Switching the user registry configuration for a system in use

If you switch the user registry after the system has been used for a while by multiple users, you must clean up the security repository as part of the user registry change. If you switch the user registry immediately after installation, you do not have to do this procedure.

About this task

If you must switch the user registry, do the registry switch immediately after installing the software if possible, before you do any additional security configuration tasks. If you must switch the user registry at a later time, do this procedure to clean up all previous security configuration settings. Settings include role assignments, credential mappings, and access rights. These settings are deleted from the repository. You must configure the settings again manually for the new users of the new registry.

If you must change the user registry after the system has been in production, consider instead migrating to a new installation to avoid any security issues and risks. Otherwise, a mismatch might occur between the users of the old and new user registries.

Procedure

  1. Perform the procedure to switch the user registry.
    For user registry switching procedures, see User registry configuration.
    Stop that procedure at the point where you are directed to this one.
  2. Log in to the computer where the services tier is installed.
    • If you have implemented WebSphere® Application Server clustering within your installation, log in to the computer that hosts the WebSphere Application Server Deployment Manager.
    • If you have not implemented clustering, log in to the services tier computer.
  3. From the command line, run the following command to clean up all of the groups that are related to the security configuration:
    Windows cue graphic
    C:\IBM\InformationServer\ASBServer\bin\DirectoryAdmin.bat -delete_groups
    Linux cue graphicUNIX cue graphic
    /opt/IBM/InformationServer/ASBServer/bin/DirectoryAdmin.sh -delete_groups
  4. From the command line, run the following command to clean up all of the users related to the security configuration:
    Windows cue graphic
    C:\IBM\InformationServer\ASBServer\bin\DirectoryAdmin.bat -delete_users
    Linux cue graphicUNIX cue graphic
    /opt/IBM/InformationServer/ASBServer/bin/DirectoryAdmin.sh -delete_users
  5. If you switch to the InfoSphere Information Server internal user registry, run the following command from the command line again:
    Windows cue graphic
    C:\IBM\InformationServer\ASBServer\bin\DirectoryAdmin.bat -user 
  -userid was_admin_username -password was_admin_password
    Linux cue graphicUNIX cue graphic
    /opt/IBM/InformationServer/ASBServer/bin/DirectoryAdmin.sh -user 
  -userid was_admin_username -password was_admin_password

    You can provide the password as plain text or as a string that has been encrypted with the encrypt command.

  6. Complete the remainder of the user registry switching procedure that you started in step 1.