WPS: Autenticando via LDAP no Domino - Configurando
Para detalhes na configuração, veja:
http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/wmm_mltpl_realm.html
1.Backup dos arquivos de configuração
Vá para o diretório
cd /opt/IBM/WebSphere/PortalServer/config
faça um backup dos arquivos wpconfig.properties e wpconfig_dbdomain.properties
cp wpconfig_db.properties wpconfig.properties_antesLDAP cp wpconfig_dbdomain.properties wpconfig_dbdomain.properties_antesLDAP
2. Definição no arquivo wpconfig.properties
Usuário e senha do Administrador do WAS
# WasUserid: The user ID for WebSphere Application Server security authentication - Todas as letras em minúsculos WasUserid=cn=wpsadmin,o=empresax # WasPassword: The password for WebSphere Application Server security authentication (LDAP and CUR) WasPassword=ReplaceWithYourWASUserPwd
Usuários e grupos Administradores do Portal
# PortalAdminId: The user ID for the WebSphere Portal Administrator - todas as letras em minúsculo PortalAdminId=cn=wpsadmin,o=empresax # PortalAdminPwd: The password for the WebSphere Portal Administrator PortalAdminPwd=ReplaceWithYourWASUserPwd # PortalAdminGroupId: The group ID for the WebSphere Portal Administrator group PortalAdminGroupId=cn=wpsadmins # WpsContentAdministrators: The group ID for the WebSphere Content Administrator group WpsContentAdministrators=cn=wpsContentAdministrators # WpsContentAdministratorsShort: The WebSphere Content Administrators group ID WpsContentAdministratorsShort=wpsContentAdministrators # WpsDocReviewer: The group ID for the WebSphere Document Reviewer group WpsDocReviewer=cn=wpsDocReviewer # WpsDocReviewerShort: The WebSphere Document Reviewer group ID WpsDocReviewerShort=wpsDocReviewer
Configuração de LTPA e SSO
# LTPAPassword: Specifies the password to encrypt and decrypt the LTPA keys. LTPAPassword=ReplaceWithYourWASUserPwd # LTPATimeout: Specifies the time period in minutes at which an LTPA token will expire. LTPATimeout=120 # SSORequiresSSL: Specifies that Single Sign-On function is enabled only when requests are over HTTPS Secure Socket Layer (SSL) connections. SSORequiresSSL=false # SSODomainName: Specifies the domain name (ibm.com, for example) for all Single Sign-on hosts. SSODomainName=empresax.com.br
Observações:
- Se o Portal tem o seguinte nome portal.us.ibm.com e o outro servidor chamasse another_server.ibm.com, defina somente ibm.com.
- Para especificar multiplos domínios use ";" . Exemplo: empresax.com.br;ibm.com.
Configuração de LDAP
# LookAside: To configure LDAP with an additional LookAside Database # true - LDAP + Lookaside database # false - only LDAP LookAside=true # WmmDefaultRealm WmmDefaultRealm=portal # LDAPHostName: The LDAP server hostname LDAPHostName=ldapserver.empresax.com.br # LDAPPort: The LDAP server port number - For example, 389 for non-SSL or 636 for SSL LDAPPort=389 # LDAPAdminUId: The LDAP administrator ID LDAPAdminUId=cn=wpsbind,o=empresax # LDAPAdminPwd: The LDAP administrator password LDAPAdminPwd=ReplaceWithYourWASUserPwd # LDAPServerType: The type of LDAP server to be used for WebSphere Portal LDAPServerType=DOMINO502 #LDAPBindID: The user ID for LDAP Bind authentication LDAPBindID=cn=wpsbind,o=empresax #LDAPBindPassword: The password for LDAP Bind authentication LDAPBindPassword=ReplaceWithYourWASUserPwd
Configuração Avançadas de LDAP
# LDAPSuffix: The LDAP suffix appropriate for your LDAP server - # Domino value is null LDAPSuffix= # LdapUserPrefix: The LDAP user prefix appropriate for your LDAP server LdapUserPrefix=cn # LDAPUserSuffix: The LDAP user suffix appropriate for your LDAP server LDAPUserSuffix=o=supera # LdapGroupPrefix: The LDAP group prefix appropriate for your LDAP server LdapGroupPrefix=cn # LDAPGroupSuffix: The LDAP group suffix appropriate for your LDAP server # Domino value is null LDAPGroupSuffix= # LDAPUserObjectClass: The LDAP user object class appropriate for your LDAP server LDAPUserObjectClass=dominoPerson # LDAPGroupObjectClass: The LDAP group object class appropriate for your LDAP server LDAPGroupObjectClass=dominoGroup # LDAPUserFilter: The LDAP user filter appropriate for your LDAP server (to work with default values in WMM) LDAPUserFilter=(&(|(cn=%v)(uid=%v))(|(objectclass=dominoPerson)(objectclass=inetOrgPerson))) # LDAPGroupFilter: The LDAP group filter appropriate for your LDAP server (to work with default values in WMM) LDAPGroupFilter=(&(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
Configuração para o IBM Workplace Web Content Management
# WcmAdminGroupId: The group ID for the WCM Administrator group WcmAdminGroupId=cn=wcmadmins # WcmAdminGroupIdShort: The WCM admin group ID WcmAdminGroupIdShort=wcmadmins
3. Definição no arquivo wpconfig_dbdomain.properties
# DbUser: The database administrator user ID wmm.DbUser=db2inst1 # DbPassword: The database administrator password wmm.DbPassword=ReplaceWithYourDbAdminPwd
4. Parando os servidores
Vá para o diretório
cd /opt/IBM/WebSphere/AppServer/bin
e execute o seguinte comando
# ./stopServer.sh WebSphere_Portal -user was_admin_userid -password was_admin_password
5. Validando a configuração
Vá para o diretório
cd /opt/IBM/WebSphere/PortalServer/config
e execute o seguinte comando
#./WPSconfig.sh validate-wmmur-ldap
-DWasPassword=password
-DPortalAdminPwd=password
-DLTPAPassword=password
-DLDAPAdminPwd=password
-DLDAPBindPassword=password
6. Passo com cluster e LookAside habilitado
Perform this step only if you are in a clustered environment and use the LookAside feature: If you enabled security using the LDAP user registry with realm support, the Member Manager Datasource definitions will automatically be created on the Deployment Manager cell. All nodes need to define a WebSphereEnvironment Variable for the JdbcClassPath.
Note: The nodes which have WebSphere Portal installed will already have this WebSphereEnvironment Variable defined. Refer to the Creating a WebSphereEnvironment Variable section in the WebSphere Application Server information center for information on how to manually create the WebSphereEnvironment Variable definitions. When defining the WebSphereEnvironment Variable, please ensure that the name matches the DBTYPE_JDBC_DRIVER_CLASSPATH.
7. Realizando a configuração
execute o seguinte comando
#./WPSconfig.sh enable-security-wmmur-ldap
-DWasPassword=password
-DPortalAdminPwd=password
-DLTPAPassword=password
-DLDAPAdminPwd=password
-DLDAPBindPassword=password
Se no final do processo aparecer
BUILD SUCCESSFUL Total time: 18 minutes 14 seconds
A configuração ocorreu corretamente
8. Configurando o WebSphere Application Server (WAS)
Configure a propriedade userRegistryRealm no Console Administrativo do WAS
1. Vá no console administrativo do Servidor
http://wps1.empresax.com.br:10039/ibm/console
2. No Console Administrativo do WebSphere Application Server, selecione
Em Inglês: Security>Global Security>User Registry>Custom>Custom Properties Em Português: Segurança > Segurança Global > Registro do Usuário > Customizar > Propriedades Customizadas
3. Inclua a chave userRegistryRealm com o valor yourname, onde yourname é o Realm utilizado na célula do WAS para identificar exclusivamente o usuário, com base em sua origem.
Por exemplo, a implementação de LDAP do WAS utiliza o nome do servidor LDAP e a porta utilizada como a fonte de origem, como:
ldapserver.empresax.com.br:389
4. Salve suas alterações.
9. Pare e reinicie os servidores
Vá para o diretório
cd /opt/IBM/WebSphere/AppServer/bin
e execute os seguintes comandos:
# ./stopServer.sh WebSphere_Portal -user wpsadmin -password was_admin_password
aguarde ...
# ./stopServer.sh server1 -user wpsadmin -password was_admin_password
aguarde ...
# ./startServer.sh server1 -user wpsadmin -password was_admin_password
aguarde ...
# ./startServer.sh WebSphere_Portal -user wpsadmin -password was_admin_password
aguarde ...