Configuring WebSphere Portal V6 by gegouzhen12

VIEWS: 0 PAGES: 8

									Configuring WebSphere Portal V6.1 with Standalone ITDS6.0 LDAP over SSL

This article contains step – by – step instructions on setting up WebSphere Portal V6.1
with ITDS6.0 LDAP over SSL.

System Info :
    ITDS LDAP 6.0 – windows 2000 server
    WebSphere Portal Server 6.1 – AIX6.1

Configuration Steps :
  1. Install ITDS6.0 LDAP
      http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.
      ibm.IBMDS.doc/install.htm
  2. Setup LDAP with Portal Admin users / groups.
  3. Enable SSL and generate LDAP SSL certificate on LDAP Server by following
      ITDS Infocenter .
  4. Install WebSphere Portal 6.1 - Refer to WebSphere Portal 6.1 infocenter.
      http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1m0/index.jsp
  5. Start “server1” - <wp_profile>/bin/startServer.sh server1
  6. Launch WAS Admin Console in Web browser , login as WAS Admin Userid/pwd
      ( same a portal admin id/pwd provided during the install).Ex:
      http://<hostname>:10001/admin
   7. Choose one of the following options to specify the LDAP server’s SSL certificate in the server
      trust store :




Option   Description
Option    Description
Retrieve Perform the following steps to retrieve the certificate from the port:
from
port         a. Log in to the WebSphere Application Server Administrative Console.
             b. Navigate to Security > SSL certificate and key management > SSL configurations.
             c. Click the appropriate SSL configuration from the list; for example, NodeDefaultSSLSetting
             d. Click Key stores and certificates.
             e. Click the appropriate trust store from the list; for example, NodeDefaultTrustStore.
             f. Click Signer certificates, click Retrieve from port, and then enter the following information
                    o Type the Host name used when attempting to retrieve the signer certificate from the
                        SSL port.
                    o Type the SSL Port used when attempting to retrieve the signer certificate.
                    o Type the Alias the key store uses for the signer certificate.
             g. Click Retrieve signer information to retrieve the certificate from the port.
             h. Click OK and then click Save to save the changes to the master configuration.
Option   Description




            i.
            j. Click on Retrieve signer information in above screen.
Option   Description




             k.
             l. Click Apply and Save
             m. Should see the certificate added to the list.

   8. Enter a value for the following required parameters in the wkplc.properties file
   under the VMM Stand-alone LDAP configuration heading:
   Note: See the wkplc.properties file for specific information about the required
   parameters and for advanced parameters.
   standalone.ldap.id = ids1
   standalone.ldap.host = manju.rtp.raleigh.ibm.com
   standalone.ldap.port = 637
   standalone.ldap.bindDN = cn=root
   standalone.ldap.bindPassword = p0rtal4u
   standalone.ldap.ldapServerType = IDS6
   standalone.ldap.userIdMap = *:uid
   standalone.ldap.groupIdMap = *:cn
   standalone.ldap.groupMemberIdMap =
   standalone.ldap.userFilter = (&(uid=%v)(objectclass=inetOrgPerson))
   standalone.ldap.groupFilter = (&(cn=%v)(objectclass=groupOfUniqueNames))
   standalone.ldap.serverId = uid=wpsadmin,cn=users,dc=raleigh,dc=com
   standalone.ldap.serverPassword = p0rtal4u
   standalone.ldap.realm = idsrealm1
   standalone.ldap.primaryAdminId = uid=wpsadmin,cn=users,dc=raleigh,dc=com
   standalone.ldap.primaryAdminPassword = p0rtal4u
   standalone.ldap.primaryPortalAdminId=uid=wpsadmin,cn=users,dc=raleigh,dc=com
   standalone.ldap.primaryPortalAdminPassword = p0rtal4u
   standalone.ldap.primaryPortalAdminGroup=cn=wpsadmins,cn=groups,dc=raleigh,dc=com
   standalone.ldap.baseDN = dc=raleigh,dc=com
   Update the LDAP entity types heading :
   standalone.ldap.et.group.searchFilter
   standalone.ldap.et.group.objectClasses = groupOfUniqueNames
   standalone.ldap.et.group.objectClassesForCreate
   standalone.ldap.et.group.searchBases
   standalone.ldap.et.personaccount.searchFilter
   standalone.ldap.et.personaccount.objectClasses = inetorgperson
   standalone.ldap.et.personaccount.objectClassesForCreate
   standalone.ldap.et.personaccount.searchBases
   Update the Group member attributes heading :
   standalone.ldap.gm.groupMemberName=uniqueMember
   standalone.ldap.gm.objectClass=groupOfUniqueNames
   standalone.ldap.gm.scope=direct
   standalone.ldap.gm.dummyMember=uid=dummy
   Update the Default parent, RDN attribute heading :
   standalone.ldap.personAccountParent=cn=users,dc=raleigh,dc=com
   standalone.ldap.groupParent=cn=groups,dc=raleigh,dc=com
   standalone.ldap.personAccountRdnProperties=uid
   standalone.ldap.groupRdnProperties=cn
   Update the following SSL properties in Advanced Properties heading :

   standalone.ldap.sslEnabled = true
   standalone.ldap.sslConfiguration=NodeDefaultSSLSettings – Default SSL
    configuration.Update this accordingly ex: change this value to non-default one
    incase a non-default SSL configuration was created.
   9. Save wkplc.properties file
   10. Choose the following option to specify the LDAP server's SSL certificate in the
       default client trust store:
   11. Run the ./ConfigEngine.sh validate-standalone-ldap -
       DWasPassword=password task to validate your LDAP server settings.


Option             Description
Signer certificate See Secure installation for client signer retrieval.
retrieval          Note: During the validation task, you may receive the following
                   prompt: "Add signer to the trust store now?" Type y and then press
                   Enter.
   12. The task in the above Step may report an error or fail but it will successfully
       update the trust store so the error message can be ignored.
   13. NOTE : Restart both server1 and WebSphere_Portal servers inorder to run
       the following task successfully.
   14. Run the ./ConfigEngine.sh wp-modify-ldap-security -
       DWasPassword=password task to set the stand-alone LDAP user registry.
   15. Restart servers server1 and WebSphere_Portal. Server1 and WebSphere_Portal
       must start without any errors.
   16. Verify SSL configuration in WAS Admin Console .Launch WAS Admin
       Console : http://<hostname>:10001/admin, login as ldap admin id/pwd .
   17. Navigate to – Security – Secure administration,applications,and infrastructure –
       verify User account repository section – Available realm definitions – set to
       Standalone LDAP registry and click on Configure.You will see the following
       screen.

   18. Verify that the Port : 637 – SSL port and in SSL Settings – SSL enabled check
       box is checked as shown in the screen below :
19.
20. Launch Portal Page in Web browser and login as LDAP Portal Admin ID / Pwd
    successfully.
21. Create a new user and group using Users and Groups page/portlet.

								
To top