You can enable users that are stored in an ObjectServer
repository to be authenticated against an LDAP registry.
Before you begin
- Define the ObjectServer in the federated repository as a user
repository.
- Make a backup copy of the JazzSM_WAS_Profile/config/cells/JazzSMNode01Cell/wim/config/wimconfig.xml file.
Procedure
- Open the JazzSM_WAS_Profile/config/cells/JazzSMNode01Cell/wim/config/wimconfig.xml file editing.
- Locate the <config:repositories> element that has an
id attribute with the value of netcoolObjectServerRepository.
For example:
<config:repositories
adapterClassName="com.ibm.tivoli.tip.vmm4ncos.ObjectServerAdaptor"
id="netcoolObjectServer" supportPaging="False">
<config:baseEntries name="o=netcoolObjectServerRepository" />
<config:CustomProperties name="password"
value="{AES}F3A75EB49DC87013C11C6B021BA6B33" />
<config:CustomProperties name="username" value="root" />
<config:CustomProperties name="host1" value="localhost" />
<config:CustomProperties name="port1" value="4100" />
</config:repositories>
- Add the following <config:CustomProperties> elements
to this element:
<config:CustomProperties name="LDAP.host" value="ldap-host" />
<config:CustomProperties name="LDAP.port" value="ldap-port" />
<config:CustomProperties name="LDAP.distinguishedName"
value="user-dn-format" />
<config:CustomProperties name="LDAP.sslEnabled" value="ssl-enabled" />
- Replace ldap-host with the full name
of the LDAP host server.
- Replace ldap-port with the port number
that the LDAP server uses. If the connection to the LDAP server uses
SSL, specify the SSL port of the LDAP server. (for example, 636).
- Replace user-dn-format with the LDAP
attributes that make up a user entry in the LDAP server.
Depending on the LDAP implementation, a user entry consists of the
string uid=%username,
, or the string gid=%username,
, followed by the LDAP attributes that identify the user.
For example:
<config:CustomProperties name="LDAP.distinguishedName"
value="uid=%username,cn=u50000g3000,cn=test,cn=ncw,o=ibm,c=uk" />
<config:CustomProperties name="LDAP.distinguishedName"
value="gid=%username,cn=u50000g3000,cn=test,cn=ncw,o=ibm,c=uk" />
Important: Ensure that you use the %username
syntax. When a user logs in to the Web GUI, that syntax is replaced with the actual user name that
is in the authentication request to the LDAP directory.
For example:
<config:repositories
adapterClassName="com.ibm.tivoli.tip.vmm4ncos.ObjectServerAdaptor"
id="netcoolObjectServer" supportPaging="False">
<config:baseEntries name="o=netcoolObjectServerRepository" />
<config:CustomProperties name="password"
value="{AES}F3A75EB49DC87013C11C6B021BA6B33" />
<config:CustomProperties name="username" value="root" />
<config:CustomProperties name="host1" value="localhost" />
<config:CustomProperties name="port1" value="4100" />
<config:CustomProperties name="LDAP.host" value="ldapserver.host.com" />
<config:CustomProperties name="LDAP.port" value= "636" />
<config:CustomProperties name="LDAP.distinguishedName"
value="uid=%username,cn=u50000g3000,cn=test,cn=ncw,o=ibm,c=uk" />
<config:CustomProperties name="LDAP.sslEnabled" value="true" />
</config:repositories>
- Replace ssl-enabled with
true
if the connection to the LDAP server uses SSL, otherwise
use false
.
- Carefully check the syntax of all the elements that you
edited.
Important: If the syntax of the wimconfig.xml file is incorrect, you might not be able
to log in to the Web GUI, or stop the server by using the stopServer command. In that case, you must manually terminate the Dashboard Application
Services Hub process.
- Restart the server.
Results
Users can log in using their ObjectServer user
IDs and their LDAP passwords. They can no longer use their ObjectServer
passwords.
What to do next
If the connection to the LDAP server uses SSL,
configure that connection.