Configuring security


Getting started
Setting up the LDAP server
Configuring the LDAP user registry
Configuring LTPA
Enabling global security


Getting started

This section describes the steps for configuring security for the BeenThere sample, and assumes that you are configuring global security for the first time. If global security is previously configured, use the instructions accordingly. For Sample demonstration purposes, the Lightweight Third Party Authentication (LTPA) Mechanism, which provides advanced features including single sign-on (SSO) and trust association, is used. For more information on managing security, refer to the WebSphere Application Server Information Center. In the All topics by feature view, read the articles in the Security > Securing applications and their environment > Managing security section.

Prerequisites: IBM Tivoli Directory Server 5.2 is a prerequisite for this section. Visit the Tivoli Resource Center to download the IBM Tivoli Directory Server 5.2 product.



Setting up the LDAP server

The following instructions describe how to configure IBM Tivoli Directory Server as the Lightweight Directory Access Protocol (LDAP) server.

At a high level, the steps to configure IBM Tivoli Directory Server using either the Configuration Tool or command-line utilities are:

  1. Set the IBM Tivoli Directory Server administrator distinguished name (DN) to cn=root and the password to secret.
  2. Create a database instance.
  3. Add a directory suffix with distinguished name dc=websphere,dc=ibm,dc=com.
  4. Populate the directory by importing LDIF data from the <deployment_manager_profile_root>/samples/ldif/BeenThere.ldif file.
  5. Type ibmslapd at a command prompt to start the directory server.

IBM Tivoli Directory Server is now configured and running.



Configuring the LDAP user registry

Complete the following steps to configure the LDAP user registry:


  1. Open the administrative console web address, http://<host_name>:9060/ibm/console in a browser, where <host_name> is the host name or IP address where the deployment manager is running.
  2. In the administrative console, click Security > Global security > LDAP.
  3. Enter the following values:
  4. Click Apply.

The LDAP user registry is now configured.



Configuring LTPA

Complete the following steps to configure LTPA:


  1. Click Security > Global security > Authentication mechanisms > LTPA.
  2. Enter the following values:
  3. Click Apply.
  4. Click Single signon (SSO).
  5. Type the domain name in the Domain name field.
  6. Click Apply.

LTPA is now configured.



Enabling global security

Complete the following steps to enable global security:


  1. Click Security > Global Security.
  2. Select Enabled global security.
  3. Select LDAP from the Active user registry list.
  4. Click Apply.
  5. Click Save at the top of the main panel in the administrative console.
  6. Verify that Synchronize changes with Nodes is selected.
  7. Click Save.
  8. Stop and restart the deployment manager and node agents.

Global security is now enabled.