Using wsadmin to enable an LDAP Federated Repository in WebSphere Application Server 8.5
This article is somewhat of an aide memoire for me, allow me to remember how to enable WebSphere Application Server to talk to an LDAP server, without needing to use a GUI 🙂
I pulled this together using my own WAS 8.5 VM running on RHEL 6.3, as ever, and a remote LDAP ( albeit IBM Tivoli Directory Server rather than Microsoft Active Directory ).
Start wsadmin client
$ cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
$ ./wsadmin.sh -lang jython
List existing repositories
wsadmin> AdminTask.listIdMgrRepositories()
should return: –
‘{InternalFileRepository={repositoryType=File, host=LocalHost}}’
Configure the Administrative User Registry ( assume that we’re keeping the WAS admin in file-based registry )
wsadmin> AdminTask.configureAdminWIMUserRegistry(‘[-realmName defaultWIMFileBasedRealm -verifyRegistry false ]’)
Add the LDAP server
wsadmin> AdminTask.createIdMgrLDAPRepository(‘[-default true -id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -supportChangeLog none -certificateFilter -loginProperties uid]’)
wsadmin> AdminTask.addIdMgrLDAPServer(‘[-id LDAP1 -host bluepages.ibm.com -port 389 -bindDN uid=8817222GB,c=gb,ou=bluepages,o=ibm.com -bindPassword passw0rd! -referal ignore -sslEnabled false -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter]’)
wsadmin> AdminTask.updateIdMgrLDAPRepository(‘[-id LDAP1 -loginProperties [“”]]’)
wsadmin> AdminTask.updateIdMgrLDAPRepository(‘[-id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter -supportChangeLog none -loginProperties uid]’)
Add the Base Entries
wsadmin> AdminTask.addIdMgrRepositoryBaseEntry(‘[-id LDAP1 -name o=ibm.com -nameInRepository o=ibm.com]’)
wsadmin> AdminTask.addIdMgrRealmBaseEntry(‘[-name defaultWIMFileBasedRealm -baseEntry o=ibm.com]’)
Validate the Admin Name ( wasadmin in file-based registry )
wsadmin> AdminTask.validateAdminName(‘[-registryType WIMUserRegistry -adminUser wasadmin ]’)
Enable Global Security and set Federated Repositories to be default
wsadmin> AdminTask.setAdminActiveSecuritySettings(‘[-activeUserRegistry WIMUserRegistry -enableGlobalSecurity true]’)
Set the LDAP search filters
wsadmin> AdminTask.updateIdMgrLDAPEntityType(‘[-id LDAP1 -name PersonAccount -objectClasses inetOrgPerson -searchBases ou=bluepages,o=ibm.com -searchFilter ]’)
Save changes
wsadmin> AdminConfig.save()
Validate changes
wsadmin> AdminTask.listIdMgrRepositories()
should return: –
‘{InternalFileRepository={repositoryType=File, host=LocalHost}, LDAP1={repositoryType=LDAP, specificRepositoryType=IDS, host=bluepages.ibm.com}}’
wsadmin> AdminTask.listIdMgrRepositoryBaseEntries(‘[-id LDAP1]’)
should return: –
‘{o=ibm.com=o=ibm.com}’
Recent Comments