WPS: Autenticando via LDAP no Domino - Configurando
1.Backup dos arquivos de configuração
Vá para o diretório
cd /opt/IBM/WebSphere/PortalServer/config
faça um backup dos arquivos wpconfig.properties e wpconfig_dbdomain.properties
cp wpconfig_db.properties wpconfig.properties_antesLDAP cp wpconfig_dbdomain.properties wpconfig_dbdomain.properties_antesLDAP
2. Definição no arquivo wpconfig.properties
Usuário e senha do Administrador do WAS
# WasUserid: The user ID for WebSphere Application Server security authentication WasUserid=cn=wpsadmin,o=empresax
Todas as letras em minúsculos
# WasPassword: The password for WebSphere Application Server security authentication (LDAP and CUR) WasPassword=ReplaceWithYourWASUserPwd
Usuários e grupos Administradores do Portal
# PortalAdminId: The user ID for the WebSphere Portal Administrator PortalAdminId=cn=wpsadmin,o=EmpresaX # PortalAdminPwd: The password for the WebSphere Portal Administrator PortalAdminPwd=ReplaceWithYourWASUserPwd # PortalAdminGroupId: The group ID for the WebSphere Portal Administrator group PortalAdminGroupId=cn=wpsadmins # WpsContentAdministrators: The group ID for the WebSphere Content Administrator group WpsContentAdministrators=cn=wpsContentAdministrators # WpsContentAdministratorsShort: The WebSphere Content Administrators group ID WpsContentAdministratorsShort=wpsContentAdministrators # WpsDocReviewer: The group ID for the WebSphere Document Reviewer group WpsDocReviewer=cn=wpsDocReviewer # WpsDocReviewerShort: The WebSphere Document Reviewer group ID WpsDocReviewerShort=wpsDocReviewer
Configuração de LTPA e SSO
# LTPAPassword: Specifies the password to encrypt and decrypt the LTPA keys. LTPAPassword=ReplaceWithYourWASUserPwd # LTPATimeout: Specifies the time period in minutes at which an LTPA token will expire. LTPATimeout=120 # SSORequiresSSL: Specifies that Single Sign-On function is enabled only when requests are over HTTPS Secure Socket Layer (SSL) connections. SSORequiresSSL=false # SSODomainName: Specifies the domain name (ibm.com, for example) for all Single Sign-on hosts. SSODomainName=empresax.com.br
Observações:
- Se o Portal tem o seguinte nome portal.us.ibm.com e o outro servidor chamasse another_server.ibm.com, defina somente ibm.com.
- Para especificar multiplos domínios use ";" . Exemplo: empresax.com.br;ibm.com.
Configuração de LDAP
# LookAside: To configure LDAP with an additional LookAside Database # true - LDAP + Lookaside database # false - only LDAP LookAside=true # WmmDefaultRealm WmmDefaultRealm=portal # LDAPHostName: The LDAP server hostname LDAPHostName=ldapserver.empresax.com.br # LDAPPort: The LDAP server port number - For example, 389 for non-SSL or 636 for SSL LDAPPort=389 # LDAPAdminUId: The LDAP administrator ID LDAPAdminUId=cn=wpsbind,o=empresax # LDAPAdminPwd: The LDAP administrator password LDAPAdminPwd=ReplaceWithYourWASUserPwd # LDAPServerType: The type of LDAP server to be used for WebSphere Portal LDAPServerType=DOMINO502 #LDAPBindID: The user ID for LDAP Bind authentication LDAPBindID=cn=wpsbind,o=empresax #LDAPBindPassword: The password for LDAP Bind authentication LDAPBindPassword=ReplaceWithYourWASUserPwd
Configuração Avançadas de LDAP
# LDAPSuffix: The LDAP suffix appropriate for your LDAP server - # Domino value is null LDAPSuffix= # LdapUserPrefix: The LDAP user prefix appropriate for your LDAP server LdapUserPrefix=cn # LDAPUserSuffix: The LDAP user suffix appropriate for your LDAP server LDAPUserSuffix=o=supera # LdapGroupPrefix: The LDAP group prefix appropriate for your LDAP server LdapGroupPrefix=cn # LDAPGroupSuffix: The LDAP group suffix appropriate for your LDAP server # Domino value is null LDAPGroupSuffix= # LDAPUserObjectClass: The LDAP user object class appropriate for your LDAP server LDAPUserObjectClass=dominoPerson # LDAPGroupObjectClass: The LDAP group object class appropriate for your LDAP server LDAPGroupObjectClass=dominoGroup # LDAPUserFilter: The LDAP user filter appropriate for your LDAP server (to work with default values in WMM) LDAPUserFilter=(&(|(cn=%v)(uid=%v))(|(objectclass=dominoPerson)(objectclass=inetOrgPerson))) # LDAPGroupFilter: The LDAP group filter appropriate for your LDAP server (to work with default values in WMM) LDAPGroupFilter=(&(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
Configuração para o IBM Workplace Web Content Management
# WcmAdminGroupId: The group ID for the WCM Administrator group WcmAdminGroupId=cn=wcmadmins # WcmAdminGroupIdShort: The WCM admin group ID WcmAdminGroupIdShort=wcmadmins
3. Definição no arquivo wpconfig_dbdomain.properties
# DbUser: The database administrator user ID wmm.DbUser=db2inst1 # DbPassword: The database administrator password wmm.DbPassword=ReplaceWithYourDbAdminPwd
4. Parando os servidores
Vá para o diretório
cd /opt/IBM/WebSphere/AppServer/bin
e execute o seguinte comando
# ./stopServer.sh WebSphere_Portal -user was_admin_userid -password was_admin_password
5. Validando a configuração
Vá para o diretório
cd /opt/IBM/WebSphere/PortalServer/config
e execute o seguinte comando
#./WPSconfig.sh validate-wmmur-ldap
6. Passo com cluster e LookAside habilitado
Perform this step only if you are in a clustered environment and use the LookAside feature: If you enabled security using the LDAP user registry with realm support, the Member Manager Datasource definitions will automatically be created on the Deployment Manager cell. All nodes need to define a WebSphereEnvironment Variable for the JdbcClassPath.
Note: The nodes which have WebSphere Portal installed will already have this WebSphereEnvironment Variable defined. Refer to the Creating a WebSphereEnvironment Variable section in the WebSphere Application Server information center for information on how to manually create the WebSphereEnvironment Variable definitions. When defining the WebSphereEnvironment Variable, please ensure that the name matches the DBTYPE_JDBC_DRIVER_CLASSPATH.
6. Realizando a configuração
execute o seguinte comando
#./WPSconfig.sh enable-security-wmmur-ldap