Updating the Business Automation Workflow deployment after an LDAP password change
After an update to the Lightweight Directory Access Protocol (LDAP) bind user or administrator password, for example, when the password expired,
you might need to update the Business Automation Workflow deployment to avoid
errors.
Changing the LDAP bind password
Procedure
To change the LDAP bind password in the Business Automation Workflow deployment:
- Log in to your LDAP server to update your LDAP bind password.
-
Access the IAM console to update the LDAP bind password for your existing settings.
- Use the following command to get the URL to access
<your namepspace>
:oc get route -n <your namespace> cp-console -o jsonpath=‘{.spec.host}’
The following is a sample output:
‘cp-console.apps.test-q2.os.fyre.ibm.com’
. Based on the example output, your console URL would be https://cp-console.apps.test-q2.os.fyre.ibm.com.oc get route -n <your namespace> cp-console -o jsonpath=‘{.spec.host}’
The following is a sample output:
‘cp-console.apps.test-q2.os.fyre.ibm.com’
. Based on the example output, your console URL would be https://cp-console.apps.test-q2.os.fyre.ibm.com. - The default username to access the console is admin. To get the default username, run the
following
command:
oc -n <your namespace> get secret platform-auth-idp-credentials-o jsonpath='{.data.admin_username}' | base64 -d && echo
- To get the password for the default username, run the following
command:
oc -n <your namespace> get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}'| base64 -d
- Log in to the IAM console to update the LDAP bind password and save your changes.
- Use the following command to get the URL to access
- Edit the LDAP connection:
Update the LDAP bind password in the secret
"ibm-bind-secret"
under your namespace. - Wait for the operator to reconcile, and re-create the Content Platform Engine
pod. Check that the LDAP bind password is updated in the following XML file of the configMaps
"icp4adeploy-cpe-config"
under your namespace.
Changing the LDAP admin user password
Procedure
To change the LDAP admin user password in the Business Automation Workflow deployment:
- Log in to your LDAP server to update your LDAP admin user password.
-
Log in to the Administration Console for Content Platform
Engine by using your
LDAP admin user and the updated password (step 1). You can find the login URL from the configMaps
"icp4adeploy-cp4ba-access-info"
under your namespace. - Open the domain properties page for the FileNet P8 domain.
-
Update the password for the LDAP admin user as step 1, as shown in the following example.
-
Continue to update the password in Process Engine Component Manager in the Administration Console for Content Platform
Engine. Find your TOS
object store, expand Administrative > Workflow
System > Isolated Regions, then expand the isolated
region that you are using and Component Queues, select the queue and update
the password as shown in the following example.
- Scale down the Cloud Pak for Business Automation operator deployment.
-
Scale down the following deployments. Wait for Kubernetes (Red Hat OpenShift) to stop the
existing pods (the pod terminations might take several minutes). You can monitor the status of your
pods by using the Red Hat OpenShift or Kubernetes command
"oc get pods -w"
.- Content Platform Engine
- Navigator
- Workflow server
-
Update
appLoginPassword
with the new password in the secret"ibm-fncm-secret"
and"ibm-ban-secret"
. -
Scale up the Cloud Pak for Business Automation
operator deployment. Wait for Kubernetes (Red Hat OpenShift) to create the new pods (the pod
creation might take several minutes). You can monitor the status of your pods by using the Red Hat
OpenShift or Kubernetes command
"oc get pods -w"
. -
Go to the Navigator pod by running the command
"oc exec -it <navigator_pod> bash"
. For example,oc exec -it icp4adeploy-navigator-deploy-5669544494-n76ls bash
, then delete the file "config.ok" under /opt/ibm/plugins/properties. - Delete the jobs
basaut-content-init-job
andbas-case-init-job
, wait for the operator to reconcile, and create the new jobs.- Get the
content-init-job
name:oc get job | grep content-init-job
- Delete the job:
oc get job <content-init-job-name>
Delete the case init job:- Get the
case-init-job
name:oc get job | grep case-init-job
- Delete the job:
oc delete job <case-init-job-name>
- Get the
-
If you have more than one target object store, re-run
Register Project Area
or Register Target Environment in the Case administration client for each additional target object store. - Restart IBM® Content Navigator, Content Platform Engine and Business Automation Workflow pods.