{"id":2707,"date":"2014-01-21T18:07:10","date_gmt":"2014-01-21T10:07:10","guid":{"rendered":"http:\/\/rmohan.com\/?p=2707"},"modified":"2014-01-21T19:01:39","modified_gmt":"2014-01-21T11:01:39","slug":"using-wsadmin-to-enable-an-ldap-federated-repository-in-websphere-application-server-8-5","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=2707","title":{"rendered":"Using wsadmin to enable an LDAP Federated Repository in WebSphere Application Server 8.5"},"content":{"rendered":"

Using wsadmin to enable an LDAP Federated Repository in WebSphere Application Server 8.5<\/h3>\n
<\/div>\n

This article is somewhat of an aide memoire<\/i>\u00a0for me, allow me to remember how to enable WebSphere Application Server to talk to an LDAP server, without needing to use a GUI \ud83d\ude42<\/span><\/p>\n

\u00a0<\/span><\/div>\n
\n
I pulled this together using my own WAS 8.5 VM running on RHEL 6.3, as ever, and a remote LDAP ( albeit IBM Tivoli Directory Server rather than Microsoft Active Directory ).<\/span><\/div>\n
\u00a0<\/span><\/div>\n
Start wsadmin client<\/span><\/div>\n
\u00a0<\/span><\/div>\n
$ cd \/opt\/IBM\/WebSphere\/AppServer\/profiles\/Dmgr01\/bin<\/i><\/span><\/div>\n
$ .\/wsadmin.sh -lang jython<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
List existing repositories<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.listIdMgrRepositories()<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
should return: –<\/span><\/div>\n
\u00a0<\/span><\/div>\n
‘{InternalFileRepository={repositoryType=File, host=LocalHost}}’<\/span><\/div>\n
\u00a0<\/span><\/div>\n
Configure the Administrative User Registry ( assume that we’re keeping the WAS admin in file-based registry )<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.configureAdminWIMUserRegistry(‘[-realmName defaultWIMFileBasedRealm -verifyRegistry false ]’)<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
Add the LDAP server<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.createIdMgrLDAPRepository(‘[-default true -id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -supportChangeLog none -certificateFilter -loginProperties uid]’)\u00a0<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.addIdMgrLDAPServer(‘[-id LDAP1 -host bluepages.ibm.com<\/a> -port 389 -bindDN uid=8817222GB,c=gb,ou=bluepages,o=ibm.com -bindPassword passw0rd! -referal ignore -sslEnabled false -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter]’)<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.updateIdMgrLDAPRepository(‘[-id LDAP1 -loginProperties [“”]]’)<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.updateIdMgrLDAPRepository(‘[-id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter -supportChangeLog none -loginProperties uid]’)<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
Add the Base Entries<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.addIdMgrRepositoryBaseEntry(‘[-id LDAP1 -name o=ibm.com -nameInRepository o=ibm.com]’)<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.addIdMgrRealmBaseEntry(‘[-name defaultWIMFileBasedRealm -baseEntry o=ibm.com]’)\u00a0<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
Validate the Admin Name ( wasadmin in file-based registry )<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.validateAdminName(‘[-registryType WIMUserRegistry -adminUser wasadmin ]’)<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
Enable Global Security and set Federated Repositories to be default<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.setAdminActiveSecuritySettings(‘[-activeUserRegistry WIMUserRegistry -enableGlobalSecurity true]’)<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
Set the LDAP search filters<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.updateIdMgrLDAPEntityType(‘[-id LDAP1 -name PersonAccount -objectClasses inetOrgPerson -searchBases ou=bluepages,o=ibm.com -searchFilter ]’)\u00a0<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
Save changes<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminConfig.save()<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
Validate changes<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.listIdMgrRepositories()<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
should return: –<\/span><\/div>\n
\u00a0<\/span><\/div>\n
‘{InternalFileRepository={repositoryType=File, host=LocalHost}, LDAP1={repositoryType=LDAP, specificRepositoryType=IDS, host=bluepages.ibm.com}}’<\/span><\/div>\n
\u00a0<\/span><\/div>\n
wsadmin> AdminTask.listIdMgrRepositoryBaseEntries(‘[-id LDAP1]’)<\/i><\/span><\/div>\n
\u00a0<\/span><\/div>\n
should return: –<\/span><\/div>\n
\u00a0<\/span><\/div>\n
‘{o=ibm.com=o=ibm.com}’<\/span><\/div>\n
<\/div>\n
<\/div>\n
\"Image<\/a> \"Image<\/a> \"Image<\/a> \"Image<\/a><\/div>\n
<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Using wsadmin to enable an LDAP Federated Repository in WebSphere Application Server 8.5 <\/p>\n

This article is somewhat of an aide memoire for me, allow me to remember how to enable WebSphere Application Server to talk to an LDAP server, without needing to use a GUI \ud83d\ude42<\/p>\n

I pulled this together using my own WAS 8.5 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2707"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2707"}],"version-history":[{"count":3,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2707\/revisions"}],"predecessor-version":[{"id":2723,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2707\/revisions\/2723"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}