6-2 Oracle Fusion Middleware Third-Party Application Server Guide ■ Seeding a Registry

6.1.1 Configuring a Registry

The configuration of an LDAP registry on IBM WebSphere is accomplished with the command configureIdentityStore, an online administration command with the following syntax: wsadmin Opss.configureIdentityStorepropsFileLoc=fileLocation propsFileLoc specifies the location of the file that contains the property settings for the identity LDAP identity store. This command modifies the configuration file jps-config.xml to include the specifications in the property file. After running Opss.configurIdentityStore, the server must be restarted. The following properties are required and must be specified in property settings file: ■ ldap.host ■ ldap.port ■ admin.id ■ admin.pass ■ idstore.type ■ user.search.bases ■ user.id.map ■ group.id.map ■ group.member.id.map ■ group.search.bases ■ primary.admin.id The following list includes optional properties specific to a IBM WebSphere registry: ■ group.filter ■ user.filter The following sample illustrates the property settings for an Oracle Directory Server Enterprise Edition identity store: user.search.bases=cn=Users,dc=us,dc=oracle,dc=com group.search.bases=cn=Groups,dc=us,dc=oracle,dc=com subscriber.name=dc=us,dc=oracle,dc=com ldap.host=stamw10.us.oracle.com ldap.port=3060 admin.id must be the full DN of the user in the LDAP admin.id=cn=orcladmin admin.pass=welcome1 user.filter=uid=vobjectclass=person group.filter=cn=vobjectclass=groupofuniquenames user.id.map=:uid group.id.map=:cn group.member.id.map=groupofuniquenames:uniquemember ssl=false primary.admin.id indicates the user you want to be the primary administrative user on WebSphere. It should be a user under user.search.bases. later you need to use this users user name and password to manage or Managing Oracle Fusion Middleware Security on IBM WebSphere 6-3 startstop the server. primary.admin.id=orcladmin optional, default to OID idstore.type=IPLANET other, optional identity store properties can be configured in this file. username.attr=cn The list of valid identity store types is the following: ■ OID ■ IPLANET ■ OVD ■ ACTIVE_DIRECTORY ■ OPEN_LDAP

6.1.2 Seeding a Registry