WPS: Autenticando Usuarios - Configurando um LDAP Federado

From Wiki

Vamos configurar a consulta a um diretório LDAP ao repositório federado, para armazenar informações sobre as contas de usuários.

Obs. 1: Verifique que os servidores server1 e WebSphere_Portal estejam executando antes de iniciar está tarefa.

Obs. 2: Veja exemplos em /opt/IBM/WebSphere/wp_profile/ConfigEngine/config/helpers

Passos:

1. Backup dos arquivos de configuração

Vá para o diretório

/opt/IBM/WebSphere/wp_profile/ConfigEngine/properties

faça um backup dos arquivos wkplc.properties

cp wkplc.properties wkplc.properties_antesLDAP
cp wkplc_comp.properties wkplc_comp.properties_antesLDAP

2. Definições no arquivo wkplc.properties

Edite o arquivo wkplc.properties e defina o seguinte:

Na seção "VMM Federated LDAP Properties"

# The id specifies a unique identifier for the repository within the cell
# Characters that are not allowed in normal XML strings ( &  <   >  "   '   ) cannot be used in the repository ID.
federated.ldap.id=ldap1EmpresaX

# Specifies the host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name.
federated.ldap.host=ldapserver.empresax.com.br

# Specifies the LDAP server port.
federated.ldap.port=389

# Specifies the distinguished name for the application server to use when binding to the LDAP repository.
federated.ldap.bindDN=cn=wpsbind,o=empresax

# Specifies the password for the application server to use when binding to the LDAP repository.
federated.ldap.bindPassword=ReplaceWithYourPwd

# Specifies the type of LDAP server to which you connect
# This must be one of the following values: SECUREWAY,IDS4,IDS51,IDS52,IDS6,ZOSDS,DOMINO5,DOMINO6,
DOMINO65,DOMINO7,NDS,SUNONE,AD2000,AD2003,ADAM,CUSTOM
federated.ldap.ldapServerType=DOMINO7

# The LDAP base entry.
federated.ldap.baseDN=o=empresax

Na seção "LDAP entity types" - item "Entity type Group"

# Entity type Group 

# The search filter that you want to use to search the entity type.
# VMM uses this filter as an addition during search requests in your environment
# The syntax is like a standard LDAP searchfilter like (objectclass=dominoGroup)
# In general this value can be left blank
federated.ldap.et.group.searchFilter=

# One or more object classes for the entity type.
federated.ldap.et.group.objectClasses=dominoGroup

# The object class to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter.
federated.ldap.et.group.objectClassesForCreate=

# The search base or bases to use while searching the entity type.
federated.ldap.et.group.searchBases=

Na seção "LDAP entity types" - item "Entity type PersonAccount"

# Entity type PersonAccount 

# The search filter that you want to use to search the entity type.
# VMM uses this filter as an addition during search requests in your environment
# The syntax is like a standard LDAP searchfilter like (objectclass=dominoPerson)
# In general this value can be left blank
federated.ldap.et.personaccount.searchFilter=

# One or more object classes for the entity type.
federated.ldap.et.personaccount.objectClasses=dominoPerson

# The object class to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter.
federated.ldap.et.personaccount.objectClassesForCreate=

# The search base or bases to use while searching the entity type.
federated.ldap.et.personaccount.searchBases=

Na seção "Group member attributes"

# The name of the LDAP attribute that is used as the group member attribute. For example, member or uniqueMember.
federated.ldap.gm.groupMemberName=member

# The group object class that contains the member attribute. For example, groupOfNames or groupOfUnqiueNames.
# If you do not define this parameter, the member attribute applies to all group object classes.
federated.ldap.gm.objectClass=dominoGroup

# The scope of the member attribute. The valid values for this parameter include the following:
# direct - The member attribute only contains direct members.
# nested - The member attribute that contains the direct members and the nested members.
federated.ldap.gm.scope=direct

# If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute.
federated.ldap.gm.dummyMember=uid=dummy

Salve e Feche o arquivo.

3. Definições no arquivo wkplc_comp.properties

Edite o arquivo wkplc_comp.properties e defina o seguinte:

# WcmContentAuthorsGroupId: The group ID for the WCM Administrator group
# DEV (No security):  WcmContentAuthorsGroupId=<contentauthorsgroupid>,o=default organization
# See LDAP examples below:
# IBM Directory Server: { cn=<contentauthorsgroupid>,cn=groups,dc=yourco,dc=com }
# Domino:               { cn=<contentauthorsgroupid>}
# Active Directory:     { cn=<contentauthorsgroupid>,cn=groups,dc=yourco,dc=com }
# Active Directory AM:  { cn=<contentauthorsgroupid>,cn=groups,dc=yourco,dc=com }
# SunOne:               { cn=<contentauthorsgroupid>,ou=groups,o=yourco.com }
# Novell eDirectory     { cn=<contentauthorsgroupid>,ou=groups,o=yourco.com }
WcmContentAuthorsGroupId=cn=wcmContentAuthors

# WcmAdminGroupCN: The WCM admin group ID
WcmContentAuthorsGroupCN=contentAuthors


Salve e Feche o arquivo.

4. Validando a configuração

Vá para o diretório

/opt/IBM/WebSphere/wp_profile/ConfigEngine

e execute o seguinte comando

#./ConfigEngine.sh validate-federated-ldap -DWasPassword=<password>

Se no final do processo aparecer

BUILD SUCCESSFUL
Total time: NN seconds

A configuração ocorreu corretamente


5. Realizando a configuração

Vá para o diretório

/opt/IBM/WebSphere/wp_profile/ConfigEngine

e execute o seguinte comando

#./ConfigEngine.sh wp-create-ldap -DWasPassword=<password>

Se no final do processo aparecer

BUILD SUCCESSFUL
Total time: NN minutes and NN seconds

A configuração ocorreu corretamente

6. Pare e reinicie os servidores

Vá para o diretório

cd /opt/IBM/WebSphere/AppServer/bin

e execute os seguintes comandos:

# ./stopServer.sh WebSphere_Portal -user wpsadmin -password was_admin_password

aguarde ...

# ./stopServer.sh server1 -user wpsadmin  -password was_admin_password

aguarde ...

# ./startServer.sh server1 -user wpsadmin  -password was_admin_password

aguarde ...

# ./startServer.sh WebSphere_Portal -user wpsadmin  -password was_admin_password

aguarde ...