security_ibm_dir_server.properties
### security_ibm_dir_server.properties ### ### WebSphere Portal parent properties file ### IBM Directory Server ### ### Do NOT enclose any value in quotes! ### Windows paths must use '/', not '\'. ### Windows long paths are OK. ### Properties are immutable. Once set, they cannot be overriden. ### ### ############## ### ### How to use this file: ### ### 1. Edit this file to match our environment ### ### 2. Start application server "server1" ### ### 3. Stop application server "WebSphere_Portal" ### ### 4. Change into the <wp_root>/config directory ### ### 5. Import the contents of this file into wpconfig.properties: ### ### on Windows: ### WPSconfig -DparentProperties="<path_to_this_file>" -DSaveParentProperties=true ### ### on iSeries: ### WPSconfig.sh -profileName <profile> -DparentProperties="<path_to_this_file>" -DSaveParentProperties=true ### ### on other platforms ### ./WPSconfig.sh -DparentProperties=<path_to_this_file> -DSaveParentProperties=true ### ### 6. Test connections to directory: ### ### a. for LDAP without realm support ### on Windows: ### WPSconfig validate-ldap ### ### on iSeries: ### WPSconfig.sh -profileName <profile> validate-ldap ### ### on other platforms ### ./WPSconfig.sh validate-ldap ### ### b. for LDAP with realm support ### on Windows: ### WPSconfig validate-wmmur-ldap ### ### on iSeries: ### WPSconfig.sh -profileName <profile> validate-wmmur-ldap ### ### on other platforms ### ./WPSconfig.sh validate-wmmur-ldap ### ### 7. If WebSphere Application Server security is NOT enabled, run one of the following tasks: ### a. without realm support ### on Windows: ### WPSconfig enable-security-ldap ### ### on iSeries: ### WPSconfig.sh -profileName <profile> enable-security-ldap ### ### on other platforms ### ./WPSconfig.sh enable-security-ldap ### ### b. with realm support ### ### on Windows: ### WPSconfig enable-security-wmmur-ldap ### ### on iSeries: ### WPSconfig.sh -profileName <profile> enable-security-wmmur-ldap ### ### on other platforms ### ./WPSconfig.sh enable-security-wmmur-ldap ### ### 8. Restart the servers. ### ### In order for the new security configuration to become active, ### all servers that are running must be stopped ### all required servers need to be started ### ### Change to the following directory: ### <was_profile_root>/bin ### ### a. check the server status ### ### on Windows or UNIX:### serverStatus.bat/sh -all ### on iSeries: ### serverStatus.sh -profileName <profile> -all ### ### b. Stop running servers ### ### on Windows or UNIX:
### stopServer.bat/sh <SERVERNAME> ### on iSeries: ### stopServer.bat/sh -profileName <profile> <SERVERNAME> ### c. Start required servers ### on Windows or UNIX:
### startServer.bat/sh <SERVERNAME> ### on iSeries: ### startServer.bat/sh -profileName <profile> <SERVERNAME> ### ############## ############## ### WebSphere Application Server Properties - BEGIN ############## ### WasUserid: The user ID for WebSphere Application Server security authentication WasUserid=uid=<wasuserid>,cn=users,dc=yourco,dc=com ### WasPassword: The password for WebSphere Application Server security authentication (LDAP and CUR) WasPassword= ############## ### WebSphere Application Server Properties - END ############## ############## ### Database Properties - BEGIN ############## ### Connection information for wmm db will be acquired from ### wpconfig_dbdomain.properties and wpconfig_dbtype.properties ### DbPassword: The database administrator password wmm.DbPassword= ############## ### Database Properties - END ############## ############## ### Portal Config Properties - BEGIN ############## ### PortalAdminId: The user ID for the WebSphere Portal Administrator PortalAdminId=uid=<portaladminid>,cn=users,dc=yourco,dc=com ### PortalAdminPwd: The password for the WebSphere Portal Administrator PortalAdminPwd= ### PortalAdminGroupId: The group ID for the WebSphere Portal Administrator group PortalAdminGroupId=cn=<portaladmingroupid>,cn=groups,dc=yourco,dc=com ############## ### Portal Config Properties - END ############## ########### ### ### WebSphere Portal Security Configuration - BEGIN ### ########### ########### ### WebSphere Portal Security LTPA and SSO configuration ########### ### LTPAPassword: Specifies the password to encrypt and decrypt the LTPA keys. LTPAPassword= ### LTPATimeout: Specifies the time period in minutes at which an LTPA token will expire. LTPATimeout=120 ### SSORequiresSSL: Specifies that Single Sign-On function is enabled ### only when requests are over HTTPS Secure Socket Layer (SSL) connections. SSORequiresSSL=false ### SSODomainName: Domain name (ibm.com, for example) for all Single Sign-on hosts. SSODomainName=<SSODomainName> ########### ### General Global Security Settings ########### ### Description: The values in this section should only be adapted by advanced users ### useDomainQualifiedUserNames: Specifies the user names to qualify with the security domain within which they reside. useDomainQualifiedUserNames=false ### cacheTimeout: Specifies the timeout value in seconds for security