The first time you sign into developerWorks, a profile is created for you. Select information in your profile (name, country/region, and company) is displayed to the public and will accompany any content you post. You may update your IBM account at any time.

All information submitted is secure.

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

All information submitted is secure.

My developerWorks:

My notifications:

Sign out

Select a language:

Configuring global security in WebSphere Lombardi Edition V7.2 using Tivoli Directory Server V6.3

Ashok Iyengar (ashoki@us.ibm.com), Executive IT Specialist, IBM

Ashok Iyengar is a member of the IBM Software Services for WebSphere (ISSW) Pre-sales Tech Team. He has worked extensively with the WebSphere Business Integration platform doing proof of concepts, pilots, and architecture design. He enjoys writing. Ashok’s latest book is WebSphere Business Integration Primer.

Summary: Learn how to configure global security in IBM® WebSphere® Lombardi® Edition V7.2 using an LDAP server. This helps enterprise users to log in and use the various applications in Lombardi Edition and allows the IT department better access control. This tutorial uses IBM Tivoli® Directory Server V6.3 as the LDAP server and IBM DB2® as the database.

Date: 26 Jan 2011
Level: Intermediate
PDF: A4 and Letter (1052 KB | 19 pages)Get Adobe® Reader®

Activity: 39286 views
Comments:

Appendix: WLEUsers.ldif

If you notice, tw_user is not found in the LDIF file. The reason for that is we decided to use federated repositories, which in this case is a combination of two repositories: internal file-based and Tivoli Directory Server. Also note that tw_user is a key built-in user ID in the file-based realm.

You can easily modify the LDIF file shown in Listing 1 to suit any DN suffix. The only requirement is that the suffix needs to be created in LDAP before you can import the file.

Listing 1. WLEUsers.ldif

##
# Make sure the suffix dc=ibm,dc=com exists before importing this ldif file
##
dn: dc=ibm,dc=com
objectclass: domain
objectclass: top
## Add lines according to this schema that corresponds to your suffix
dc: ibm,dc=com
dc: ibm

dn: cn=users,dc=ibm,dc=com
objectclass: container
objectclass: top
cn: users

dn: cn=groups,dc=ibm,dc=com
objectclass: top
objectclass: container
cn: groups

## WLE default users. Do not change
dn: uid=tw_admin,cn=users,dc=ibm,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: tw_admin
userpassword: tw_admin
sn: admin
givenName: tw
cn: tw_admin

dn: uid=tw_author,cn=users,dc=ibm,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: tw_author
userpassword: tw_author
sn: author
givenName: tw
cn: tw_author

dn: uid=tw_webservice,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: webservice
userpassword: tw_webservice
sn: webservice
givenName: tw
cn: tw_webservice

dn: uid=tw_portal_admin,cn=users,dc=ibm,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: tw_portal_admin
userpassword: tw_portal_admin
sn: admin
givenName: tw_portal
cn: tw_portal_admin

dn: uid=tw_runtime_server,cn=users,dc=ibm,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: tw_runtime_server
userpassword: tw_runtime_server
sn: server
givenName: tw_runtime
cn: tw_runtime_server


## WAS admin user
dn: uid=admin,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: admin
userpassword: admin
sn: admin
givenName: admin
cn: admin


# WLE default groups. Do not change
dn: cn=tw_admins,cn=groups,dc=ibm,dc=com
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: uid=tw_admin,cn=users,dc=ibm,dc=com
uniquemember: uid=admin,cn=users,dc=ibm,dc=com
cn: tw_admins

dn: cn=tw_authors,cn=groups,dc=ibm,dc=com
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: uid=tw_admin,cn=users,dc=ibm,dc=com
uniquemember: uid=tw_author,cn=users,dc=ibm,dc=com
cn: tw_authors

dn: cn=tw_portal_admins,cn=groups,dc=ibm,dc=com
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: uid=tw_portal_admin,cn=users,dc=ibm,dc=com
cn: tw_portal_admins

dn: cn=Debug,cn=groups,dc=ibm,dc=com
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: uid=tw_admin,cn=users,dc=ibm,dc=com
cn: Debug

dn: cn=tw_allusers,cn=groups,dc=ibm,dc=com
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: uid=tw_admin,cn=users,dc=ibm,dc=com
uniquemember: uid=tw_author,cn=users,dc=ibm,dc=com
uniquemember: uid=tw_webservice,cn=users,dc=ibm,dc=com
uniquemember: uid=tw_portal_admin,cn=users,dc=ibm,dc=com
uniquemember: uid=admin,cn=users,dc=ibm,dc=com
cn: tw_allusers

## Additional users and groups that can be customized
dn: uid=tw_user1,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: tw_user1
userpassword: tw_user1
sn: user1
givenName: tw
cn: tw_user1

dn: uid=tw_user2,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: tw_user2
userpassword: tw_user2
sn: user2
givenName: tw
cn: tw_user2

dn: uid=tw_user3,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: tw_user3
userpassword: tw_user3
sn: user3
givenName: tw
cn: tw_user3

dn: cn=tw_users,cn=groups,dc=ibm,dc=com
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: uid=tw_user1,cn=users,dc=ibm,dc=com
uniquemember: uid=tw_user2,cn=users,dc=ibm,dc=com
uniquemember: uid=tw_user3,cn=users,dc=ibm,dc=com
cn: tw_users

dn: uid=tw_manager1,cn=users,dc=ibm,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: tw_manager1
userpassword: tw_manager1
sn: manager1
givenName: tw
cn: tw_manager1

dn: uid=tw_manager2,cn=users,dc=ibm,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: tw_manager2
userpassword: tw_manager2
sn: manager2
givenName: tw
cn: tw_manager2

dn: cn=tw_managers,cn=groups,dc=ibm,dc=com
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: uid=tw_manager1,cn=users,dc=ibm,dc=com
uniquemember: uid=tw_manager2,cn=users,dc=ibm,dc=com
cn: tw_managers

Comments