Properties file: wkplc.properties
Table of contents
- About the properties file
- General properties
- WebSphere Portal cluster properties
- Step-up authentication properties
- Virtual portal configuration properties
- General security properties
- Federated security properties
- Stand-alone security
- VMM property extension database properties
- VMM LDAP entity type configuration
- VMM supported entity types configuration
- Update the defaultParent of the entity types Group and PersonAccount
- Group member attribute configuration
- Create group member configuration
- Context pool
- Realm configuration
- Base entry configuration
- Change administrative users
- Change attribute configuration
- Restore VMM security
- Community Isolation and external users
- Additional properties for internal use only
1. About the properties file
When specifying values:
- Do NOT enclose any value in quotes. This will cause a failure in the configuration tasks.
- Windows paths must use a forward slash (/) instead of a backward slash. A backward slash is an escaped character.
- Windows long paths are acceptable.
- Properties are immutable. Once set, they cannot be changed when a configuration task is running.
- Property values can be defined in three ways: on the command line, in this property file, and in a build file.
The configuration task uses the following order to determine the property value:
- First the task checks the command line values, so specifying (-DMyNode=somenode) takes precedence.
- Second, the task checks the property file values.
- Third, the task checks the build file property values.
2. General properties
2.1. WebSphere Application Server properties
Provide information about the WebSphere Application Server used in the WebSphere Portal stack.
- VirtualHostName
- WasUserid
- Description
- This value is the user ID for WebSphere Application Server security authentication. Type the value in lower case, regardless of the case used in the distinguished name (DN). For an LDAP configuration this value cannot contain spaces. For an LDAP configuration this should be the fully qualified distinguished name (DN) of a current administrative user for the WebSphere Application Server. For a configuration using a Virtual Manager User Registry database, the short version of the distinguished name must be used.
- Default value
- wpsadmin
- Examples
- Custom User Registry: {wpsbind}
- WasPassword
- Description
- This value is the password for the user ID specified for WebSphere Application Server security authentication. The WasPassword parameter can be specified in this file or you can pass it on the command line using the -DWasPassword string.
- Default value
- ReplaceWithYourWASUserPwd
- Examples
- None available
- WasHome
- WasUserHome
- CellName
- NodeName
- Description
- This value is the node within the WebSphere Application Server cell where the WebSphere Application Server is located. This value must be unique among other node names in the same cell.Typically this value is the same as the host name for the computer.
- Default value
- @NodeName@
- Examples
- None available
- ServerName
- WasAdminServer
- Description
- This value is the name of the application server for administration. For IBM i, if your WebSphere Application Server profile was created with a different WebSphere Application Server administrative server name, you should change this value to reflect that.
- Default value
- server1
- Examples
- server1
- LTPAPassword
- wasJvmBitType
2.2. WebSphere Portal configuration properties
Provide basic information about WebSphere Portal, such as installation directory, ports numbers, user IDs and passwords, and more.
- WpsInstallLocation
- WpsHostName
- Description
- This value is the fully qualified WebSphere Portal host name or the name of the Web server that WebSphere Application Server is configured to use. This value is set by the installation program based on user input during installation.
- Default value
- localhost
- Examples
- In the following example, machinename is the WpsHostName value: http://machinename:80/wps/portal;
- WpsHostPort
- PortalAdminId
- Description
- This value is the user ID for the WebSphere Portal Administrator. The installation program sets this value based on user input during installation.
The user ID cannot contain a space: for example, user ID. The user ID cannot be longer than 200 characters.
(UNIX only) If this paramter is provided via -D on commandline. Some tasks may require you to enter the fully qualified user ID. If your fully qualified user ID contains a space; for example: cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com, then you must place the fully qualified user ID in the properties file or into a parent properties file instead of as a flag on the command line. To create a parent properties file called mysecurity.properties, enter the fully qualified user ID, and then run the following task: ./ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties.
(Windows only) If this paramter is provided via -D on commandline. Some tasks may require you to enter the fully qualified user ID. If your fully qualified user ID contains a space; for example: cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com, then you must place quotes around the fully qualified user ID before running the task, like this: "cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com".
