WPS: Autenticando via LDAP no Domino - Configurando

Para detalhes na configuração, veja:

http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/wmm_mltpl_realm.html

1.Backup dos arquivos de configuração
Vá para o diretório

cd /opt/IBM/WebSphere/PortalServer/config

faça um backup dos arquivos wpconfig.properties e wpconfig_dbdomain.properties

cp wpconfig.properties wpconfig.properties_antesLDAP cp wpconfig_dbdomain.properties wpconfig_dbdomain.properties_antesLDAP

Usuário e senha do Administrador do WAS
# WasUserid: The user ID for WebSphere Application Server security authentication - Todas as letras em minúsculos WasUserid=cn=wpsadmin,o=empresax # WasPassword: The password for WebSphere Application Server security authentication (LDAP and CUR) WasPassword=ReplaceWithYourWASUserPwd

Usuários e grupos Administradores do Portal
PortalAdminId=cn=wpsadmin,o=empresax PortalAdminPwd=ReplaceWithYourWASUserPwd PortalAdminGroupId=cn=wpsadmins WpsContentAdministrators=cn=wpsContentAdministrators WpsContentAdministratorsShort=wpsContentAdministrators WpsDocReviewer=cn=wpsDocReviewer WpsDocReviewerShort=wpsDocReviewer
 * 1) PortalAdminId: The user ID for the WebSphere Portal Administrator - todas as letras em minúsculo
 * 1) PortalAdminPwd: The password for the WebSphere Portal Administrator
 * 1) PortalAdminGroupId: The group ID for the WebSphere Portal Administrator group
 * 1) WpsContentAdministrators: The group ID for the WebSphere Content Administrator group
 * 1) WpsContentAdministratorsShort: The WebSphere Content Administrators group ID
 * 1) WpsDocReviewer: The group ID for the WebSphere Document Reviewer group
 * 1) WpsDocReviewerShort: The WebSphere Document Reviewer group ID

Configuração de LTPA e SSO
LTPAPassword=ReplaceWithYourWASUserPwd LTPATimeout=120 SSORequiresSSL=false SSODomainName=empresax.com.br
 * 1) LTPAPassword: Specifies the password to encrypt and decrypt the LTPA keys.
 * 1) LTPATimeout: Specifies the time period in minutes at which an LTPA token will expire.
 * 1) SSORequiresSSL: Specifies that Single Sign-On function is enabled only when requests are over HTTPS Secure Socket Layer (SSL) connections.
 * 1) SSODomainName: Specifies the domain name (ibm.com, for example) for all Single Sign-on hosts.

Observações:
 * 1)  Se o Portal tem o seguinte nome portal.us.ibm.com e o outro servidor chamasse another_server.ibm.com, defina somente ibm.com.
 * 2)  Para especificar multiplos domínios use ";" . Exemplo: empresax.com.br;ibm.com.

Configuração de LDAP
LookAside=true WmmDefaultRealm=portal LDAPHostName=ldapserver.empresax.com.br LDAPPort=389 LDAPAdminUId=cn=wpsbind,o=empresax LDAPAdminPwd=ReplaceWithYourWASUserPwd LDAPServerType=DOMINO502 LDAPBindID=cn=wpsbind,o=empresax LDAPBindPassword=ReplaceWithYourWASUserPwd
 * 1) LookAside: To configure LDAP with an additional LookAside Database
 * 2) true  - LDAP + Lookaside database
 * 3) false - only LDAP
 * 1) WmmDefaultRealm
 * 1) LDAPHostName: The LDAP server hostname
 * 1) LDAPPort: The LDAP server port number - For example, 389 for non-SSL or 636 for SSL
 * 1) LDAPAdminUId: The LDAP administrator ID
 * 1) LDAPAdminPwd: The LDAP administrator password
 * 1) LDAPServerType: The type of LDAP server to be used for WebSphere Portal
 * 1) LDAPBindID: The user ID for LDAP Bind authentication
 * 1) LDAPBindPassword: The password for LDAP Bind authentication

