Switching to an LDAP user registry when using a non-clustered WebSphere Application Server Network Deployment

After an IBM® InfoSphere® Information Server installation finishes, you can configure IBM InfoSphere Information Server to authenticate users by using a Lightweight Directory Access Protocol (LDAP) user registry. If you are using a non-cluster (stand-alone) WebSphere® Application Server Network Deployment, then there are specific configuration steps you must follow to set up the LDAP user registry.

Before you begin

  • The InfoSphere Information Server engine performs user authentication separately from other InfoSphere Information Server components. You can configure the engine to use the LDAP user registry that you set up. For IBM AIX®, HP-UX, and Linux® platforms, you can optionally configure Pluggable Authentication Module (PAM) support before you switch the user registry. For more information, see Configuring IBM InfoSphere Information Server to use PAM (Linux, UNIX).
  • WebSphere Application Server must be running. This is mandatory for all IBM WebSphere Application Server stand-alone installations.

About this task

InfoSphere Information Server supports any LDAP-compliant user registry that IBM WebSphere Application Server Network Deployment supports. For more information about supported LDAP servers, see the IBM WebSphere Application Server Network Deployment system requirements:

Procedure

  1. Do the procedures in configuring LDAP user registries.
  2. Stop WebSphere Application Server.
    Important: When stopping the WebSphere Application Server processes, use the credentials of the WebSphere Application Server administrator from the previous user registry.
  3. Log in to the services tier computer on which the AppServerAdmin tool is installed.
  4. From the command line, run the AppServerAdmin command.
    This command propagates the WebSphere Application Server administrator user name and password to WebSphere Application Server.
    Linux cue graphicUNIX cue graphic
    /opt/IBM/InformationServer/ASBServer/bin/AppServerAdmin.sh -was 
   -user was_admin_user_id -password was_admin_password
    Windows cue graphic
    C:\IBM\InformationServer\ASBServer\bin\AppServerAdmin.bat -was 
   -user was_admin_user_id -password was_admin_password

    In the command, was_admin_user_id and was_admin_password must match the new WebSphere Application Server administrator credentials that you provided in the WebSphere Application Server administrative console.

    Tip: The -password parameter is optional. If not provided, you will be prompted for a password. If you do provide a password, it can be either plain text or an encrypted string that has been created with the encrypt command.
  5. If you are switching the user registry for a system that has been used for a while by multiple users, clean up the users and groups that are related to the security configuration. See Switching the user registry configuration for a system in use.
  6. Restart WebSphere Application Server.

    After WebSphere Application Server is restarted, during the InfoSphere Information Server initialization, the WebSphere Application Server user registry configuration is checked and the InfoSphere Information Server user registry configuration is automatically adjusted if needed. The default WebSphere Application Server administrator user is also automatically configured as the initial new InfoSphere Information Server default administrator user.

What to do next

After you change the user registry, you can use theWebSphere Application Server administrator user name and password to log in to the InfoSphere Information Server Web console. In the console, grant suite administrator access to additional users as needed. The WebSphere Application Server administrator is granted InfoSphere Information Server administrator privileges by default.