Important NOteEnsure that the distinguished names and the logon attributes are unique among the different LDAP servers that you configure to use same LDAP server
I followed these steps to try the realm support
- First i configured my Portal to Add LDAP user registry in my federated user repository. By default portal is configured to use federated user repository
- Now log into the WebSphere Application Server and take a look at the configuration of
defaultWIMFileBasedRealm
. As you can see it is configured to use both file InternalFileRepository as well adminldap repository. - Now lets configure ldap user based repository. In order to do that create addrealm.properties file like this
realmName=ldaprealm
securityUse=active
delimiter=/
addBaseEntry=dc=ibm,dc=com
In this file value of realmName is the name that you want to give to this realm and value of addBaseEntry is one that you see as value of Base Entry for that repository in the WAS Admin Console - Now execute this configuration task to create ldap realm
./ConfigEngine.sh wp-create-realm -DWasPassword=wasadmin -DparentProperties=/software/WebSphere/wp_profile/ConfigEngine/config/helpers/addrealm.properties - Once the build is successful restart the WebSphere_Portal server
- Now next step is to configure base for users and accounts for this realm. Create modifyrealmparent.properties file like this
realmName=ldaprealm
realm.personAccountParent=cn=users,dc=ibm,dc=com
realm.groupParent=cn=groups,dc=ibm,dc=com
realm.orgContainerParent=dc=ibm,dc=com
If your not sure about what these values should be you can look for them in WAS Admin Console - Now execute following configuration task
./ConfigEngine.sh wp-modify-realm-defaultparents -DWasPassword=wasadmin -DparentProperties=/software/WebSphere/wp_profile/ConfigEngine/config/helpers/modifyrealmparents.properties - Restart the WebSphere_Portal server for your changes to take effect
- At this point my ldap realm is ready so i will create a new LDAP vritual portal that will only allow users from LDAP server to login. Go to Manage Virtual Portal and create LDAP Virtual portal like this
Now go to http://localhost:10040/wps/portal/ldap and you should be able to login with user configured in LDAP but not with users from filesystemrepository.
You can follow same steps to create fileSystembase reposority
No comments:
Post a Comment