| Author |
ldap and websphere
|
|
|
| Hi,
We use websphere 5.1.5 on windows 2003 and recently configured it to work with ldap (IBM Directory Service 5.1). It was using Local OS authorisation & authentication prior to this.
Our ldap is down now and we would like webpshere to revert back to local OS based authentication & authorisation. Unfortunately we cannot log in to WAS Admin console because ldap is down. Is there a way to change WAS to use local OS authorisation & authen
tication in this condition?
Thanks in Advance
Harikumar
| |
| Paul Ilechko 2007-07-22, 7:18 pm |
| Sundaram.Harikumar@mincom.com wrote:
> Hi,
>
> We use websphere 5.1.5 on windows 2003 and recently configured it to work with ldap (IBM Directory Service 5.1). It was using Local OS authorisation & authentication prior to this.
>
> Our ldap is down now and we would like webpshere to revert back to local OS based authentication & authorisation. Unfortunately we cannot log in to WAS Admin console because ldap is down. Is there a way to change WAS to use local OS authorisation & auth
entication in this condition?
>
> Thanks in Advance
>
why don't you just bring your LDAP back up?
| |
| Yuriy Petrov 2007-07-22, 7:18 pm |
| Sundaram.Harikumar@mincom.com wrote:
> Hi,
>
> We use websphere 5.1.5 on windows 2003 and recently configured it to work with ldap (IBM Directory Service 5.1). It was using Local
> OS authorisation & authentication prior to this.
> Our ldap is down now and we would like webpshere to revert back to local OS based authentication & authorisation. Unfortunately we cannot log in
> to WAS Admin console because ldap is down. Is there a way to change WAS to use local OS
authorisation & authentication in this condition?
>
You can use local wsadmin (i.e. running on the same box where WAS resides) to turn off security. I
don't remember exact
- wsadmin switches that make wsadmin work directly with config repository (i.e. bypassing the
connection to app.server; -conntype NONE?)
- and wsadmnin command[-s?] that reset security settings,
but it shouldn't be a big deal to find this info in the infocenter and/or Web.
| |
| Brian S Paskin 2007-07-23, 1:21 am |
| Hi, You can shut off security by changing the security.xml file. From there you can change the parameters back to Local OS.
The file is located in:
<WAS_HOME>/profiles/<PROFILE>/config/cells/<CELL>/security.xml
Change the line which starts with <security:Security, which should be the second line. Alter enabled="true" to enabled="false".
Brian
| |
| watcher 2007-07-25, 1:23 pm |
| I think you can find the security.xml file and disable your security
setting. Then you can login to the Admin Console and re-configure your
security.
<Sundaram.Harikumar@mincom.com> wrote in message
news:288051301.1185141217633.JavaMail.wassrvr@ltsgwas010.sby.ibm.com...
> Hi,
>
> We use websphere 5.1.5 on windows 2003 and recently configured it to work
> with ldap (IBM Directory Service 5.1). It was using Local OS authorisation
> & authentication prior to this.
>
> Our ldap is down now and we would like webpshere to revert back to local
> OS based authentication & authorisation. Unfortunately we cannot log in to
> WAS Admin console because ldap is down. Is there a way to change WAS to
> use local OS authorisation & authentication in this condition?
>
> Thanks in Advance
>
>
> Harikumar
>
>
| |
| Sven Vermeulen 2007-07-25, 1:23 pm |
| > Our ldap is down now and we would like webpshere to
> revert back to local OS based authentication &
> authorisation. Unfortunately we cannot log in to WAS
> Admin console because ldap is down. Is there a way to
> change WAS to use local OS authorisation &
> authentication in this condition?
You received the information on how to disable the global security already (security.xml modification). To make this a structural solution, you cannot easily create a WebSphere configuration which falls back to local OS in case of an LDAP failure.
What you can do is to either have a back-up LDAP up and configure the secundary LDAP as well (you need to use wsadmin/JMX for this, the admin console only allows you to select one LDAP) or write your own registry handler which first connects to LDAP and f
alls back to local os if that fails.
I'm sure the latter is not that difficult as it sounds ;-)
You might also be able to configure both, select one as the default and have a script on your Deployment Manager server that switches the /Security/@activeUserRegistry setting in the security.xml file from LDAPUserRegistry to LocalOSUserRegistry.
As far as I can tell, the configuration of the user registry and LDAP remain available and you just switch the active registry. Of course, this does require a Deployment Manager restart.
Wkr,
Sven Vermeulen
|
|
|
|