Question & Answer
Question
How do you change the user or password for Directory Service Account used by the Content Engine?
Answer
The Directory Service user account and password are normally used in two product components: FileNet Enterprise Manager (FEM), and the application server. A coordinated update procedure should be followed when there is a need to change the user account or password. This procedure applies to FileNet Content Engine 4.x and above.
If the same user account is also used as the Content Engine Bootstrap user, the corresponding user in the BootstrapConfig.properties file needs to change as well. For changing the GCD admin user or password in BootstrapConfig.properties file specifically, refer to this documentation:
https://www.ibm.com/docs/en/filenet-p8-platform/5.2.0?topic=how-change-bootstrap-admin-password
1. Launch FEM and the application server's administrative console.
a. Login to FEM using the Directory Service account.
b. Login to the application server administrative console with an administrator account.
Important: Do not close above two applications until you have completed step 5 below.
2. Make LDAP account changes using either of the following methods:
a. Change the password for an existing account on the LDAP server - Using LDAP interface, change the password for the Content Engine Directory Service account.
b. Create a new user account on the LDAP server for the Content Engine Directory Service account.
3. Add new user (if applicable), to FEM
If the bind user is also the Content Engine administrator user, then the bind user will need to be added to all the existing objects in the P8 domain. Please read Update object store with new users and groups for instructions
4. Change Directory Configuration bind user in FEM
Using FEM (step 1a above), go to Domain properties > Directory Configuration > Select Directory Configuration > click the Modify button > General Tab:
a. Modify the Directory Service User with new user's full distinguish name (DN)
b. Click on Change password check box > change to a new password > click OK.
At this point you will be presented a dialog box with following message:
“These changes require the application server to be restarted. Please restart the application server to incorporate these changes”
click OK > click OK
Important: Do not restart the application server until you have completed step 5 below.
5. Change the user in the application server's directory configuration
- For WebSphere, in the WebSphere Administrative Console, go to Global Security > click Configure under User Account Repository > Modify Bind Distinguished Name (DN) > Modify Bind Password > click OK and Save changes
- For WebLogic go to Security Realms > myrealm > Providers > LDAP provider and click "Provider Specific" tab in WebLogic Admin Console. Change "Principal" and "Credential".
- For JBoss go to <JBoss Home>\server\<CE Server>\conf directory and edit "login-config.xml".
Find "FileNet" application-policy and in the login module change bindDN/bindCredential.
6. Changing the Content Engine Bootstrap user
a. In the Configure Bootstrap Properties task, set the Bootstrap Operation property to Modify Existing.
b. Confirm that the Bootstrapped EAR file property contains the path to the bootstrap file you need to edit.
c. Change the Bootstrap user password. Use Configuration Manager's features to save and run the task.
d. Run Configuration Manager's Deploy Application.
7. Remove cached files in the application server
- Close FileNet Enterprise Manager (Step 1a)
- Close Administrative Console (Step 1b)
- Stop the application server
- Remove the cached FileNetEngine directory in the application server.
For example, the default windows path on WebSphere 6.0 is
"C:\program files\WebSphere\AppServer\profiles\<profile name>\temp\<server node>\
<server>\FileNetEngine"
8. Restart the application server, and login to FEM using the new user and password.
9. Troubleshooting
If Content Engine fails to start due to mistakes in the above procedures, you may not be able to redo the change through these procedures because FEM will fail to run.
In this case, you can do the following:
- Back out the change made to the GCD database in step 3 by deleting the latest row in the FNGCD table.
- Back out the change made to the application server in step 4 by redoing the procedure with the previous user.
- Back out the change made to the BootstrapConfig.properties file's GCD user by using the backup EAR file
- Restart the application server, and login to FEM using the previous user.
- Note:
If you are using FileNet Content Engine V5.2.1 and above, you must use Advanced Console for Content Engine (ACCE) instead of FileNet Enterprise Manager (FEM).
If the same user account is also used as the Content Engine Bootstrap user, the corresponding user in the BootstrapConfig.properties file needs to change as well. For changing the GCD admin user or password in BootstrapConfig.properties file specifically, refer to this documentation:
https://www.ibm.com/docs/en/filenet-p8-platform/5.2.0?topic=how-change-bootstrap-admin-password
1. Launch FEM and the application server's administrative console.
a. Login to FEM using the Directory Service account.
b. Login to the application server administrative console with an administrator account.
Important: Do not close above two applications until you have completed step 5 below.
2. Make LDAP account changes using either of the following methods:
a. Change the password for an existing account on the LDAP server - Using LDAP interface, change the password for the Content Engine Directory Service account.
b. Create a new user account on the LDAP server for the Content Engine Directory Service account.
3. Add new user (if applicable), to FEM
If the bind user is also the Content Engine administrator user, then the bind user will need to be added to all the existing objects in the P8 domain. Please read Update object store with new users and groups for instructions
4. Change Directory Configuration bind user in FEM
Using FEM (step 1a above), go to Domain properties > Directory Configuration > Select Directory Configuration > click the Modify button > General Tab:
a. Modify the Directory Service User with new user's full distinguish name (DN)
b. Click on Change password check box > change to a new password > click OK.
At this point you will be presented a dialog box with following message:
“These changes require the application server to be restarted. Please restart the application server to incorporate these changes”
click OK > click OK
Important: Do not restart the application server until you have completed step 5 below.
5. Change the user in the application server's directory configuration
- For WebSphere, in the WebSphere Administrative Console, go to Global Security > click Configure under User Account Repository > Modify Bind Distinguished Name (DN) > Modify Bind Password > click OK and Save changes
- For WebLogic go to Security Realms > myrealm > Providers > LDAP provider and click "Provider Specific" tab in WebLogic Admin Console. Change "Principal" and "Credential".
- For JBoss go to <JBoss Home>\server\<CE Server>\conf directory and edit "login-config.xml".
Find "FileNet" application-policy and in the login module change bindDN/bindCredential.
6. Changing the Content Engine Bootstrap user
a. In the Configure Bootstrap Properties task, set the Bootstrap Operation property to Modify Existing.
b. Confirm that the Bootstrapped EAR file property contains the path to the bootstrap file you need to edit.
c. Change the Bootstrap user password. Use Configuration Manager's features to save and run the task.
d. Run Configuration Manager's Deploy Application.
7. Remove cached files in the application server
- Close FileNet Enterprise Manager (Step 1a)
- Close Administrative Console (Step 1b)
- Stop the application server
- Remove the cached FileNetEngine directory in the application server.
For example, the default windows path on WebSphere 6.0 is
"C:\program files\WebSphere\AppServer\profiles\<profile name>\temp\<server node>\
<server>\FileNetEngine"
8. Restart the application server, and login to FEM using the new user and password.
9. Troubleshooting
If Content Engine fails to start due to mistakes in the above procedures, you may not be able to redo the change through these procedures because FEM will fail to run.
In this case, you can do the following:
- Back out the change made to the GCD database in step 3 by deleting the latest row in the FNGCD table.
- Back out the change made to the application server in step 4 by redoing the procedure with the previous user.
- Back out the change made to the BootstrapConfig.properties file's GCD user by using the backup EAR file
- Restart the application server, and login to FEM using the previous user.
[{"Product":{"code":"SSNW2F","label":"FileNet P8 Platform"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Content Engine","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"5.2.1;5.2;5.1;5.0;4.5.1;4.5;4.0","Edition":"All Editions","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
06 May 2021
UID
swg21442694