How to change the LDAP hostname in WebSphere Portal

Technote (FAQ)


Question

How can you update the LDAP hostname for an IBM WebSphere Portal environment that has already been configured for security?

Answer

It is unnecessary to pursue disabling and re-enabling security via the WebSphere Portal configuration tasks in order to update the LDAP hostname. The update can be achieved by simply modifying the WebSphere Member Manager (WMM) configuration and WebSphere Application Server (WAS) Security settings. This technote will address making such updates to stand-alone and clustered environments.
NOTE: This technote does not address any changes in the LDAP schema and/or distinguished names of the users/groups. If the external identifier values simply change (e.g. "ibm-entryUUID" on Tivoli Directory Server), then reference the Related information section at the end of this technote.

Modifying LDAP hostname in stand-alone WebSphere Portal environment

1) Stop the WebSphere_Portal application server.

2) Edit the hostname for the LDAP server in <WP_root>/wmm/wmm.xml:

    ldapHost="<hostname>"
3) If you enabled realm support security in WebSphere Portal and previously set the "realm" parameter to an LDAP hostname manually via the security.xml file, then manually change this parameter to the new LDAP hostname and restart server1. If you are not using realm support and/or did not set the "realm" tag manually, you can ignore this step.

4) Log into the WebSphere Application Server administration console for server1 (assumes server1 application server is currently running).
    a. If you are using realm support, then perform the following:
      -Go to Security -> User Registry -> Custom (In Portal 6 go to Security -> Global Security -> Custom)
      -Click on Custom Properties.
      -Check if the properties userRegistryRealm and/or ldapURL exists. If yes, select the property, update the value to the new hostname and click Apply. If the property does not exist, then you can ignore this step.
      -Click Security --> Global security
      -Under Authentication, click Authentication mechanisms --> LTPA.
      -Click Generate Keys
      -Save your changes and log out of the WebSphere Administration console.
    b. If you are not using realm support, then perform the following:
      -Go to Security -> User Registry -> LDAP (In Portal 6 go to Security -> Global Security -> LDAP)
      -Modify the Host value.
      -Click Apply
      -Click Security --> Global security
      -Under Authentication, click Authentication mechanisms --> LTPA.
      -Click Generate Keys
      -Save your changes and log out of the WebSphere Administration console.

5) Restart server1 and start WebSphere_Portal to confirm that the servers can start up and you can log into each of them successfully now that you are using the new LDAP hostname.

M o difying LDAP hostname in Clustered WebSphere Portal environment

1) Shut down the application servers (including WebSphere Portal) that are running on any of the nodes in the cluster. Stop the node agents on each node by executing the following command under <WAS_HOME>/bin
( WAS_profile_root/bin on WAS 6):

UNIX:
    . /stopNode.sh -user <admin _user> -password <admin_pwd>

Windows:
    . /stopNode.bat -user <admin_user> -password <admin_pwd>

iSeries:
    stopNode -instance <instance_name> -user <admin_user> -password <admin_pwd>

2) Check out the files on the primary node of the Portal cluster (assumes dmgr is running).
    Windows/Unix: Run the following command from the <WP_root>/config directory:
    Windows: WPSconfig.bat check-out-wmm-cfg-files-from-dmgr
    UNIX: ./WPSconfig.sh check-out-wmm-cfg-files-from-dmgr

    i5/OS: Run the following command from the <WP_user_root>/config directory:
      WPSconfig.sh check-out-wmm-cfg-files-from-dmgr
3) Edit the hostname for the LDAP server in <WP_root>/wmm/wmm.xml (on primary node): ldapHost="<hostname>"

4) When you complete the change, check the files back in.
    Windows/UNIX: Run the following command from the <WP_root>/config directory:
    Windows: WPSconfig.bat check-in-wmm-cfg-files-to-dmgr
    UNIX: ./WPSconfig.sh check-in-wmm-cfg-files-to-dmgr

    i5/OS: Run the following command from the <WP_user_root>/config directory:
      WPSconfig.sh check-in-wmm-cfg-files-to-dmgr
5) If you enabled realm support security in WebSphere Portal and previously set the "realm" parameter to an LDAP hostname manually via the security.xml file , then manually change this parameter to the new LDAP hostname and restart the deployment manager. If you are not using realm support and/or did not set the "realm" tag manually, you can ignore this step.

6) Log into the Network Deployment Manager administration console.
    a. If you are using realm support, then perform the following:
      -Go to Security -> User Registry -> Custom (In Portal 6 go to Security -> Global Security -> Custom)
      -Click on Custom Properties.
      -Check if the properties userRegistryRealm and/or ldapURL exist. If yes, select the property, update the value to the new LDAP hostname and click Apply. If the property does not exist, then you can ignore this step.
      -Click Security --> Global security
      -Under Authentication, click Authentication mechanisms --> LTPA.
      -Click Generate Keys
      -Save your changes and log out of the WebSphere Administration console. (Do not attempt to synchronize since your nodeagents are down)
    b. If you are not using realm support, then perform the following:
      -Go to Security -> User Registry -> LDAP (In Portal 6 go to Security -> Global Security -> LDAP)
      -Modify the Host value.
      -Click Apply
      -Click Security --> Global security
      -Under Authentication, click Authentication mechanisms --> LTPA.
      -Click Generate Keys
      -Save your changes and log out of the WebSphere Administration console. (Do not attempt to synchronize since your nodeagents are down.)

7) Synchronize all nodes with the Network Deployment Manager by executing the following command on each node under <WAS_root>/bin
( <WAS_profile_root/bin on WAS 6):
    UNIX:
      ./syncNode.sh <hostname_of_DMGR> -user <wpsbind_user> -password <wpsbind_pwd>

    Windows:
      ./syncNode.bat <hostname_of_DMGR> -user <wpsbind_user> -password <wpsbind_pwd>

    iSeries:
      syncNode  <hostname_of_DMGR> -user <wpsbind_user> -password <wpsbind_pwd>
8) Restart the dmgr and test the log in to the Network Deployment Manager administration console.

9) Start the node agents of each node using the administration console.

10) Start WebSphere Portal on all nodes using the administrative console and test the log in to each server.

NOTE: We have addressed all settings that are accessed during runtime. However, you may still want to update any files that may be referenced in the future. For example, you can check the <WP_root>/config/wpconfig.properties to confirm that the LDAPHostName parameter has the correct value for any future execution of the portal security configuration tasks.

Related information

Fixing access control if external IDs change

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Portal End of Support Products
WebSphere Portal

Software version:

5.1, 6.0

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows, i5/OS

Software edition:

Enable, Express, Extend, Server

Reference #:

1244746

Modified date:

2006-08-31

Translate my page

Machine Translation

Content navigation