Hi,

We use websphere 5.1.5 on windows 2003 and recently configured it to work wi
th ldap (IBM Directory Service 5.1). It was using Local OS authorisation & a
uthentication prior to this.

Our ldap is down now and we would like webpshere to revert back to local OS 
based authentication & authorisation. Unfortunately we cannot log in to WAS 
Admin console because ldap is down. Is there a way to change WAS to use loca
l OS authorisation & authen
tication in this condition?

Thanks in Advance


Harikumar

[ Post a follow-up to this message ]

Sundaram.Harikumar@mincom.com wrote:
> Hi,
>
> We use websphere 5.1.5 on windows 2003 and recently configured it to work 
with ldap (IBM Directory Service 5.1). It was using Local OS authorisation &
 authentication prior to this.
>
> Our ldap is down now and we would like webpshere to revert back to local OS based 
authentication & authorisation. Unfortunately we cannot log in to WAS Admin console 
because ldap is down. Is there a way to change WAS to use local OS authorisation & a
uth
entication in this condition?
>
> Thanks in Advance
>

why don't you just bring your LDAP back up?

[ Post a follow-up to this message ]

Sundaram.Harikumar@mincom.com wrote:
> Hi,
>
> We use websphere 5.1.5 on windows 2003 and recently configured it to work 
with ldap (IBM Directory Service 5.1). It was using Local
> OS authorisation & authentication prior to this.
> Our ldap is down now and we would like webpshere to revert back to local O
S based authentication & authorisation. Unfortunately we cannot log in
> to WAS Admin console because ldap is down. Is there a way to change WAS to use loc
al OS
authorisation & authentication in this condition?
>
You can use local wsadmin (i.e. running on the same box where WAS resides) t
o turn off security. I
don't remember exact

- wsadmin switches that make wsadmin work directly with config repository (i
.e. bypassing the
connection to app.server; -conntype NONE?)
- and wsadmnin command[-s?] that reset security settings,

but it shouldn't be a big deal to find this info in the infocenter and/or We
b.

[ Post a follow-up to this message ]

Hi, You can shut off security by changing the security.xml file.  From there
 you can change the parameters back to Local OS.

The file is located in:
<WAS_HOME>/profiles/<PROFILE>/config/cells/<CELL>/security.xml

Change the line which starts with <security:Security, which should be the se
cond line.  Alter enabled="true" to enabled="false".

Brian

[ Post a follow-up to this message ]

I think you can find the security.xml file and disable your security
setting. Then you can login to the Admin Console and re-configure your
security.

<Sundaram.Harikumar@mincom.com> wrote in message
news:288051301.1185141217633.JavaMail.wassrvr@ltsgwas010.sby.ibm.com...
> Hi,
>
> We use websphere 5.1.5 on windows 2003 and recently configured it to work
> with ldap (IBM Directory Service 5.1). It was using Local OS authorisation
> & authentication prior to this.
>
> Our ldap is down now and we would like webpshere to revert back to local
> OS based authentication & authorisation. Unfortunately we cannot log in to
> WAS Admin console because ldap is down. Is there a way to change WAS to
> use local OS authorisation & authentication in this condition?
>
> Thanks in Advance
>
>
> Harikumar
>
>

[ Post a follow-up to this message ]

> Our ldap is down now and we would like webpshere to
> revert back to local OS based authentication &
> authorisation. Unfortunately we cannot log in to WAS
> Admin console because ldap is down. Is there a way to
> change WAS to use local OS authorisation &
> authentication in this condition?

You received the information on how to disable the global security already (
security.xml modification). To make this a structural solution, you cannot e
asily create a WebSphere configuration which falls back to local OS in case 
of an LDAP failure.

What you can do is to either have a back-up LDAP up and configure the secund
ary LDAP as well (you need to use wsadmin/JMX for this, the admin console on
ly allows you to select one LDAP) or write your own registry handler which f
irst connects to LDAP and f
alls back to local os if that fails.

I'm sure the latter is not that difficult as it sounds ;-)

You might also be able to configure both, select one as the default and have
 a script on your Deployment Manager server that switches the /Security/@act
iveUserRegistry setting in the security.xml file from LDAPUserRegistry to Lo
calOSUserRegistry.

As far as I can tell, the configuration of the user registry and LDAP remain
 available and you just switch the active registry. Of course, this does req
uire a Deployment Manager restart.

Wkr,

Sven Vermeulen

[ Post a follow-up to this message ]