After configuring and using the standalone LDAP
user registry, you may find that your LDAP user registry is not working
exactly as you would like. You can easily update the LDAP user registry
and make the necessary changes. For example, you can change your LDAP
Bind password. This task removes any existing attribute mappings.
Review all existing attribute mappings before proceeding so you can
re-create them after completing this task.
In a stand-alone server environment, you
can complete the following task when the servers are either stopped
or started. In a clustered environment, start the deployment manager
and nodeagent and verify that they are able to synchronize before
starting the following task.If you need
to rerun the wp-modify-ldap-security task to
change the LDAP repositories or because the task failed, you must
choose a new name for the realm using the standalone.ldap.realm parameter or you can set ignoreDuplicateIDs=true in the wklpc.properties file,
before rerunning the task.
Complete the following steps to update the
stand-alone LDAP user registry:Note: Use the
wp_security_xxx.properties helper
file, located in the
wp_profile_root/ConfigEngine/config/helpers directory,
when completing this task to ensure the correct properties are entered.
In the following instructions, where the step refers to the
wkplc.properties file,
use your
wp_security_xxx.properties helper file.
- Use a
text editor to open the wkplc.properties file,
located in the wp_profile_root/ConfigEngine/properties directory.
- Enter the following parameter in the wkplc.properties file
under the Stand-alone LDAP repository heading to identify the stand-alone
LDAP user registry that you want to update:
Note: See the properties file for specific information about the required
and advanced parameters.
- Specify values as required
for any parameters that begin with standalone.ldap under
the Stand-alone LDAP repository heading in wkplc.properties. The task you run updates all stand-alone LDAP properties.
Note: See the properties file for specific information about the required
and advanced parameters.
- Specify a new realm name
in the wkplc.properties file.
- Locate the following parameter under the Stand-alone
LDAP repository heading: standalone.ldap.realm.
- Specify a new realm name as the value for the parameter. For example, change standalone.ldap.realm=PortalDev to standalone.ldap.realm=DevPortal.
- Save your changes to
the wkplc.properties file.
- Run the ./ConfigEngine.sh
validate-standalone-ldap -DWasPassword=password task to validate your LDAP server settings.
Note: In an environment
configured with an LDAP with SSL, during the validation task, you
will be prompted to add a signer to the truststore. For example, Add signer to the truststore now?. If you do, press y then Enter.
- Complete the following steps
to update the stand-alone LDAP user registry:
- Run the ./stopServer.sh WebSphere_Portal -username admin_userid -password admin_password task
from the wp_profile_root/bin directory.
- Run the ./ConfigEngine.sh wp-update-standalone-ldap
-DWasPassword=password task, from the wp_profile_root/ConfigEngine directory.
- Stop and restart the appropriate servers
to propagate the changes. For specific instructions, see Starting and stopping servers, deployment managers, and node agents.
If you
created your clustered environment, including the additional nodes,
and then completed the steps in this task, you must now run the update-jcr-admin task on the secondary node. See the
related links section for instructions.This task removed any attribute mappings that you added
since you enabled your stand-alone LDAP user registry. Therefore,
you must re-run the mapping attribute task. The instructions are located
in the installing WebSphere Portal Express section.
Choose the appropriate operating system and then the appropriate deployment
option. The mapping topic is then located in the "Configuring WebSphere Portal Express to use a user registry"
topic under "Adapting the attribute configuration".