- Default value
- wpsadmin
- Examples
- Development configuration without security: PortalAdminId=wpsadmin
- PortalAdminPwd
- Description
- This value is the password for the WebSphere Portal Administrator. The installation program sets this value based on user input during installation. The password cannot contain a space, for example, pass word. The password cannot be longer than 128 characters.
- Default value
- No default value
- Examples
- None available
- PortalAdminGroupId
- PortalUniqueID
- Description
- The value is used for the object ID creation mechanism and has to be different for each node. The ID is 12 hex digits that are unique to this WebSphere Portal instance It is usually a MAC address from a communications adapter on this node. Only nodes running on one machine may have the same PortalUniqeID.
- Default value
- 00054E48AA0C
- Examples
- None available
- WpsContextRoot
- Description
- This value is the WebSphere Portal context root or base URI. All URLs beginning with this path will be reserved for WebSphere Portal. The value of this property is part of the URL used to access WebSphere Portal from a browser.
- Default value
- wps
- Examples
- In the following example, wps is the WpsContextRoot value: http://localhost:80/wps/portal;.
- WpsHostBasePort
- SMFLibrary
- SMFNativeLibrary
- ServerShortName
- Description
- Required for z/OS only. This value is the server's jobname, as specified in the MVS START command JOBNAME parameter. JOBNAME is the name of the task or script that runs when the server is running. MVS (Multiple Virtual Storage) is the name of the operating system that runs on the mainframe. This value is also passed as a parameter to the server's start procedures to specify the location of the server's configuration files and identify the server to certain WebSphere for z/OS- exploited z/OS facilities (for example, SAF).
- Default value
- BBOS002
- Examples
- SAF
- ClusterTransitionName
- WpsSMPEHomeDirectory
- TransferDomainList
- Description
- Required for database transfer This value is the list of database 'domains' that will be transferred by the database-transfer process. This value should not be altered unless you want to include or exclude specific domains from the transfer process.
- Default value
- release,community,customization,jcr,feedback,likeminds
- Examples
- None available
3. WebSphere Portal cluster properties
4. Step-up authentication properties
5. Virtual portal configuration properties
Configuration tasks that use the virtual portal configuration properties include: create-virtual-portal, delete-virtual-portal, modify-virtual-portal, list-all-virtual-portals
- VirtualPortalTitle
- VirtualPortalRealm
- VirtualPortalHostName
- VirtualPortalContext
- Description
- This value is the unique portal context that must be provided for the Virtual Portal. If you set the host name parameter (VirtualPortalHostName), the portal context is ignored. A virtual portal can either be accessed by a DNS/Host name or a URL prefix. When both a DNS/Host name and URL prefix are provided, the DNS/Host name will be used for VirtualPortalContext.
- Default value
- No default value
- Examples
- None available
- VirtualPortalNlsFile
- Description
- An optional file which contains language specific information for the Virtual Portal. Create an NLS file to specify additional titles and descriptions in other languages for your Virtual Portal. Descriptions can only be provided in an NLS file. Do not use prefixes in that NLS file. If you do not specify an NLS file, the Virtual Portal is created with the title that you give as the value to the VirtualPortalTitle parameter only. Titles and descriptions are not created for other languages. However, if you specify an NLS file, the value given for the virtual portal title in the NLS file overrides the value that you provide for the VirtualPortalTitle property. If you want to create a description for the virtual portal, you have to specify this in a national language support (NLS) file. If you want to modify the title or description of the Virtual Portal, you have to add the new title and description to the NLS file.
- Default value
- No default value
- Examples
- None available
- VirtualPortalObjectId
- Description
- This value is the object ID of the virtual portal.The object ID is required to modify and delete Virtual Portals. To determine what this value is, run the following task: list-all-virtual-portals. Do not delete the default Virtual Portal.The Object ID for the default Virtual Portal ends with _0.
- Default value
- No default value
- Examples
- None available
6. General security properties
7. Federated security properties
7.1. Add or update an LDAP
Use the properties in this section to create (wp-create-ldap) or update (wp-update-federated-ldap) the LDAP configuration in virtual member manager (VMM). If you are updating the LDAP configuration, the federated.ldap.id and federated.ldap.host must match the repository that you want to update.
- federated.ldap.id
- Description
- This value specifies a unique identifier for the repository within the cell. During an update, this value must match the ID of the repository to be updated. Characters that are not allowed in normal XML strings ( & < > " ' )cannot be used in the repository ID. This value should be no longer than 36 characters.
- Default value
- No default value
- Examples
- None available
- federated.ldap.host
- federated.ldap.port
- federated.ldap.bindDN
- federated.ldap.bindPassword
- federated.ldap.ldapServerType
- federated.ldap.baseDN
7.1.1. Group and PersonAccount entity types
The supported entity types are Group and PersonAccount.
Group entity type:
- <empty>
- default objectClasses = groupOfNames
- default objectClassesForCreate = groupOfNames
- default searchBases = <empty>
- default searchFilter = <empty>
- default objectClasses = inetOrgPerson
- default objectClassesForCreate = inetOrgPerson
- default searchBases = <empty>
7.1.2. LDAP properties for Group member attributes
Provide information used to add or update your federated LDAP Group member attributes.
- federated.ldap.et.group.searchFilter
- Description
- This value specifies the search filter that you want to use to search for entity type. VMM uses this filter as an addition during search requests in your environment. The syntax is like a standard LDAP searchfilter. If this parameter is blank, VMM will formulate the filter as (&(uid=*)(objectClass=user)).
- Default value
- No default value
- Examples
- (objectclass=groupOfUniqueNames)
- federated.ldap.et.group.objectClasses
- federated.ldap.et.group.objectClassesForCreate
- federated.ldap.et.group.searchBases
- Description
- This value specifies the search base or bases to use while searching for entity type. Multiple search bases are separated by semicolon (";"). If search bases are not specified, then VMM will search under the nodes defined in nodeMaps tag. Therefore you can improve performance if you specify search bases, limiting or reducing the number of search bases. If this is a multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. To keep virtual portals that do not have a realm assigned to them functional, keep the searchBase in sync with the nodes where you want your search to start.
- Default value
- No default value
- Examples
- "cn=users1,dc=yourco,dc=com;cn=users2,dc=yourco,dc=com"
- federated.ldap.et.personaccount.searchFilter
- Description
- The search filter that you want to use to search the entity type. VMM uses this filter as an addition during search requests in your environment. The syntax is like a standard LDAP searchfilter. If no value is specified for this parameter or if this parameter is blank, VMM will formulate the filter as (&(uid=*)(objectClass=user)).
- Default value
- No default value
- Examples
- (objectclass=inetOrgPerson)
- federated.ldap.et.personaccount.objectClasses
- federated.ldap.et.personaccount.objectClassesForCreate
- federated.ldap.et.personaccount.searchBases
- Description
- This value is the search base or bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If search bases are not specified, then VMM will search under the nodes defined in nodeMaps tag. Therefore you can improve performance if you specify search bases, limiting or reducing the number of search bases.
- Default value
- No default value
- Examples
- cn=users1,dc=yourco,dc=com;cn=users2,dc=yourco,dc=com"
- federated.ldap.gm.groupMemberName
- federated.ldap.gm.objectClass
- federated.ldap.gm.scope
- federated.ldap.gm.dummyMember
- Description
- If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Oracle Directory Server and Windows Active Directory, the value has to be empty or point to an existing entry in the LDAP directory.
- Default value
- uid=dummy
- Examples
- None available
7.1.3. Advanced properties for Group configuration
Provide information used to add or update your federated LDAP user registry.
- federated.ldap.gc.name
- federated.ldap.gc.updateGroupMembership
- Description
- This value updates the group membership if the member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value.
- Default value
- false
- Examples
- None available
- federated.ldap.gc.scope
- federated.ldap.adapterClassName
- federated.ldap.supportSorting
- federated.ldap.supportTransactions
- federated.ldap.isExtIdUnique
- federated.ldap.supportExternalName
- federated.ldap.sslEnabled
- federated.ldap.sslConfiguration
- Description
- This value specifies the name of the application server SSL configuration (such as mySSLconfig) to be used for SSL enabled LDAP server. Application Server SSL configuration names can be found in WebSphere Application Server Administrative console at Security-SSL certificate and key management. This property is used to specify a non-default SSL configuration if federated.ldap.sslEnabled is set to true.
- Default value
- No default value
- Examples
- mySSLconfig
- federated.ldap.certificateMapMode
- Description
- This value specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. Specify the certificate filter to use for the mapping if client certificate authentication is used for portal server. If certificate filter is selected standalone.ldap.certificateFilter need to be configured accordingly.
- Default value
- EXACT_DN
- Examples
- None available
- federated.ldap.certificateFilter
- Description
- This value is the filter used to map attributes in the client certificate to entries within the LDAP repository. Specifies the filter certificate mapping property (use CERTIFICATE_FILTER as value for standalone.ldap.certificateMapMode) for the LDAP filter if client certificate authentication is used for portal server.
- Default value
- No default value
- Examples
- uid=${SubjectCN}
- federated.ldap.supportPaging
- federated.ldap.authentication
- federated.ldap.loginProperties
- federated.ldap.referral
- federated.ldap.derefAliases
- federated.ldap.connectionPool
- federated.ldap.connectTimeout
- federated.ldap.primaryServerQueryTimeInterval
- federated.ldap.returnToPrimaryServer
- federated.ldap.searchPageSize
- federated.ldap.searchCountLimit
- federated.ldap.searchTimeLimit
- federated.ldap.translateRDN
- federated.ldap.cp.maxPoolSize
7.2. Add or update database
The following properties are used for creating or updating a database user registry configuration. Database modification tasks of VMM need a connection to a running server instance. Check your Server is running prior to running these tasks: wp-create-db or wp-update-db
7.2.1. Advanced database properties
- federated.db.JdbcProviderName
- Description
- This value is the name of jdbc provider to be used. Keep la.JdbcProviderName in sync for the same db type. la.JdbcProviderName #DOC.DESCRIPTION.2.federated.db.JdbcProviderName =and federated.db.JdbcProviderName must be different for different database types. la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types.
- Default value
- vmmdbJDBC
- Examples
- None available
- federated.db.DbSchema
- federated.db.DbNameOnZos
- federated.db.XDbName
- Description
- This value is the TCPIP Alias for the database. This property is only required for non-Windows platforms when using DB2 with Type 2 drivers. If you are using Type 4 drivers, this value is not used. It defines the federated database alias that needs to be set if you want to call create-database JDBC driver. The database loop back alias that needs to be set if you plan to use the create-local-database-db2 task. The value must be different from the value of dbdomain.DbName. The values for dbdomain.DbName and dbdomain.XDbName must be different in the wpconfig_dbdomain.properties file. For DB2 Content Manager Runtime Edition, this property is the database for tables.
- Default value
- wps6TCP
- Examples
- The following example is for Release, Community, Customization, VMM, and the JCR: wps6TCP
- federated.db.DbNode
- Description
- Required for Non-Windows platforms when using DB2 only. This value is the node for the VMM federated domain database and needs to be set if you want to call create-database.
- Default value
- wpsNode
- Examples
- The following example is for Release, Community, Customization, JCR, and VMM databases: wpsNode
- federated.db.DbStorageGroup
- federated.db.DbVolumes
- federated.db.DbVcat
- federated.db.Db4KBufferPoolName
- federated.db.Db32KBufferPoolName
7.2.2. Setting up database tables
Provide information needed to configure tables for your federated database.
7.3. Custom user registry properties
The following properties are used to create or updated a custom user registry (CUR) in a federated security configuration. The properties are referenced when the following tasks are run: wp-create-cur and wp-update-federated-cur
7.3.1. Federated custom user registry (CUR) custom properties
The following properties and values are used to create a custom property using the wp-create-cur-custom-property task.
7.4. Enable federated repository
The following properties are used when you run the wp-modify-federated-security task. The task will enable a Federated repository and the existing default realm will be renamed.
7.4.1. Advanced federated repository properties
7.5. LDAP attribute configuration validation
The following properties are used with the wp-validate-federated-ldap-attribute-config and wp-update-federated-ldap-attribute-config tasks.
7.6. Delete federated repository properties
- federated.delete.baseentry
- Description
- This value is the name of the base entry to be deleted from the default realm. If the base entry exists in other realms, it has to be deleted manually first. Leave this empty only if you want to delete the property extension repository.
- Default value
- No default value
- Examples
- None available
- federated.delete.id
8. Stand-alone security
8.1. Modify or updated the LDAP
The following properties are used with the wp-modify-ldap-security and wp-update-standalone-ldap tasks.
- standalone.ldap.id
- Description
- This ID specifies a unique identifier for the repository within the cell. Characters that are not allowed in normal XML strings ( & < > " ' ) cannot be used in the repository ID. This value should be no longer than 36 characters.
- Default value
- No default value
- Examples
- None available
- standalone.ldap.host
- standalone.ldap.port
- standalone.ldap.bindDN
- standalone.ldap.bindPassword
- standalone.ldap.ldapServerType
- standalone.ldap.userIdMap
- Description
- This value specifies the LDAP filter that maps the short name of a user to an LDAP entry. This value is not used during node federation to DMGR with WebSphere Application Server LDAP security enabled.
- Default value
- No default value
- Examples
- The following examples displays entries of the object class = inetOrgPerson type by their IDs: inetOrgPerson:uid.
- standalone.ldap.groupIdMap
- Description
- This value specifies the LDAP filter that maps the short name of a group to an LDAP entry. Specifies the piece of information that represents groups when groups display. Use the asterisk (*) as a wildcard character that searches on any object class in this case. This value is not used during node federation to DMGR with WebSphere Application Server with LDAP security enabled.
- Default value
- No default value
- Examples
- The following example displays groups by their names: *:cn
- standalone.ldap.groupMemberIdMap
- Description
- This value specifies the LDAP filter that identifies user-to-group relationships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. This value is not used during node federation to DMGR with WebSphere Application Server LDAP security enabled.
- Default value
- No default value
- Examples
- None available
- standalone.ldap.userFilter
- Description
- This value specifies the LDAP user filter that searches the user registry for users. This value is not used during node federation to DMGR with WebSphere Application Server LDAP security enabled.
- Default value
- No default value
- Examples
- The following example would be used to look up users based on their user IDs:(&(uid=%v)(objectclass=inetOrgPerson))
- standalone.ldap.groupFilter
- standalone.ldap.serverId
- Description
- This value specifies a user ID in the repository that is used for internal process communication. This value is not used during node federation to #DOC.DESCRIPTION.2.standalone.ldap.serverId =DMGR with WebSphere Application Server LDAP security enabled.
- Default value
- No default value
- Examples
- IBM Tivoli Directory Server: { uid=,cn=users,dc=yourco,dc=com }
- standalone.ldap.serverPassword
- standalone.ldap.realm
- standalone.ldap.primaryAdminId
- standalone.ldap.primaryAdminPassword
- standalone.ldap.primaryPortalAdminId
- standalone.ldap.primaryPortalAdminPassword
- standalone.ldap.primaryPortalAdminGroup
- standalone.ldap.baseDN
8.2. LDAP entity types: properties for entity type Group
- standalone.ldap.et.group.searchFilter
- Description
- This value is the search filter that you want to use to search the entity type. VMM uses this filter as an addition during search requests in your environment. This value can be left blank. If you leave the value blank, no additional filter is applied and the other VMM configuration is used.
- Default value
- No default value
- Examples
- (objectclass=groupOfUniqueNames)
- standalone.ldap.et.group.objectClasses
- standalone.ldap.et.group.objectClassesForCreate
- standalone.ldap.et.group.searchBases
- Description
- This value specifies the search base or bases to use while searching the entity type. Multiple search bases are separated by semicolon (";"). If search bases are not specified, then VMM will search under the nodes defined in nodeMaps tag. Therefore you can improve performance if you specify search bases, limiting or reducing the number of search bases. If this is a multiple virtual portal environment, the realm definition of the virtual portal overwrites the searchBase for the objectType. To keep virtual portals that do not have a realm assigned to them functional, keep the searchBase in sync with the nodes where you want your search to start.
- Default value
- No default value
- Examples
- "cn=users1,dc=yourco,dc=com;cn=users2,dc=yourco,dc=com"
- standalone.ldap.et.personaccount.searchFilter
- standalone.ldap.et.personaccount.objectClasses
- standalone.ldap.et.personaccount.objectClassesForCreate
- standalone.ldap.et.personaccount.searchBases
8.3. Group member attributes
- standalone.ldap.gm.groupMemberName
- standalone.ldap.gm.objectClass
- standalone.ldap.gm.scope
- standalone.ldap.gm.dummyMember
- Description
- If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Oracle Directory Server and Windows Active Directory, the value has to be empty or point to an existing entry in the LDAP directory.
- Default value
- uid=dummy
- Examples
- None available
8.4. Default parent, RDN attribute
8.5. Advanced Properties for Group configuration
- standalone.ldap.gc.name
- standalone.ldap.gc.updateGroupMembership
- Description
- This value updates the group membership if the member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value.
- Default value
- No default value
- Examples
- None available
- standalone.ldap.gc.scope
- standalone.ldap.derefAliases
- standalone.ldap.authentication
- standalone.ldap.referral
- standalone.ldap.delimiter
- standalone.ldap.ignoreCase
- standalone.ldap.sslEnabled
- standalone.ldap.sslConfiguration
- Description
- This value specifies the name of the application server SSL configuration (such as mySSLconfig) to be used for SSL enabled LDAP server. Application Server SSL configuration names can be found in WebSphere Application Server Administrative console at Security-SSL certificate and key management. This property is used to specify a non default SSL configuration if federated.ldap.sslEnabled is set to true.
- Default value
- No default value
- Examples
- None available
- standalone.ldap.certificateMapMode
- Description
- This value specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. This value specifies the certificate filter to use for the mapping, if client certificate authentication is used for portal server. If certificate filter is selected standalone.ldap.certificateFilter need to be configured accordingly.
- Default value
- EXACT_DN
- Examples
- None available
- standalone.ldap.certificateFilter
- Description
- This filter is used to map attributes in the client certificate to entries within the LDAP repository. Specifies the filter certificate mapping property (use CERTIFICATE_FILTER as value for standalone.ldap.certificateMapMode) for the LDAP filter if client certificate authentication is used for portal server.
- Default value
- No default value
- Examples
- uid=${SubjectCN}
- standalone.ldap.reuseConnection
- standalone.ldap.searchTimeLimit
- standalone.ldap.connectionPool
- standalone.ldap.connectTimeout
- standalone.ldap.supportSorting
- standalone.ldap.supportPaging
- standalone.ldap.supportTransactions
- standalone.ldap.isExtIdUnique
- standalone.ldap.supportExternalName
- standalone.ldap.translateRDN
- standalone.ldap.searchCountLimit
- standalone.ldap.searchPageSize
- standalone.ldap.returnToPrimaryServer
- standalone.ldap.primaryServerQueryTimeInterval
- standalone.ldap.loginProperties
- standalone.ldap.cp.maxPoolSize
8.6. LDAP attribute configuration
If you need to update or validate the stand-alone LDAP attribute configuration, you need to provide values for the following properties. The following configuration tasks use the LDAP attribute configuration properties: wp-validate-standalone-ldap-attribute-config and wp-update-standalone-ldap-attribute-config
8.7. Stand-alone custom user registry configuration
The following properties require values only if you have a custom user registry (CUR) that you need to update. The properties are used with the following configuration tasks: wp-modify-cur-security and wp-update-standalone-cur
- standalone.cur.id
- standalone.cur.baseDN
- standalone.cur.realm
- standalone.cur.delimiter
- standalone.cur.adapterClassName
- standalone.cur.WasAdapterClassName
- standalone.cur.propertyName
- standalone.cur.propertyValue
- standalone.cur.primaryAdminId
- standalone.cur.primaryAdminPassword
- standalone.cur.primaryPortalAdminId
- standalone.cur.primaryPortalAdminPassword
- standalone.cur.primaryPortalAdminGroup
- standalone.cur.personAccountParent
- standalone.cur.groupParent
- standalone.cur.personAccountRdnProperties
- standalone.cur.groupRdnProperties
- standalone.cur.isExtIdUnique
- standalone.cur.supportExternalName
- standalone.cur.supportPaging
- standalone.cur.supportSorting
- standalone.cur.supportTransactions
9. VMM property extension database properties
Property extension database was previously called the lookaside database. The property extension database stores additional attributes that cannot be stored in the LDAP user registry. Database modification tasks of VMM need a connection to a running server instance. Check to make sure your server is running. The properties are used with the following tasks: wp-configure-la-complete and wp-add-la-property
