Updating LDAP binding information
Use this information to dynamically update security LDAP binding information by switching to a different binding identity.
About this task
You can dynamically update Lightweight Directory Access Protocol (LDAP) binding information without first stopping and restarting WebSphere® Application Server by using the wsadmin tool.
The resetLdapBindInfo method in SecurityAdmin MBean is used to dynamically update LDAP binding information at WebSphere Application Server security runtime, and it takes the bind distinguished name (DN) and bind password parameters as input. The resetLdapBindInfo method validates the bind information against the LDAP server. If validation passes, new binding information is stored in security.xml, and a copy of the information is placed in WebSphere Application Server security runtime.
If the new binding information is null, null, the resetLdapBindInfo method first extracts LDAP binding information, including bind DN, bind password, and target binding host from WebSphere Application Server security configuration in security.xml. It then pushes the binding information to WebSphere Application Server security runtime.
Switching to a different binding identity
About this task
To dynamically update security LDAP binding information by switching to a different binding identity:
Procedure
- In the administrative console, click Security > Global security.
- Under User account repository, click the Available realm definitions drop-down list, select Standalone LDAP registry, and click Configure.
- Create a new bind DN. It must have the same access authority as the current bind DN.
- Run the SecurityAdmin MBean across all of the application server processes to validate the new binding information, to save it to security.xml, and to push the new binding information to the runtime.
Example
proc LDAPReBind {args} {
global AdminConfig AdminControl ldapBindDn ldapBindPassword
set ldapBindDn [lindex $args 0]
set ldapBindPassword [lindex $args 1]
set secMBeans [$AdminControl queryNames type=SecurityAdmin,*]
set plist [list $ldapBindDn $ldapBindPassword]
foreach secMBean $secMBeans {
set result [$AdminControl invoke $secMBean resetLdapBindInfo $plist]
}
}
Switching to a failover LDAP host
About this task
To dynamically update security LDAP binding information by switching to a failover LDAP host: