IBM Support

Procedure to change the username and/or password for the FileNet Content Engine Directory Service Account, including the bootstrap user

Question & Answer


Question

How do you change the user and/or password for Directory Service Account used by the Content Engine?

Cause

Answer

The Directory Service user account and password are normally used in two product components: FileNet Enterprise Manager (FEM), and the application server. A coordinated update procedure should be followed when there is a need to change the user account and/or password. This procedure applies to FileNet Content Engine 4.x and above.

    Note:
    If you are using FileNet Content Engine V5.2.1 and above, you must use Advanced Console for Content Engine (ACCE) instead of FileNet Enterprise Manager (FEM).

If the same user account is also used as the CE Bootstrap user, the corresponding user in the BootstrapConfig.properties needs to change as well. For changing the GCD admin user/password in BootstrapConfig.properties specifically, refer to this documentation:
http://publib.boulder.ibm.com/infocenter/p8docs/v4r5m1/index.jsp?topic=/com.ibm.p8.doc/admin/security/sec_how_change_bootstrap_pwd.htm


1. Launch FEM and the application server's administrative console.
a. Login to FEM using the Directory Service account.
b. Login to the application server administrative console with an administrator account.

Important: Do not close above two applications until you have completed step 5 below.


2. Make LDAP account changes:
a. Change the password for an existing account on the LDAP server - Using LDAP interface, change the password for the CE Directory Service account.
OR
b. Create a new user account on the LDAP server for the CE Directory Service account.


3. Add new user (if applicable), to FEM
If the bind user is also the CE admin user, then the bind user will need to be added to all the existing objects in the P8 domain. Please read Update object store with new users and groups for instructions


4. Change Directory Configuration bind user in FEM
Using FEM (step 1a above), go to Domain properties > Directory Configuration > Select Directory Configuration > click on the Modify button > General Tab:
a. Modify the Directory Service User with new user's full distinguish name (DN)
b. Click on Change password check box > change to a new password > click OK.

At this point you will be presented a dialog box with following message:
“These changes require the application server to be restarted. Please restart the application server to incorporate these changes”

click OK > click OK

Important: Do not restart the application server until you have completed step 5 below.


5. Change the user in the application server's directory configuration

- For Websphere, in the WebSphere Administrative Console, go to Global Security > click on Configure under User Account Repository > Modify Bind Distinguished Name (DN) > Modify Bind Password > click OK and Save changes

- For WebLogic go to Security Realms > myrealm > Providers > ldap provider and click on "Provider Specific" tab in WebLogic Admin Console. Change "Principal" and "Credential".

- For JBoss go to <JBoss Home>\server\<CE Server>\conf directory and edit "login-config.xml".
Find "FileNet" application-policy and in login module change bindDN/bindCredential.


6. Changing the CE Bootstrap user

For CE 4.5.x and above:
a. In the Configure Bootstrap Properties task, set the Bootstrap Operation property to Modify Existing.
b. Confirm that the Bootstrapped EAR file property contains the path to the bootstrap file you need to edit.
c. Change the Bootstrap user password. Use Configuration Manager's features to save and run the task.
d. Run Configuration Manager's Deploy Application.

For CE 4.0:
Note: This step is needed only if the GCD user name is the same as the Directory Service account. Note that the example below is for a Windows environment.

- For WebSphere
a. Open command prompt window, go to folder where EAR file reside (it differs depending on CE version). For example, in CE 4.5.1, go to "<CE Home> \ tools \ configure \ profiles \ <profile> \ ear"
b. Backup Engine-ws.ear
c. Execute the command below:

java –jar “c:\program files\FileNet\ContentEngine\lib\BootStrapConfig.jar” –e Engine-ws.ear --username <username> --password <password>

d. Since the Engine-ws.ear file has been deployed in the WebSphere's installedApps path, the Bootstrap file need to be copied to the path manually. Extract the props.jar file from the ear file by utility such as Winzip, copy the props.jar file to theinstalledApps location - “<WebSphere Home>\ AppServer\ profiles \ <profile name> \ InstalledApps \<serverNodecell> \ FileNetEngine.ear \ APP-INF \ lib \"

Note that an alternative to copying the props.jar file is to uninstall and re-install the updated ear file in WebSphere.

- For WebLogic
a. Open command prompt window, go to folder - "<WebLogic home> \ user_projects \ domains \ <domain> \ servers "
b. Backup FileNetEngine.ear
c. Execute the command below:

java –jar “c:\program files\FileNet\ContentEngine\lib\BootStrapConfig.jar” –e Engine-wl.ear --username <username> --password <password>

- For JBoss
a. Open command prompt window, go to folder - "<JBoss Home> \ server \ <server> \ deploy \"
b. Backup FileNetEngine.ear
c. Execute the command below:

java –jar “c:\program files\FileNet\ContentEngine\lib\BootStrapConfig.jar” –e Engine-jb.ear --username <username> --password <password>


7. Remove cached files in the application server
- Close FileNet Enterprise Manager (Step 1a)
- Close Administrative Console (Step 1b)
- Stop the application server
- Remove the cached FileNetEngine directory in the application server.
For example, the default windows path on Websphere 6.0 is
"C:\program files\Websphere\AppServer\profiles\<profile name>\temp\<server node>\
<server>\FileNetEngine"


8. Restart the application server, and login to FEM using the new user and password.


9. Troubleshooting

If CE fails to start due to mistakes in the above procedures, you may not be able to redo the change through these procedures because FEM will fail to run.
In this case, you can do the following:

- Back out the change made to the GCD database in step 3 by deleting the latest row in the FNGCD table.
- Back out the change made to the application server in step 4 by redoing the procedure with the previous user.
- Back out the change made to the BootstrapConfig.properties file's GCD user by using the backup EAR file
- Restart the application server, and login to FEM using the previous user.

[{"Product":{"code":"SSNW2F","label":"FileNet P8 Platform"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Content Engine","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"5.2.1;5.2;5.1;5.0;4.5.1;4.5;4.0","Edition":"All Editions"}]

Document Information

Modified date:
17 June 2018

UID

swg21442694