Vivek Agarwal’s Portal/Java Blog

An IBM Gold Consultant’s weblog about IBM, Lotus, WebSphere, J2EE, IT Processes, and other IT technologies

How do you change the LDAP server name for a WebSphere Portal v6 server?

Posted by Vivek Agarwal on June 18, 2008


Today one of the portal administrators in my team was trying to reconfigure the LDAP server being used by an existing WebSphere Portal v6 install. The specific reconfiguration that he was doing was extremely simple – he was replacing one LDAP server with another identically configured LDAP server – so the only change was the name of the LDAP server. We were able to perform this change without disabling/re-enabling security in WebSphere Portal.

You end up changing two files to change the LDAP server name –

  • security.xml: This file reconfigures the LDAP server being used by WebSphere Application Server. You can find this file in ${WP_PROFILE_ROOT}\config\cells\<cell_name>. You change the LDAP server name (highlighted in red) in the following lines –

<userRegistries xmi:type=”security:LDAPUserRegistry” xmi:id=”LDAPUserRegistry_1″ serverId=”wasadmin_dn” serverPassword=”{xor}wasadmin_pwd” realm=”ldap_server_name:389″ limit=”0″ ignoreCase=”true” type=”CUSTOM” sslEnabled=”true” sslConfig=”test/DefaultSSLSettings” baseDN=”dc=com” bindDN=”wpsbind_dn” bindPassword=”{xor}wpsbind_pwd” searchTimeout=”120″ reuseConnection=”true”>
<searchFilter xmi:id=”LDAPSearchFilter_1″ userFilter=”(&(uid=%v)(objectclass=inetOrgPerson))” groupFilter=”(&(cn=%v)(objectclass=groupOfUniqueNames))” userIdMap=”*:uid” groupIdMap=”*:cn” groupMemberIdMap=”groupOfUniqueNames:uniqueMember” certificateMapMode=”EXACT_DN” certificateFilter=””/>
<hosts xmi:id=”EndPoint_1173225214609″ host=”ldap_server_name” port=”389″/>
</userRegistries>

  • wmm.xml: This file reconfigures the LDAP server being used by WebSphere Portal WMM component. You can find this file in ${WP_SERVER_ROOT}\wmm. You change the LDAP server name (highlighted in red) in the following XML snippet –

<ldapRepository name=”wmmLDAP”
UUID=”LDAP1″
adapterClassName=”com.ibm.ws.wmm.ldap.ibmdir.IBMDirectoryAdapterImpl”
supportDynamicAttributes=”false”
configurationFile=”wmmLDAPServerAttributes.xml”
wmmGenerateExtId=”false”
supportGetPersonByAccountName=”true”
profileRepositoryForGroups=”LDAP1″
supportTransactions=”false”
adminId=”admin_dn”
adminPassword=”admin_pwd”
ldapHost=”ldap_server_name
ldapPort=”389″
ldapTimeOut=”6000″
ldapAuthentication=”SIMPLE”
ldapType=”0″
sslEnabled=”true”
sslTrustStore=”C:\WebSphere\AppServer\etc\DummyServerTrustFile.jks”
dirContextsMaxSize=”20″
dirContextsMinSize=”5″
dirContextTimeToLive=”-1″
cacheGroups=”false”
groupsCacheTimeOut=”600″
cacheAttributes=”true”
attributesCacheSize=”2000″
attributesCacheTimeOut=”600″
cacheNames=”true”
namesCacheSize=”2000″
namesCacheTimeOut=”600″>

Once you have changed the LDAP server name in these two files to match the new server name, restart WebSphere Portal and you should be set to go.

Open up SystemOut.log in ${WP_SERVER_ROOT}\log and look for the following line during server startup to verify that you are using the new LDAP server –

[6/18/08 12:10:34:690 CDT] 0000000a LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server ldap://wpsldap:389.

In our case, the LDAP server name is “wpsldap”.

My Tip: In our test environments, we usually follow the practice of using virtual host names for the LDAP and database server. Rather than configuring the actual host names of the LDAP and database server being used by a given WebSphere Portal server, we use hosts file entries on Windows that configure wpsldap and wpsdb to point to the IP addresses of the relevant LDAP and database servers. Whenever we need to reconfigure a test WP server to use a different LDAP/database server, all we need to do is change the IP address in the hosts file to point to the new server. Simple, huh! And not exactly rocket science! 🙂

Advertisements

8 Responses to “How do you change the LDAP server name for a WebSphere Portal v6 server?”

  1. Justin said

    Hello Vivek, I have learned a lot from your posts.

    You mentioned, “The specific reconfiguration that he was doing was extremely simple – he was replacing one LDAP server with another identically configured LDAP server – so the only change was the name of the LDAP server.”

    What if I need to change from one type of LDAP to another. For example, we are considering changing from Domino LDAP to TDS. Not so simple! Can you suggest any documentation that may assist with this process? Thanks.

    • Priya said

      Can the above method mentioned in the tip (How do you change the LDAP server name for Websphere POrtal v6 server-)
      be recommended for production environment?

  2. Steve said

    I am assuming that this is for a base install. How would you go about performing this in a clustered environment? Thanks

  3. Vivek Agarwal said

    Steve, while I have not done this in a clustered environment, I would just extrapolate these to a cluster. I would update security.xml on the deployment manager and then synchronize it to all the cluster nodes. And for wmm.xml, you would simply follow the IBM instructions for checking-out/checking-in WMM config files on a cluster. I expect that to work!

  4. Bala said

    Hi

    LDAP was not use for authentication before in WAS. Now they want to authenticate through LDAP.

    I can mention the ldap server name in security.xml.

    But how do I enable it.

    Thank you.

    Bala

  5. mrdeath said

    Hi all,
    Please let me know that can i create realms to use with virtual portal but not rely on an LDAP server? My project need multi virtual portal, but there is not any LDAP servers used.
    Waiting for all replies,

    Thanks and regards,

  6. Ivàn said

    hi, i need to know where is the logs from LDAP in the webSphere?

    thanks!

    Iván

  7. Anunturi imobiliare…

    […]How do you change the LDAP server name for a WebSphere Portal v6 server? « Vivek Agarwal’s Portal/Java Blog[…]…

Sorry, the comment form is closed at this time.

 
%d bloggers like this: