December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Categories

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Using wsadmin to enable an LDAP Federated Repository in WebSphere Application Server 8.5

Using wsadmin to enable an LDAP Federated Repository in WebSphere Application Server 8.5

This article is somewhat of an aide memoire for me, allow me to remember how to enable WebSphere Application Server to talk to an LDAP server, without needing to use a GUI 🙂

 
I pulled this together using my own WAS 8.5 VM running on RHEL 6.3, as ever, and a remote LDAP ( albeit IBM Tivoli Directory Server rather than Microsoft Active Directory ).
 
Start wsadmin client
 
$ cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
$ ./wsadmin.sh -lang jython
 
List existing repositories
 
wsadmin> AdminTask.listIdMgrRepositories()
 
should return: –
 
‘{InternalFileRepository={repositoryType=File, host=LocalHost}}’
 
Configure the Administrative User Registry ( assume that we’re keeping the WAS admin in file-based registry )
 
wsadmin> AdminTask.configureAdminWIMUserRegistry(‘[-realmName defaultWIMFileBasedRealm -verifyRegistry false ]’)
 
Add the LDAP server
 
wsadmin> AdminTask.createIdMgrLDAPRepository(‘[-default true -id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -supportChangeLog none -certificateFilter -loginProperties uid]’) 
 
wsadmin> AdminTask.addIdMgrLDAPServer(‘[-id LDAP1 -host bluepages.ibm.com -port 389 -bindDN uid=8817222GB,c=gb,ou=bluepages,o=ibm.com -bindPassword passw0rd! -referal ignore -sslEnabled false -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter]’)
 
wsadmin> AdminTask.updateIdMgrLDAPRepository(‘[-id LDAP1 -loginProperties [“”]]’)
 
wsadmin> AdminTask.updateIdMgrLDAPRepository(‘[-id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter -supportChangeLog none -loginProperties uid]’)
 
Add the Base Entries
 
wsadmin> AdminTask.addIdMgrRepositoryBaseEntry(‘[-id LDAP1 -name o=ibm.com -nameInRepository o=ibm.com]’)
 
wsadmin> AdminTask.addIdMgrRealmBaseEntry(‘[-name defaultWIMFileBasedRealm -baseEntry o=ibm.com]’) 
 
Validate the Admin Name ( wasadmin in file-based registry )
 
wsadmin> AdminTask.validateAdminName(‘[-registryType WIMUserRegistry -adminUser wasadmin ]’)
 
Enable Global Security and set Federated Repositories to be default
 
wsadmin> AdminTask.setAdminActiveSecuritySettings(‘[-activeUserRegistry WIMUserRegistry -enableGlobalSecurity true]’)
 
Set the LDAP search filters
 
wsadmin> AdminTask.updateIdMgrLDAPEntityType(‘[-id LDAP1 -name PersonAccount -objectClasses inetOrgPerson -searchBases ou=bluepages,o=ibm.com -searchFilter ]’) 
 
Save changes
 
wsadmin> AdminConfig.save()
 
Validate changes
 
wsadmin> AdminTask.listIdMgrRepositories()
 
should return: –
 
‘{InternalFileRepository={repositoryType=File, host=LocalHost}, LDAP1={repositoryType=LDAP, specificRepositoryType=IDS, host=bluepages.ibm.com}}’
 
wsadmin> AdminTask.listIdMgrRepositoryBaseEntries(‘[-id LDAP1]’)
 
should return: –
 
‘{o=ibm.com=o=ibm.com}’
Image 1 Image 2 Image 3 Image 4

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>