBCXAUser], 'ICMADMIN'
exec sp_grantdbaccess 'COMMUNITYUSR', 'COMMUNITYUSR'
exec sp_addrolemember [SqlJDBCXAUser], 'COMMUNITYUSR'
exec sp_grantdbaccess 'RELEASEUSR', 'RELEASEUSR'
exec sp_addrolemember [SqlJDBCXAUser], 'RELEASEUSR'
exec sp_grantdbaccess 'CUSTOMIZATIONUSR', 'CUSTOMIZATIONUSR'
exec sp_addrolemember [SqlJDBCXAUser], 'CUSTOMIZATIONUSR'
Verify the database connectivity
Follow these steps to make sure that you can connect to SQL instance
1. Right-click on your computer desktop, click “New” and then click Text document. Rename the file to Test.udl.
2. Double-click the .udl file to open the Data Link Properties dialog box.
3. On the Provider tab, click “Microsoft OLE DB” Provider for SQL Server.
4. On the Connection tab, follow these steps:
a. Select or type the server name where MS SQL is installed
b. Select “Use a specific user name and password” and type the user name / password for any database created earlier steps.
Figure 50 : Data link Properties
c. Click “Test Connection” If the connection is successful, you will receive a “Test connection succeeded” message.
Modifying SQL Server database properties
You need to modify the properties files before transferring your data from the default database to SQL database. Create a back up of each file before changing it.
Editing the wkplc_dbdomain.properties file
Open the file and modify the below values for release db.
Similarly, update the values for all the databases i.e community, customization, jcr, lmdb and feedback.
Note: For DataSourceName, do not use the reserved words like releaseDS, communityDS, customizationDS, jcrDS, lmdbDS, feedback
Editing the wkplc_ dbtype.properties file
Open the wkplc_dbtype.properties file and modify the below values
Editing the wkplc_dbdomain.properties file
Open the wkplc.properties file and update the WasPassword and PortalAdminPwd.
Migrating the WebSphere Portal database
Validate the database connection
1. Open a command prompt and change to the directory wp_profile_root\ConfigEngine.
2. Enter the following command to validate the configuration properties.
ConfigEngine.bat validate-database -DWasPassword=password
3. Stop the WebSphere Portal Server
Transfer the database
After validating the database connection, follow the below steps to transfer the default portal database to MS-SQL
1. In command prompt, change to the directory wp_profile_root\ConfigEngine.
2. Enter the following command
ConfigEngine.bat database-transfer -DWasPassword=password
The commands should get executed successfully and you will see “Build Successful” message in the output, as shown in figure below
Figure 51 : Build successful message in the command window.
3. If the configuration fails, verify the values in the wkplc.properties, wkplc_dbdomain.properties, and wkplc_dbtype.properties files and then repeat this step.
4. Change to the directory wp_profile_root\bin and start the WebSphere Portal server.
5. If there are no errors during the startup of Portal server, it confirms that WebSphere Portal data is migrated from default database to MS SQL server successfully.
Now you have a WebSphere Portal Server which is configured with stand-alone LDAP user registry Microsoft AD-LDS and Microsoft SQL Server as a remote database.
You should now be familiar with the installation, configuration of Microsoft AD-LDS, Microsoft SQL and their integration with WebSphere Portal 8.0. Our goal in writing this paper is to facilitate WebSphere Portal users to easily install and configure the Microsoft database and Microsoft LDAP server with WebSphere Portal.
· developerWorks® article - Configuring IBM WebSphere Portal and IBM Workplace WCM to IBM DB2 and IBM TDS
· WebSphere Portal Family wiki: http://www-10.lotus.com/ldd/portalwiki.nsf
· IBM WebSphere Portal with Microsoft SQL Server 2005 Enterprise Edition Database
Kiran Kumar K B is a Senior Staff Software Engineer who is working in IBM Software Labs since September 2003. His areas of expertise include WebSphere Portal clustering, migration, administration and currently working with Portal Cumulative Fixpack team. He is an IBM Certified Database Associate -- DB2 Universal Database V8.1 Family, an IBM Certified SOA Associate, IBM Certified System Administrator - WAS Network Deployment V6.1and V7.0. He holds MS degree in Software Systems from Birla Institute of Technology and Science, Pilani. You can reach him at firstname.lastname@example.org
Shwetha D B is a Software Engineer, currently working with the IBM Mobile Accelerator Team at IBM India Software Labs. Her areas of expertise include WebSphere Portal clustering, migration and administration. She holds Master of Science degree in Software Systems from Birla Institute of Technology and Science, Pilani. You can reach her at email@example.com.