Configuração Avançadas de LDAP
LDAPSuffix= LdapUserPrefix=cn LDAPUserSuffix= LdapGroupPrefix=cn LDAPGroupSuffix= LDAPUserObjectClass=dominoPerson LDAPGroupObjectClass=dominoGroup LDAPUserFilter=(&(|(cn=%v)(uid=%v))(|(objectclass=dominoPerson)(objectclass=inetOrgPerson))) LDAPGroupFilter=(&(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
 * 1) LDAPSuffix: The LDAP suffix appropriate for your LDAP server -
 * 2) Domino value is null
 * 1) LdapUserPrefix: The LDAP user prefix appropriate for your LDAP server
 * 1) LDAPUserSuffix: The LDAP user suffix appropriate for your LDAP server
 * 1) LdapGroupPrefix: The LDAP group prefix appropriate for your LDAP server
 * 1) LDAPGroupSuffix: The LDAP group suffix appropriate for your LDAP server
 * 2) Domino value is null
 * 1) LDAPUserObjectClass: The LDAP user object class appropriate for your LDAP server
 * 1) LDAPGroupObjectClass: The LDAP group object class appropriate for your LDAP server
 * 1) LDAPUserFilter: The LDAP user filter appropriate for your LDAP server (to work with default values in WMM)
 * 1) LDAPGroupFilter: The LDAP group filter appropriate for your LDAP server (to work with default values in WMM)

Configuração para o IBM Workplace Web Content Management
WcmAdminGroupId=cn=wcmadmins WcmAdminGroupIdShort=wcmadmins
 * 1) WcmAdminGroupId: The group ID for the WCM Administrator group
 * 1) WcmAdminGroupIdShort: The WCM admin group ID

3. Definição no arquivo wpconfig_dbdomain.properties
wmm.DbUser=db2inst1 wmm.DbPassword=ReplaceWithYourDbAdminPwd
 * 1) DbUser: The database administrator user ID
 * 1) DbPassword: The database administrator password

4. Parando os servidores
Vá para o diretório

cd /opt/IBM/WebSphere/AppServer/bin

e execute o seguinte comando


 * 1)  ./stopServer.sh WebSphere_Portal -user was_admin_userid -password was_admin_password

5. Validando a configuração
Vá para o diretório

cd /opt/IBM/WebSphere/PortalServer/config

e execute o seguinte comando

-DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPassword=password
 * 1) ./WPSconfig.sh validate-wmmur-ldap

6. Passo com cluster e LookAside habilitado
Perform this step only if you are in a clustered environment and use the LookAside feature: If you enabled security using the LDAP user registry with realm support, the Member Manager Datasource definitions will automatically be created on the Deployment Manager cell. All nodes need to define a WebSphereEnvironment Variable for the JdbcClassPath.

Note: The nodes which have WebSphere Portal installed will already have this WebSphereEnvironment Variable defined. Refer to the Creating a WebSphereEnvironment Variable section in the WebSphere Application Server information center for information on how to manually create the WebSphereEnvironment Variable definitions. When defining the WebSphereEnvironment Variable, please ensure that the name matches the DBTYPE_JDBC_DRIVER_CLASSPATH.

7. Realizando a configuração
execute o seguinte comando

-DWasPassword=password -DPortalAdminPwd=password -DLTPAPassword=password -DLDAPAdminPwd=password -DLDAPBindPassword=password
 * 1) ./WPSconfig.sh enable-security-wmmur-ldap

Se no final do processo aparecer

BUILD SUCCESSFUL Total time: 18 minutes 14 seconds

A configuração ocorreu corretamente

Configure a propriedade userRegistryRealm no Console Administrativo do WAS
1. Vá no console administrativo do Servidor

https://wps1.empresax.com.br:10039/ibm/console

2. No Console Administrativo do WebSphere Application Server, selecione

Em Inglês: Security > Global Security > User Registry > Custom > Custom Properties Em Português: Segurança > Segurança Global > Registro do Usuário > Customizar > Propriedades Customizadas

3. Inclua a chave userRegistryRealm com o valor yourname, onde yourname é o Realm utilizado na célula do WAS para identificar exclusivamente o usuário, com base em sua origem.

Por exemplo, a implementação de LDAP do WAS utiliza o nome do servidor LDAP e a porta utilizada como a fonte de origem, como:

ldapserver.empresax.com.br:389

4. Salve suas alterações.

9. Pare e reinicie os servidores
Vá para o diretório

cd /opt/IBM/WebSphere/AppServer/bin

e execute os seguintes comandos:


 * 1)  ./stopServer.sh WebSphere_Portal -user wpsadmin -password was_admin_password

aguarde ...


 * 1)  ./stopServer.sh server1 -user wpsadmin -password was_admin_password

aguarde ...


 * 1)  ./startServer.sh server1 -user wpsadmin -password was_admin_password

aguarde ...


 * 1)  ./startServer.sh WebSphere_Portal -user wpsadmin -password was_admin_password

aguarde ...

10. Testando
Vá na página do portal

http://wps1.empresax.com.br:10038/wps/portal

Entre com um usuário e senha existente no LDAP.