1.
Configure your portal to the first Ldap server using realms (using the
enable-security-wmmur-ldap configuration task).
2.
Make sure that security has been enabled correctly and you are able to
login to the portal as the administrator and administer the portal
correctly. If there are any problems with logging in or administering the
portal, resolve them before proceeding.
3.
Save a backup copy and then open the <WP_root>/wmm/wmm.xml for
editing.
4.
Find the XML attribute horizontalPartitioning and set its value to 'true'
5.
Add the following tag below the <repositories> tag and just before
the beginning of the
<lookAsideRepository> tag:
<federationRepository
name="wmmDBFederation"
UUID="DB1"
supportTransactions="true"
adapterClassName="com.ibm.ws.wmm.db.DataBaseFederationAdapter"
dataSourceName="jdbc/wmmDS"
databaseType="cloudscape"
dataAccessManagerClassName= "com.ibm.ws.wmm.db.dao.cloudscape.WMMCloudscapeDao"/>
Note: The above snippet shows Cloudscape™ as the database. For a
different database (such as IBM DB2®, Oracle®), use the corresponding
value for databaseType and the dataAccessManagerClassName. Also, if you
have changed the name of the WMM datasource, enter the appropriate value
in the dataSourceName parameter.
6. You now need to add the second <ldapRepository> section to the
file to point to the second LDAP server.
a) Select the section in wmm.xml that starts with <ldapRepository>
and ends with </ldapRepository>
b) Copy and paste the paragraph selected in step (a) just below the line
which contains </ldapRepository>
c) Refer to the following table (or the second <ldapRepository>
tag) and modify the corresponding values in the second ldapRepository
section in wmm.xml.
XML
Attribute Name
|
XML
Attribute Value
|
name
|
wmmLDAP
|
UUID
|
LDAP2
|
adapterClassName
|
Corresponds
to the type of second LDAP you are
using: Example, if Active Directory 2000:
com.ibm.ws.wmm.ldap.activedir.ActiveDirectoryAdapterImpl
|
supportDynamicAttributes
|
false
|
configurationFile
|
Again,
corresponds to the type of second LDAP you are using: Example, if
Active Directory:
wmmLDAPAttributes_AD.xml
|
profileRepositoryForGroups
|
LDAP2
|
adminId
|
Fully
qualified distinguished name for the second LDAP administrator
|
adminPassword
|
Password
corresponding to the above administrator ID
|
ldapHost
|
Hostname
for the second LDAP
|
ldapPort
|
Port
value for the second LDAP on which it will listen for connections
|
sslEnabled
|
false
|
groupMembershipAttributeMap
|
Corresponds
to the type of second LDAP. Example, if Active Directory,
memberOf
|
d) Edit the <nodeMaps> tag. The nodeMaps tells WebSphere Portal
about the entry points in your repository.
Locate the <nodeMaps> tag and change the values of the node and
pluginNode attributes as follows. Note: Change the values as per your
environment settings.
<nodeMaps>
<nodeMap node="dc=msad,dc=ibm,dc=com"
pluginNode="dc=msad,dc=ibm,dc=com" />
<nodeMap node="cn=users,dc=msad,dc=ibm,dc=com"
pluginNode="cn=users,dc=msad,dc=ibm,dc=com" />
<nodeMap node="cn=groups,dc=msad,dc=ibm,dc=com"
pluginNode="cn=groups,dc=msad,dc=ibm,dc=com" />
</nodeMaps>
e) Configure the LDAP entry types that are supported by the second LDAP.
Locate the <supportedLdapEntryTypes> tag. Edit the XML attribute
values for the supported entry type "Person" and
"Group":
rdnAttrTypes="cn"
objectClassesForRead="user"
objectClassesForWrite="user"
searchBases="cn=users,dc=msad,dc=ibm,dc=com"
rdnAttrTypes="cn"
objectClassesForRead="group"
objectClassesForWrite="group"
searchBases="cn=groups,dc=msad,dc=ibm,dc=com"
Note: Again, the values above will depend on the second LDAP you
are using and also your environment (example, if you are using custom
object classes).
f) Save the changes to the wmm.xml file
7) Edit the realm information in the wmmur.xml file. This file contains
the suffixes for user and group creation and the realm mappings to the
different user repositories defined in wmm.xml.
a) Open the wmmur.xml for editing. Add a second <node> tag to the
XML file:
<?xml version="1.0" encoding="UTF-8"?>
<wmmur>
<realms>
<realm id="portal" delimiter="@"
default="true">
<node
wmmnode="dc=ids,dc=ibm,dc=com"/>
<node
wmmnode="dc=msad,dc=ibm,dc=com"/>
</realm>
</realms>
</wmmur>
8) Save the file and restart WebSphere Portal.
9) Login to the portal with a user ID that belongs to first LDAP
repository. Verify that everything works fine. Next, login with another
user ID that belongs to the second LDAP repository. Verify that
everything works fine.
10) If you are in a clustered environment, you also need to:
a) Run the configuration task: WPSconfig.sh/.bat check-out-wmm-cfg-files-from-dmgr
b) Make the suggested changes to the WMM files on the primary node in the
<WP_root>/wmm directory
c) Run the configuration task: WPSconfig.sh/.bat check-in-wmm-cfg-files-to-dmgr
|
Posts