Completing the LDAP configuration

After you have configured the WebSphere Application Server Liberty to use a new authentication configuration, whichever configuration method you used, you must also update the security file, and propagate the changes in your environment.

Updating the security file

If you use the classic security model, you need to update the IBM Workload Scheduler security file to allow users to access IBM Workload Scheduler objects. For more information, see Updating the security file. The following example shows an updated security file, where the user TEST_LDAP has been added to the USER MAESTRO section:

USER MAESTRO
	CPU=@+LOGON=tws83,Administrator,administrator,TEST_LDAP 
BEGIN
	USEROBJ	CPU=@  ACCESS=ADD,DELETE,DISPLAY,MODIFY,ALTPASS,UNLOCK,LIST
	JOB	    CPU=@  + FOLDER = /   ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,
              		      MODIFY,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST,UNLOCK
	SCHEDULE     CPU=@   + FOLDER = /  ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,
					 DISPLAY,LIMIT,MODIFY,RELEASE,REPLY,SUBMIT,LIST,UNLOCK
	RESOURCE     CPU=@   + FOLDER = /  + CPUFOLDER = / ACCESS=ADD,DELETE,DISPLAY,MODIFY,RESOURCE,
                                                          USE,LIST,UNLOCK
	PROMPT        + FOLDER = / ACCESS=ADD,DELETE,DISPLAY,MODIFY,REPLY,USE,LIST,UNLOCK
	FILE	  NAME=@	ACCESS=CLEAN,DELETE,DISPLAY,MODIFY,UNLOCK
	CPU	   CPU=@  + FOLDER = /   ACCESS=ADD,CONSOLE,DELETE,DISPLAY,FENCE,LIMIT,LINK,MODIFY,
					 SHUTDOWN,START,STOP,UNLINK,LIST,UNLOCK
	PARAMETER   CPU=@  + FOLDER = /  + CPUFOLDER = /  ACCESS=ADD,DELETE,DISPLAY,MODIFY,UNLOCK,LIST
	CALENDAR     + FOLDER = /  ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,UNLOCK,LIST
       FOLDER     NAME=/        ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK, ACL     
END

In this example, the useDomainQualifiedUserNames security property is set to false therefore the user name has been specified without the domain.

Propagating the changes

Propagate the changes you have made as follows:
  1. If your changes involved changing the primary WebSphere Application Server Liberty administrator, then update the wa_user.xml file with the credentials. The wauser_variables.xml file can be found in the path:
    Dynamic Workload Console
    DWC_DATA_dir/usr/servers/dwcServer/configDropins/overrides
    master domain manager
    TWA_DATA_DIR/usr/servers/engineServer/configDropins/overrides
    Dynamic Workload Console
    DWC_home\usr\servers\dwcServer\configDropins\overrides
    master domain manager
    TWA_home\usr\servers\engineServer\configDropins\overrides
    1. Copy the wauser_variables.xml file for both the Dynamic Workload Console and the master domain manager to a temporary directory.
    2. Create a copy of the original wauser_variables.xml file for both the Dynamic Workload Console and the master domain manager in another directory for backup purposes.
    3. Edit the files in the temporary directory with the updated information about the primary WebSphere Application Server Liberty administrator.
    4. Copy the updated wauser_variables.xml files to the overrides directory on both the Dynamic Workload Console and the master domain manager.
  2. Update the USERNAME and PASSWORD fields in the useropts file on every command-line client that points to your workstation.
  3. Update the USERNAME and PASSWORD fields in the useropts file on every fault-tolerant agent in your environment that has an HTTP/HTTPS connection defined in localopts that points to your workstation. The HTTP/HTTPS connection is used to submit a predefined job or job stream.
  4. Update the USERNAME and PASSWORD fields in the engine connection parameters on every connected Dynamic Workload Console.
Note: To change the useropts file, change the USERNAME and type the new PASSWORD in plain text between double quotation marks. The password will be encrypted the first time you log in.