Configuring Websphere Portal V6

Configuring WebSphere Portal V6.1 with Standalone ITDS6.0 LDAP over SSL

This article contains step – by – step instructions on setting up WebSphere Portal V6.1 with ITDS6.0 LDAP over SSL.

System Info :

ITDS LDAP 6.0 – windows 2000 server

WebSphere Portal Server 6.1 – AIX6.1

Configuration Steps :

Install ITDS6.0 LDAP
Setup LDAP with Portal Admin users / groups.
Enable SSL and generate LDAP SSL certificate on LDAP Server by following ITDS Infocenter .
Install WebSphere Portal 6.1 - Refer to WebSphere Portal 6.1 infocenter.
Start “server1” - <wp_profile>/bin/startServer.sh server1
Launch WAS Admin Console in Web browser , login as WAS Admin Userid/pwd ( same a portal admin id/pwd provided during the install).Ex:
Choose one of the following options to specify the LDAP server’s SSL certificate in the server trust store :

Option / Description
Retrieve from port / Perform the following steps to retrieve the certificate from the port:

Log in to the WebSphere Application Server Administrative Console.
Navigate to SecuritySSL certificate and key managementSSL configurations.
Click the appropriate SSL configuration from the list; for example, NodeDefaultSSLSettings.
Click Key stores and certificates.
Click the appropriate trust store from the list; for example, NodeDefaultTrustStore.
Click Signer certificates, click Retrieve from port, and then enter the following information:
Type the Host name used when attempting to retrieve the signer certificate from the SSL port.
Type the SSLPort used when attempting to retrieve the signer certificate.
Type the Alias the key store uses for the signer certificate.
Click Retrieve signer information to retrieve the certificate from the port.
Click OK and then click Save to save the changes to the master configuration.
Click on Retrieve signer information in above screen.
Click Apply and Save
Should see the certificate added to the list.

8. Enter a value for the following required parameters in the wkplc.properties file under the VMM Stand-alone LDAP configuration heading:

Note: See the wkplc.properties file for specific information about the required parameters and for advanced parameters.

standalone.ldap.id = ids1
standalone.ldap.host = manju.rtp.raleigh.ibm.com
standalone.ldap.port = 637
standalone.ldap.bindDN = cn=root
standalone.ldap.bindPassword = p0rtal4u
standalone.ldap.ldapServerType = IDS6
standalone.ldap.userIdMap = *:uid
standalone.ldap.groupIdMap = *:cn
standalone.ldap.groupMemberIdMap =
standalone.ldap.userFilter = (&(uid=%v)(objectclass=inetOrgPerson))
standalone.ldap.groupFilter = (&(cn=%v)(objectclass=groupOfUniqueNames))
standalone.ldap.serverId = uid=wpsadmin,cn=users,dc=raleigh,dc=com
standalone.ldap.serverPassword = p0rtal4u
standalone.ldap.realm = idsrealm1
standalone.ldap.primaryAdminId = uid=wpsadmin,cn=users,dc=raleigh,dc=com
standalone.ldap.primaryAdminPassword = p0rtal4u
standalone.ldap.primaryPortalAdminId=uid=wpsadmin,cn=users,dc=raleigh,dc=com
standalone.ldap.primaryPortalAdminPassword = p0rtal4u
standalone.ldap.primaryPortalAdminGroup=cn=wpsadmins,cn=groups,dc=raleigh,dc=com
standalone.ldap.baseDN = dc=raleigh,dc=com
Update the LDAP entity types heading :
standalone.ldap.et.group.searchFilter
standalone.ldap.et.group.objectClasses = groupOfUniqueNames
standalone.ldap.et.group.objectClassesForCreate
standalone.ldap.et.group.searchBases
standalone.ldap.et.personaccount.searchFilter
standalone.ldap.et.personaccount.objectClasses = inetorgperson
standalone.ldap.et.personaccount.objectClassesForCreate
standalone.ldap.et.personaccount.searchBases
Update the Group member attributes heading :
standalone.ldap.gm.groupMemberName=uniqueMember
standalone.ldap.gm.objectClass=groupOfUniqueNames
standalone.ldap.gm.scope=direct
standalone.ldap.gm.dummyMember=uid=dummy
Update the Default parent, RDN attribute heading :
standalone.ldap.personAccountParent=cn=users,dc=raleigh,dc=com
standalone.ldap.groupParent=cn=groups,dc=raleigh,dc=com
standalone.ldap.personAccountRdnProperties=uid
standalone.ldap.groupRdnProperties=cn
Update the following SSL properties in Advanced Properties heading :
standalone.ldap.sslEnabled = true
standalone.ldap.sslConfiguration=NodeDefaultSSLSettings – Default SSL configuration.Update this accordingly ex: change this value to non-default one incase a non-default SSL configuration was created.

9. Save wkplc.properties file

Choose the following option to specify the LDAP server's SSL certificate in the default client trust store:
Run the ./ConfigEngine.sh validate-standalone-ldap -DWasPassword=password task to validate your LDAP server settings.

Option / Description
Signer certificate retrieval / See Secure installation for client signer retrieval.
Note: During the validation task, you may receive the following prompt: "Add signer to the trust store now?" Type y and then press Enter.

The task in the above Step may report an error or fail but it will successfully update the trust store so the error message can be ignored.
NOTE : Restart both server1 and WebSphere_Portal servers inorder to run the following task successfully.
Run the ./ConfigEngine.sh wp-modify-ldap-security -DWasPassword=password task to set the stand-alone LDAP user registry.
Restart servers server1 and WebSphere_Portal. Server1 and WebSphere_Portal must start without any errors.
Verify SSL configuration in WAS Admin Console .Launch WAS Admin Console : login as ldap admin id/pwd .
Navigate to – Security – Secure administration,applications,and infrastructure – verify User account repository section – Available realm definitions – set to Standalone LDAP registry and click on Configure.You will see the following screen.

Verify that the Port : 637 – SSL port and in SSL Settings – SSL enabled check box is checked as shown in the screen below :

Launch Portal Page in Web browser and login as LDAP Portal Admin ID / Pwd successfully.
Create a new user and group using Users and Groups page/portlet.