- la.JdbcProviderName
- Description
- This value is the name of JDBC provider portal uses to communicate with its databases. To keep federated.db.JdbcProviderName in sync for the same database type, la.JdbcProviderName and federated.db.JdbcProviderName must be different for different database types
- Default value
- vmmdbJDBC
- Examples
- None available
- la.DbType
- la.DbUrl
- la.DbName
- Description
- This value is the name of the VMM property extension database. This value should also appear as the database element in DbUrl. Verify that you point to the same database. For non-Windows platforms when using DB2, this value is the TCPIP Alias for the database. For DB2 and DB2 for z/OS, this value cannot exceed 8 characters and can only contain letters and numbers. Refer to your database documentation for more information. For DB2, this value must be different from the value of dbdomain.XDbName. If you change the name of the WebSphere Portal data source due to a database migration, you must manually update this property in the portal_server_root/config/wpconfig_dbdomain.properties file to maintain the proper resource reference mapping.
- Default value
- vmmladb
- Examples
- Community: comm
- la.DataSourceName
- la.DbUser
- la.DbPassword
9.1. Advanced properties
- la.DbSchema
- Description
- This value is the VMM property extension database domain database schema name. Follow the documentation of the target database management system in order to define a valid schema name as restrictions apply for some database management systems.
- Default value
- federate
- Examples
- None available
- la.DbNameOnZos
- Description
- Required for DB2 for z/OS and OS/390 only. If you are running DB2 for z/OS as remote database, this value is the name of the remote VMM property extension database. If portal is running on z/OS and db2 for z/OS is on the same server, this value must be set equal to DbName value.
- Default value
- WPSTST02
- Examples
- None available
- la.XDbName
- la.DbNode
- la.DbStorageGroup
- la.DbVolumes
- la.DbVcat
- la.Db4KBufferPoolName
- la.Db32KBufferPoolName
9.2. Create property extension tables
9.3. Add a property
The following properties are used by -add-la-property and wp-add-property configuration tasks. The wp-add-(la-)property uses a secured connection to WebSphere Application Server Check the wp_profile/properties/sas.client.props file and ensure the following setting: com.ibm.CORBA.securityEnabled=true If you are using a remote telnet connection, set com.ibm.CORBA.loginSource to stdin or properties
- la.providerURL
- Description
- This value defines the remote endpoint where your portal server or Deployment Manager installation is available. Check the value for localhost:port The port should point to the bootstrap Port of WebSphere_Portal or Deployment Manager. Deployment Manager is used in a cluster environment
- Default value
- corbaloc:iiop:localhost:10035
- Examples
- corbaloc:iiop:dmgr.example.com:9809
- la.propertyName
- la.entityTypes
- la.dataType
- la.multiValued
- repositoryId
- Description
- This value is only used for the wp-add-property task. Adding a property to VMM configuration of a repository does not add the property to the LDAP system. List of repositories that the new property will be added to. The list of repositories must be separated by a comma. Leave the value blank to add the property to all repositories.
- Default value
- No default value
- Examples
- None available
10. VMM LDAP entity type configuration
Provide values for the following properties if you need to create, delete, or add and LDAP entity type configuration. The properties are used with the following #DOC.SECTION.DESCRIPTION.3 =configuration tasks: wp-create-ldap-entitytype, wp-delete-ldap-entitytype, and wp-add-ldap-entitytype-rdn
11. VMM supported entity types configuration
The wp-update-entitytype task updates the entity type 'entityTypeName' with the value of defaultParent and adds the RDN attribute to the existing list. The wp-set-entitytype task updates the entity type 'entityTypeName' with the value of defaultParent and adds the RDN attribute as only entry in the RDN list
11.1. Update the defaultParent of the entity types Group and PersonAccount
The wp-update-entitytypes task updates the defaultParent of the entity types Group and PersonAccount and adds the RDN attributes to the existing list. The wp-set-entitytypes task updates the defaultParent of the entity types Group and PersonAccount and adds the RDN attributes as only entry in the RDN list
11.2. Group member attribute configuration
If the group member attribute does not exist, it will be created. The following properties are used with the wp-update-ldap-groupmember and wp-delete-ldap-groupmember tasks.
- gm.ldap.id
- gm.groupMemberName
- gm.objectClass
- gm.scope
- gm.dummyMember
- Description
- If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. For Novell eDirectory servers, Oracle Directory Server and Windows Active Directory, the value has to be empty or point to an existing entry in the LDAP directory.
- Default value
- No default value
- Examples
- None available
11.3. Create group member configuration
The following properties are used with the wp-create-ldap-groupconfig task.
- gc.ldap.id
- gc.name
- gc.updateGroupMembership
- Description
- This value updates the group membership if the member is deleted or renamed. Some LDAP servers, such as Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value.
- Default value
- false
- Examples
- None available
- gc.scope
11.4. Context pool
The following properties are used with the wp-update-ldap-contextpool task.
11.5. Realm configuration
The following properties are used to in multiple realm configuration tasks. If no realm name is specified, the default realm will be updated Thewp-create-realm tasks uses the following properties: realmName, addBaseEntry, securityUse, and delimiter The wp-update-realm task uses the following properties: realmName, securityUse, and delimiter The wp-delete-realm task uses the following property: deleteRealmName The wp-default-realm task uses the following property: defaultRealmName The wp-add-realm-baseentry task uses the following properties: realmName and addBaseEntry The wp-delete-realm-baseentry task uses the following properties: realmName and deleteBaseEntry The wp-query-realm-baseentry task uses the following property: realmName The wp-modify-realm-defaultparents task uses the following properties: realmName, realm.personAccountParent, realm.groupParent, and realm.orgContainerParent The wp-modify-realm-enable-dn-login task uses the following property: realmName The wp-modify-realm-disable-dn-login task uses the following property: realmName
11.6. Base entry configuration
The following properties are used by the wp-create-base-entry, wp-update-base-entry, and wp-delete-base-entry. When running the wp-update-base-entry task, if the base entry does not exist, the task will create the entry.
11.7. Change administrative users
The following properties are used by the wp-change-was-admin-user and wp-change-portal-admin-user tasks. The wp-change-portal-admin-user task will also change the admin group if the ID is set.
- newAdminId
- Description
- This value specifies the new ID of the administrative user. The "short name" for this new ID should not be identical to the original administrative user ID. The user ID cannot contain a space for example, user ID. On Windows, if the user ID contains a space, you must place quotes around the fully qualified user ID before running the task. On UNIX, if your fully qualified user ID contains a space, you must place the fully qualified user ID in the properties file or into a parent properties file instead entering it as a flag on the command line. For example, create a parent properties file called mysecurity.properties, enter the fully qualified user ID and then run the task: ./ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties.
- Default value
- No default value
- Examples
- Development configuration without security: PortalAdminId=wpsadmin
- newAdminPw
- Description
- This value specifies the new password of the administrative user. A valid password contains only ASCII characters and can contain the following characters: Lower case characters {a-z} and upper case characters {A-Z} Numbers {0-9} Exclamation point {!}, hyphen {-}, period {.}, question mark {?}, accent grave {`}, and tilde {~} Open parenthesis {(} and close parenthesis {)} Open bracket {[} and close bracket {]} Underscore {_}, which is the only special character allowed in IBM i The password cannot contain a space: for example, pass word; and cannot be longer than 128 characters.
- Default value
- No default value
- Examples
- None available
- newAdminGroupId
11.8. Change attribute configuration
The wp-update-attribute-config task sets the overall required and unsupported properties.
11.9. Restore VMM security
The following properties are used with the wp-restore-default-repository-configuration task.
11.10. Community Isolation and external users
The following properties are used with the wp-configure-community-isolation and wp-configure-external-users task.