Configuring WebSphere user registry

From Version 6.4.2 onwards, Netcool Configuration Manager fully supports WebSphere user registries.

About this task

The default stand-alone version of Netcool Configuration Manager uses an RseriesUserRegistry, while in the default integrated scenario the Tivoli Netcool/OMNIbus user registry used by Network Manager is referenced.

In the stand alone configuration it is possible to point to a different UserRegistry (for example an LDAP). Any registry that Websphere accepts will function. The configuration of the registry is implementation dependent. If a user registry other than RSeriesUserRegistry is used, user accounts (such as IDs and passwords) will be managed outside of Netcool Configuration Manager in the user registry.

Procedure

Remote UserRegistry (that is, not RSeriesUserRegistry)

  1. Open the WebSphere administrative console..
  2. Select Security > Global security.
  3. In the User account repository section, set the realm to something other than 'theRealm'.
  4. Select the realm definition, and configure the realm as per the remote user registry instructions.
  5. Create an IntellidenUser group in the user repository. Depending on the repository type this may be done in a different application or at the Users and Groups > Manage Groups page.
  6. Create an IntellidenAdminUser group in the user repository, and add at least one user to the IntellidenAdminUser group. Depending on the repository type this may be done in a different application or at the Users and Groups > Manage Groups page.
  7. Any user that should have access to the application must be added to the IntellidenUser group, and this includes the users added to the IntellidenAdminUser group. Depending on the repository type this may be done in a different application or at the Users and Groups > Manage Groups page.

    Once the above changes are made and the system restarted, users may login to the application using the credentials from the remote repository. Users in the IntellidenAdminUser group will be able to perform administrative functions on the application, and users in the IntellidenUser group will be able to log into the system.

Local UserRepository

  1. Open the WebSphere administrative console..
  2. Select Security > Global security.
  3. Enable administrative security.
  4. Enable application security.
  5. In the User account repository section, set the realm to theRealm.
  6. Set the realm definition to Standalone custom registry.
  7. Configure the realm by setting the following values:
    Primary administrative user name
    Intelliden
    Server user identity
    Automatically generated server identity
    Custom registry class name
    com.ibm.websphere.intelliden.RSeriesUserRegistry

What to do next

All user and group editing is performed within Netcool Configuration Manager.