Changing from a stand-alone repository to a federated repository on IBM i

If you originally configured a stand-alone LDAP user registry but find that you need a more robust security configuration, you can change to the federated user repository.

Before you begin

In a stand-alone server environment, you can complete the following task when the servers are either stopped or started. In a clustered environment, start the deployment manager and node agent and verify that they are able to synchronize.

About this task

Complete the following steps to change from a stand-alone LDAP user registry to a federated repository:
Note: Use the wp_security_federated.properties helper file, in the wp_profile_root/ConfigEngine/config/helpers directory to ensure that the correct properties are entered. In the following instructions, when the step refers to the wkplc.properties file, use your wp_security_federated.properties helper file. When you run the task, include the -DparentProperties=dir_path_helperfile -DSaveParentProperties=true parameters.

Procedure

  1. Use a text editor to open the wkplc.properties file, in the wp_profile_root/ConfigEngine/properties directory.
  2. Required: Enter a value for the following parameters in the wkplc.properties file under VMM Federated repository properties:
    Note: See the properties file for specific information about the advanced parameters.
    • federated.primaryAdminId
    • federated.realm
    • federated.serverId
    • federated.serverPassword
  3. Save your changes to the wkplc.properties file.
  4. Run the ConfigEngine.sh wp-modify-federated-security -DWasPassword=password -Dskip.ldap.validation=true task, from the wp_profile_root/ConfigEngine directory to change the configuration to use a federated repository.
  5. Stop and restart the appropriate servers to propagate the changes. For specific instructions, see Starting and stopping servers, deployment managers, and node agents.

What to do next

If you created your clustered environment, including the additional nodes, and then completed the steps in this task, you must now run the update-jcr-admin task on the secondary node. See the related links section for instructions.