Planning for migration: Security

Be prepared for migrating your security configuration. To ensure a successful migration, make sure that your source environment is properly configured.

If you are using LDAP in your source environment, make sure that the wkplc.properties file is properly configured. You may have a configuration what is currently working but it may still not be supported after migration.

More specifically, short distinguished names (DN) are not supported. Make sure that the properties files in your source environment are set with the fully qualified distinguished names.

The following excerpt from the wkplc.properties file provides some examples of using fully qualified distinguished name (DN) for the PortalAdminId parameter.
PortalAdminId
Description: This value is the user ID for the WebSphere Portal Administrator.The installation program sets this value based on user input during installation. The user ID cannot contain a space: for example, user ID. The user ID cannot be longer than 200 characters.

(UNIX only) Some tasks may require you to enter the fully qualified user ID. If your fully qualified user ID contains a space; for example: cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com, then you must place the fully qualified user ID in the properties file or into a parent properties file instead of as a flag on the command line. To create a parent properties file called mysecurity.properties, enter the fully qualified user ID, and then run the following task: ./ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties.

(Windows only) Some tasks may require you to enter the fully qualified user ID. If your fully qualified user ID contains a space; for example: cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com, then you must place quotes around the fully qualified user ID before running the task, like this: "cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com".

Value: A valid user ID contains only ASCII characters and can contain the following characters:
  • Lower case characters {a-z} and upper case characters {A-Z}
  • Numbers {0-9}
  • Exclamation point {!}, Hyphen {-}, period {.}, question mark {?}, accent grave {`}, tilde {~}
  • Open parenthesis {(} and close parenthesis {)}
  • Open bracket {[} and close bracket {]}
  • Underscore {_}, which is the only special character allowed in IBM i
Examples: The following are example user IDs:
  • Development configuration without security: PortalAdminId=uid=xyzadmin,o=defaultWIMFileBasedRealm
  • IBM Tivoli Directory Server: { uid=,cn=users,dc=yourco,dc=com }
  • IBM Lotus Domino: { cn=,o=yourco.com }
  • Novell eDirectory { uid=,ou=people,o=yourco.com }
  • Oracle Directory Server : { uid=,ou=people,o=yourco.com }
  • Windows Active Directory: { cn=,cn=users,dc=yourco,dc=com }
  • Windows Active Directory-Lightweight-Directory-Services: { cn=,cn=users,dc=yourco,dc=com }
Default: no default
Parent topic: Planning for migration