Configuring Realm support

I wanted to learn how to use the realm support but i do have only one LDAP server, so i decided that i will create two realms first realm will have all the users from my LDAP other realm would have all users from my file based repository and my default realm has users from both LDAP and file based repository.

Important NOteEnsure that the distinguished names and the logon attributes are unique among the different LDAP servers that you configure to use same LDAP server

I followed these steps to try the realm support


  • First i configured my Portal to Add LDAP user registry in my federated user repository. By default portal is configured to use federated user repository

  • Now log into the WebSphere Application Server and take a look at the configuration of defaultWIMFileBasedRealm. As you can see it is configured to use both file InternalFileRepository as well adminldap repository.

  • Now lets configure ldap user based repository. In order to do that create addrealm.properties file like this

    realmName=ldaprealm
    securityUse=active
    delimiter=/
    addBaseEntry=dc=ibm,dc=com

    In this file value of realmName is the name that you want to give to this realm and value of addBaseEntry is one that you see as value of Base Entry for that repository in the WAS Admin Console

  • Now execute this configuration task to create ldap realm

    ./ConfigEngine.sh wp-create-realm -DWasPassword=wasadmin -DparentProperties=/software/WebSphere/wp_profile/ConfigEngine/config/helpers/addrealm.properties


  • Once the build is successful restart the WebSphere_Portal server

  • Now next step is to configure base for users and accounts for this realm. Create modifyrealmparent.properties file like this

    realmName=ldaprealm
    realm.personAccountParent=cn=users,dc=ibm,dc=com
    realm.groupParent=cn=groups,dc=ibm,dc=com
    realm.orgContainerParent=dc=ibm,dc=com

    If your not sure about what these values should be you can look for them in WAS Admin Console



  • Now execute following configuration task

    ./ConfigEngine.sh wp-modify-realm-defaultparents -DWasPassword=wasadmin -DparentProperties=/software/WebSphere/wp_profile/ConfigEngine/config/helpers/modifyrealmparents.properties


  • Restart the WebSphere_Portal server for your changes to take effect

  • At this point my ldap realm is ready so i will create a new LDAP vritual portal that will only allow users from LDAP server to login. Go to Manage Virtual Portal and create LDAP Virtual portal like this




Now go to http://localhost:10040/wps/portal/ldap and you should be able to login with user configured in LDAP but not with users from filesystemrepository.

You can follow same steps to create fileSystembase reposority

No comments: