WPS: Autenticando via LDAP no Domino - Configurando

From Wiki

Para detalhes na configuração, veja:

http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/wmm_mltpl_realm.html


1.Backup dos arquivos de configuração

Vá para o diretório

cd /opt/IBM/WebSphere/PortalServer/config

faça um backup dos arquivos wpconfig.properties e wpconfig_dbdomain.properties

cp wpconfig_db.properties wpconfig.properties_antesLDAP
cp wpconfig_dbdomain.properties wpconfig_dbdomain.properties_antesLDAP


2. Definição no arquivo wpconfig.properties

Usuário e senha do Administrador do WAS

 # WasUserid: The user ID for WebSphere Application Server security authentication - Todas as letras em minúsculos
 WasUserid=cn=wpsadmin,o=empresax

 # WasPassword: The password for WebSphere Application Server security authentication (LDAP and CUR)
 WasPassword=ReplaceWithYourWASUserPwd

Usuários e grupos Administradores do Portal

# PortalAdminId: The user ID for the WebSphere Portal Administrator - todas as letras em minúsculo
PortalAdminId=cn=wpsadmin,o=empresax

# PortalAdminPwd: The password for the WebSphere Portal Administrator
PortalAdminPwd=ReplaceWithYourWASUserPwd

# PortalAdminGroupId: The group ID for the WebSphere Portal Administrator group
PortalAdminGroupId=cn=wpsadmins

# WpsContentAdministrators: The group ID for the WebSphere Content Administrator group
WpsContentAdministrators=cn=wpsContentAdministrators

# WpsContentAdministratorsShort: The WebSphere Content Administrators group ID
WpsContentAdministratorsShort=wpsContentAdministrators

# WpsDocReviewer: The group ID for the WebSphere Document Reviewer group
WpsDocReviewer=cn=wpsDocReviewer

# WpsDocReviewerShort: The WebSphere Document Reviewer group ID
WpsDocReviewerShort=wpsDocReviewer

Configuração de LTPA e SSO

# LTPAPassword: Specifies the password to encrypt and decrypt the LTPA keys.
LTPAPassword=ReplaceWithYourWASUserPwd

# LTPATimeout: Specifies the time period in minutes at which an LTPA token will expire.
LTPATimeout=120

# SSORequiresSSL: Specifies that Single Sign-On function is enabled only when requests are over HTTPS Secure Socket Layer (SSL) connections.
SSORequiresSSL=false

# SSODomainName: Specifies the domain name (ibm.com, for example) for all Single Sign-on hosts.
SSODomainName=empresax.com.br

Observações:

  1. Se o Portal tem o seguinte nome portal.us.ibm.com e o outro servidor chamasse another_server.ibm.com, defina somente ibm.com.
  2. Para especificar multiplos domínios use ";" . Exemplo: empresax.com.br;ibm.com.


Configuração de LDAP

# LookAside: To configure LDAP with an additional LookAside Database 
# true  - LDAP + Lookaside database
# false - only LDAP
LookAside=true

# WmmDefaultRealm
WmmDefaultRealm=portal

# LDAPHostName: The LDAP server hostname
LDAPHostName=ldapserver.empresax.com.br

# LDAPPort: The LDAP server port number - For example, 389 for non-SSL or 636 for SSL
LDAPPort=389

# LDAPAdminUId: The LDAP administrator ID
LDAPAdminUId=cn=wpsbind,o=empresax

# LDAPAdminPwd: The LDAP administrator password
LDAPAdminPwd=ReplaceWithYourWASUserPwd

# LDAPServerType: The type of LDAP server to be used for WebSphere Portal
LDAPServerType=DOMINO502

#LDAPBindID: The user ID for LDAP Bind authentication
LDAPBindID=cn=wpsbind,o=empresax

#LDAPBindPassword: The password for LDAP Bind authentication
LDAPBindPassword=ReplaceWithYourWASUserPwd

Configuração Avançadas de LDAP

# LDAPSuffix: The LDAP suffix appropriate for your LDAP server - 
# Domino value is null
LDAPSuffix=

# LdapUserPrefix: The LDAP user prefix appropriate for your LDAP server
LdapUserPrefix=cn

# LDAPUserSuffix: The LDAP user suffix appropriate for your LDAP server
LDAPUserSuffix=o=supera

# LdapGroupPrefix: The LDAP group prefix appropriate for your LDAP server
LdapGroupPrefix=cn

# LDAPGroupSuffix: The LDAP group suffix appropriate for your LDAP server
# Domino value is null
LDAPGroupSuffix=

# LDAPUserObjectClass: The LDAP user object class appropriate for your LDAP server
LDAPUserObjectClass=dominoPerson

# LDAPGroupObjectClass: The LDAP group object class appropriate for your LDAP server
LDAPGroupObjectClass=dominoGroup

# LDAPUserFilter: The LDAP user filter appropriate for your LDAP server (to work with default values in WMM)
LDAPUserFilter=(&(|(cn=%v)(uid=%v))(|(objectclass=dominoPerson)(objectclass=inetOrgPerson)))

# LDAPGroupFilter: The LDAP group filter appropriate for your LDAP server (to work with default values in WMM)
LDAPGroupFilter=(&(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))


Configuração para o IBM Workplace Web Content Management

# WcmAdminGroupId: The group ID for the WCM Administrator group
WcmAdminGroupId=cn=wcmadmins

# WcmAdminGroupIdShort: The WCM admin group ID
WcmAdminGroupIdShort=wcmadmins

3. Definição no arquivo wpconfig_dbdomain.properties

# DbUser: The database administrator user ID
wmm.DbUser=db2inst1

# DbPassword: The database administrator password
wmm.DbPassword=ReplaceWithYourDbAdminPwd

4. Parando os servidores

Vá para o diretório

cd /opt/IBM/WebSphere/AppServer/bin

e execute o seguinte comando

# ./stopServer.sh WebSphere_Portal -user was_admin_userid -password was_admin_password


5. Validando a configuração

Vá para o diretório

cd /opt/IBM/WebSphere/PortalServer/config

e execute o seguinte comando

#./WPSconfig.sh validate-wmmur-ldap 
                -DWasPassword=password
                -DPortalAdminPwd=password
                -DLTPAPassword=password
                -DLDAPAdminPwd=password
                -DLDAPBindPassword=password

6. Passo com cluster e LookAside habilitado

Perform this step only if you are in a clustered environment and use the LookAside feature: If you enabled security using the LDAP user registry with realm support, the Member Manager Datasource definitions will automatically be created on the Deployment Manager cell. All nodes need to define a WebSphereEnvironment Variable for the JdbcClassPath.

Note: The nodes which have WebSphere Portal installed will already have this WebSphereEnvironment Variable defined. Refer to the Creating a WebSphereEnvironment Variable section in the WebSphere Application Server information center for information on how to manually create the WebSphereEnvironment Variable definitions. When defining the WebSphereEnvironment Variable, please ensure that the name matches the DBTYPE_JDBC_DRIVER_CLASSPATH.


7. Realizando a configuração

execute o seguinte comando

#./WPSconfig.sh enable-security-wmmur-ldap
                -DWasPassword=password
                -DPortalAdminPwd=password
                -DLTPAPassword=password
                -DLDAPAdminPwd=password
                -DLDAPBindPassword=password

Se no final do processo aparecer

BUILD SUCCESSFUL
Total time: 18 minutes 14 seconds

A configuração ocorreu corretamente


8. Configurando o WebSphere Application Server (WAS)

Configure a propriedade userRegistryRealm no Console Administrativo do WAS

1. Vá no console administrativo do Servidor

http://wps1.empresax.com.br:10039/ibm/console

2. No Console Administrativo do WebSphere Application Server, selecione

Em Inglês: Security > Global Security > User Registry > Custom > Custom Properties

Em Português: Segurança > Segurança Global > Registro do Usuário > Customizar > Propriedades Customizadas


3. Inclua a chave userRegistryRealm com o valor yourname, onde yourname é o Realm utilizado na célula do WAS para identificar exclusivamente o usuário, com base em sua origem.

Por exemplo, a implementação de LDAP do WAS utiliza o nome do servidor LDAP e a porta utilizada como a fonte de origem, como:

ldapserver.empresax.com.br:389


4. Salve suas alterações.

9. Pare e reinicie os servidores

Vá para o diretório

cd /opt/IBM/WebSphere/AppServer/bin

e execute os seguintes comandos:

# ./stopServer.sh WebSphere_Portal -user wpsadmin -password was_admin_password

aguarde ...

# ./stopServer.sh server1 -user wpsadmin  -password was_admin_password

aguarde ...

# ./startServer.sh server1 -user wpsadmin  -password was_admin_password

aguarde ...

# ./startServer.sh WebSphere_Portal -user wpsadmin  -password was_admin_password

aguarde ...