cache. cacheTimeout=600 ### issuePermissionWarning: Specifies that when the Issue permission warning is enabled, during application deployment ### and application start, the security run time emits a warning if applications are granted any custom permissions. issuePermissionWarning=true ### activeProtocol: Specifies the active authentication protocol for RMI/IIOP requests when security is enabled. activeProtocol=BOTH ### activeAuthMechanism: Specifies the active authentication mechanism, when security is enabled. activeAuthMechanism=LTPA ########### ### LDAP Properties Configuration - BEGIN ########### ### LookAside: To configure LDAP with an additional LookAside Database ### true - LDAP + Lookaside database ### false - only LDAP LookAside=false ### LDAPHostName: The LDAP server hostname LDAPHostName=<LDAPHostName> ### LDAPPort: The LDAP server port number ### For example, 389 for non-SSL or 636 for SSL LDAPPort=389 ### LDAPAdminUId: The LDAP administrator ID LDAPAdminUId=<LDAPAdminUId> ### LDAPAdminPwd: The LDAP administrator password LDAPAdminPwd= ### LDAPServerType: The type of LDAP server to be used for WebSphere Portal LDAPServerType=IBM_DIRECTORY_SERVER #LDAPBindID: The user ID for LDAP Bind authentication LDAPBindID=uid=<ldapbindid>,cn=users,dc=yourco,dc=com #LDAPBindPassword: The password for LDAP Bind authentication LDAPBindPassword= ########### ### LDAP Properties Configuration - END ########### ############## ### Advanced LDAP Configuration - BEGIN ############## ### LDAPSuffix: The LDAP suffix appropriate for our LDAP server LDAPSuffix=dc=yourco,dc=com ### LdapUserPrefix: The LDAP user prefix appropriate for our LDAP server LdapUserPrefix=uid ### LDAPUserSuffix: The LDAP user suffix appropriate for our LDAP server LDAPUserSuffix=cn=users ### LdapGroupPrefix: The LDAP group prefix appropriate for our LDAP server LdapGroupPrefix=cn ### LDAPGroupSuffix: The LDAP group suffix appropriate for our LDAP server LDAPGroupSuffix=cn=groups ### LDAPUserObjectClass: The LDAP user object class appropriate for our LDAP server LDAPUserObjectClass=inetOrgPerson ### LDAPGroupObjectClass: The LDAP group object class appropriate for our LDAP server LDAPGroupObjectClass=groupOfUniqueNames ### LDAPGroupMember: The LDAP group member attribute name appropriate for our LDAP server LDAPGroupMember=uniqueMember ### LDAPUserFilter: The LDAP user filter appropriate for our LDAP server (to work with default values in WMM) LDAPUserFilter=(&(uid=%v)(objectclass=inetOrgPerson)) ### LDAPGroupFilter: The LDAP group filter appropriate for our LDAP server (to work with default values in WMM) LDAPGroupFilter=(&(cn=%v)(objectclass=groupOfUniqueNames)) ### LDAPGroupMinimumAttributes: This attribute is loaded for group search (performance issues) LDAPGroupMinimumAttributes= ### LDAPUserBaseAttributes: These attributes are loaded for user login (performance issues) LDAPUserBaseAttributes=givenName,sn,preferredLanguage ### LDAPUserMinimumAttributes: These attributes are loaded for user search (performance issues) LDAPUserMinimumAttributes= #LDAPsearchTimeout: Specifies the timeout value in seconds for an LDAP server to respond before aborting a request. LDAPsearchTimeout=120 #LDAPreuseConnection: Should set to true by default to reuse the LDAP connection. ### { false | true } LDAPreuseConnection=true #LDAPIgnoreCase: Specifies that a case insensitive authorization check is performed. ### { false | true } LDAPIgnoreCase=true #LDAPsslEnabled: Specifies whether secure socket communications is enabled to the LDAP server. ### { false | true } ### Set to true if configuring LDAP over SSL LDAPsslEnabled=false ############## ### Advanced LDAP Configuration - END ############## ########### ### LDAP Properties - END ########### ########### ### PDM LDAP Properties - BEGIN ########### ### WpsContentAdministrators: The group ID for the WebSphere Content Administrator group ### See LDAP examples below: ### IBM Directory Server: { cn=wpsContentAdministrators,cn=groups,dc=yourco,dc=com } WpsContentAdministrators=cn=wpsContentAdministrators,cn=groups,dc=yourco,dc=com ### WpsContentAdministratorsShort: The WebSphere Content Administrators group ID WpsContentAdministratorsShort=wpsContentAdministrators ### WpsDocReviewer: The group ID for the WebSphere Document Reviewer group ### See LDAP examples below: ### IBM Directory Server: { cn=wpsDocReviewer,cn=groups,dc=yourco,dc=com } WpsDocReviewer=cn=wpsDocReviewer,cn=groups,dc=yourco,dc=com ### WpsDocReviewerShort: The WebSphere Document Reviewer group ID WpsDocReviewerShort=wpsDocReviewer ########### ### PDM LDAP Properties - END ########### ########### ### WCM LDAP Properties - BEGIN ########### ### WcmAdminGroupId: The group ID for the WCM Administrator group ### See LDAP examples below: ### IBM Directory Server: { cn=wcmadmins,cn=groups,dc=yourco,dc=com } WcmAdminGroupId=cn=wcmadmins,cn=groups,dc=yourco,dc=com ### WcmAdminGroupIdShort: The WCM admin group ID WcmAdminGroupIdShort=wcmadmins ########### ### WCM LDAP Properties - END ########### ########### ### ### WebSphere Portal Security Configuration - END ### ###########