Purpose
Migrates changes made to console users and groups in the admin-authz.xml file into the Tivoli Access Manager object space.
Syntax
migrateEAR
-j path
-c URI
-a admin_ID
-p admin_pwd
-w Websphere_admin_user
-d user_registry_domain_suffix
[-r root_objectspace_name]
[-t ssl_timeout]
Parameters
This parameter is optional. When the parameter is not specified, you are prompted to supply it at run time.
file:/opt/IBM/WebSphere/AppServer/java/jre/PdPerm.properties
file:/usr/IBM/WebSphere/AppServer/java/jre/PdPerm.properties
file:/”c:\Program Files\IBM\WebSphere\AppServer\java\jre\PdPerm.properties”
Windows platforms require that the domain suffix is enclosed within quotes.
You can use the pdadmin user show command to display the distinguished name (DN) for a user.
file:/opt/IBM/WebSphere/AppServer/profiles/profileName/config/cells/cellName/admin-authz.xml
file:/usr/IBM/WebSphere/AppServer/profiles/profileName/config/cells/cellName/admin-authz.xml
“c:\Program Files\IBM\WebSphere\AppServer\profiles\profileName\config\cells\cellName\admin-authz.xml”
This parameter is optional. When it is not specified, the user is prompted to supply the password for the administrative user name.
The default value for the root object space is WebAppServer.
The Tivoli Access Manager root object space name is set by modifying the amwas.amjacc.template.properties prior to configuring the Tivoli Access Manager Java Authorization Contract for Containers (JACC) provider for the first time. This option should be used if the default object space value is not used in the configuration of the Tivoli Access Manager JACC provider.
The Tivoli Access Manager object space name should never be changed after the Tivoli Access Manager JACC provider has been configured.
The default is 60 minutes. The minimum is 10 minutes. The maximum value cannot exceed the Tivoli Access Manager ssl-v3-timeout value. The default value for ssl-v3-timeout is 120 minutes.
This parameter is optional. If you are not familiar with the administration of this value, you can safely use the default value.
When the WebSphere Application Server administrative user does not already exist in the protected object space, it is created or imported. In this case, a random password is generated for the user and the account is set to not valid. Change this password to a known value and set the account to valid.
Comments
This utility migrates security policy information from deployment descriptors (enterprise archive files) to Tivoli Access Manager for WebSphere Application Server. The script calls the Java class: com.tivoli.pdwas.migrate.Migrate.
Before invoking the script you must run setupCmdLine.bat or setupCmdLine.sh. These files can be found in the %WAS_HOME%/bin directory.
Return codes