Re: WAS6.1 jacl and jython issues
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > WebSphere > WebSphere Application Server > Re: WAS6.1 jacl and jython issues




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Re: WAS6.1 jacl and jython issues  


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
08-14-07 12:20 AM

Here is the error message I'm getting. Below is my updated jacl script. Coul
d someone please help.

WASX7209I: Connected to process "dmgr" on node scm-unitc-63_dm using SOAP co
nnector;  The type of process is: DeploymentManager

Adding group GROUP1 as Administrators...
Adding group GROUP2 as Administrators...
Adding group GROUP3 as Monitors...
Adding group GROUP4 as Deployers...
WASX7015E: Exception running command: "enableSecurity dm-cell-01 userid pass
word {GROUP5}"; exception information:
com.ibm.bsf.BSFException: error while eval'ing Jacl expression:
can't read "deployerRoleAssignment": no such variable
while executing
"addGroupToRole $deployerRoleAssignment $newgroup"
("foreach" body line 3)
invoked from within
"foreach newgroup $deployerGroups {
puts "  Adding group $newgroup as Deployers..."
addGroupToRole $deployerRoleAssignm..."
(procedure "setupUsers" line 53)
invoked from within
"setupUsers $programGroup"
(procedure "enableSecurity" line 7)
invoked from within
"enableSecurity dm-cell-01 userid password {GROUP5}"
WASX7015E: Exception running command: "$AdminConfig save"; exception informa
tion:
com.ibm.websphere.management.exception.ConfigServiceException
com.ibm.ws.sm.workspace.WorkSpaceException: RepositoryException while retry 
updating documents in master repository

WASX7341W: No "save" was performed before the interactive scripting session 
exited; configuration changes will not be saved.


 ****************************************
************************************

set administrators [ list ]
set administratorGroups [ list GROUP1 GROUP2]
set monitors [ list ]
set monitorGroups [ list GROUP3 ]
set deployers [ list ]
set deployerGroups [ list GROUP1 GROUP2]
set adminsecuritymanagers [ list ]
set adminsecuritymanagerGroups [ list GROUP1 GROUP2]
set iscadmins [ list ]
set iscadminsGroups [ list GROUP1 GROUP2]

proc enableSecurity { cell userid password programGroup } {
global AdminConfig

setupLDAP $cell $userid $password
setupLTPA $cell $password
setupSecurity $cell
setupUsers $programGroup
}

proc setupSecurity { cell } {
global AdminConfig

set sec [ $AdminConfig getid /Cell:$cell/Security:/ ]
set enableAttr [ list enabled true ]
set java2attr [ list enforceJava2Security false ]
set userRegistry [ $AdminConfig list LDAPUserRegistry $sec ]
set urAttr [ list activeUserRegistry $userRegistry ]
set attrs [ list $enableAttr $java2attr $urAttr ]
$AdminConfig modify $sec $attrs
}

proc setupLDAP { cell userid password } {
global AdminConfig

set org {OU=Service  Accounts,OU=Applications,DC=domain,DC=co
m}
set idAttr [ list serverId CN=$userid,$org ]
set passwordAttr [ list serverPassword $password ]
set ignoreCaseAttr [ list ignoreCase true ]
set baseDNAttr [ list baseDN dc=domain,dc=com ]
set bindDNAttr [ list bindDN CN=$userid,$org ]
set bindPasswordAttr [ list bindPassword $password ]
set realmAttr [ list realm server.domain.com:389 ]
set typeAttr [ list type ACTIVE_DIRECTORY ]

set sec [ $AdminConfig getid /Cell:$cell/Security:/ ]
set userRegistry [ $AdminConfig list LDAPUserRegistry $sec ]

set attrs [ list $idAttr $passwordAttr $ignoreCaseAttr $baseDNAttr $bind
DNAttr $bindPasswordAttr $typeAttr $realmAttr ]
$AdminConfig modify $userRegistry $attrs

set endpoint [lindex [lindex [$AdminConfig showAttribute $userRe
gistry hosts] 0] 0]
set hostAttr [ list host server.domain.com ]
set portAttr [ list port 389 ]
set attrs [ list $hostAttr $portAttr ]
$AdminConfig modify $endpoint $attrs

set mapModeAttr [ list certificateMapMode EXACT_DN ]
set groupFilterAttr [ list groupFilter {(&(cn=%v)(objectcategory=gr
oup))} ]
set groupIdMapAttr [ list groupIdMap *:cn ]
set groupMemberIdMapAttr [ list groupMemberIdMap memberof:member ]
set userFilterAttr [ list userFilter {(&(sAMAccountName=%v)(objectc
ategory=user))} ]
set userIdMapAttr [ list userIdMap user:sAMAccountName ]
set attrs [ list $mapModeAttr $groupFilterAttr $groupIdMapAttr $groupMem
berIdMapAttr $userFilterAttr $userIdMapAttr ]
set searchFilter [ $AdminConfig showAttribute $userRegistry searchFilter
 ]
$AdminConfig modify $searchFilter $attrs
}

proc setupLTPA { cell password } {
global AdminConfig
global AdminControl

set sec [ $AdminConfig getid /Cell:$cell/Security:/ ]
set ltpa [ $AdminConfig list LTPA $sec ]
set secMbean [ $AdminControl queryNames type=SecurityAdmin,process=dmgr,
* ]
set timeoutAttr [ list timeout 720 ]
set passwordAttr [ list password $password ]

$AdminControl invoke $secMbean generateKeys $password
set exportedKeys [ $AdminControl invoke $secMbean exportLTPAKeys ]
for { set x 0 } { $x < 7 } { incr x } {
set key [lindex [lindex $exportedKeys $x] 0]
set value [lindex [lindex $exportedKeys $x] 1]
if {[ string compare $key com.ibm.websphere.ltpa.3DESKey] == 0} 
23;
set sharedKey $value
} elseif {[string compare $key com.ibm.websphere.ltpa.PrivateKey] =
= 0} {
set privateKey $value
} elseif {[string compare $key com.ibm.websphere.ltpa.PublicKey] ==
 0} {
set publicKey $value
}
}

set sharedAttr [list shared [list [list byteArray $sharedKey]]]
set privateAttr [list private [list [list byteArray $privateKey]
]]
set publicAttr [list public [list [list byteArray $publicKey]]]

set attrs [ list $timeoutAttr $passwordAttr $sharedAttr $privateAttr $pu
blicAttr ]
$AdminConfig modify $ltpa $attrs
}

proc setupUsers { programGroup } {
global AdminConfig
global administrators
global administratorGroups
global monitors
global monitorGroups
global deployers
global deployerGroups
global adminsecuritymanagers
global adminsecuritymanagerGroups
global iscadmins
global iscadminsGroups

foreach assignment [ $AdminConfig list RoleAssignmentExt ] {
set roleLink [ $AdminConfig showAttribute $assignment role ]
set roleName [ $AdminConfig showAttribute $roleLink roleName ]
if {[string compare administrator $roleName] == 0} {
set adminRoleAssignment $assignment
}
if {[string compare monitor $roleName] == 0} {
set monitorRoleAssignment $assignment
}
}

foreach user [ $AdminConfig list UserExt ] {
lappend existing [ $AdminConfig showAttribute $user name ]
}

foreach newuser $administrators {
puts "  Adding user $newuser as an Administrator..."
addUserToRole $adminRoleAssignment $newuser
}

foreach newgroup $administratorGroups {
puts "  Adding group $newgroup as Administrators..."
addGroupToRole $adminRoleAssignment $newgroup
}

foreach newuser $monitors {
puts "  Adding user $newuser as a Monitor..."
addUserToRole $monitorRoleAssignment $newuser
}

foreach newgroup $monitorGroups {
puts "  Adding group $newgroup as Monitors..."
addGroupToRole $monitorRoleAssignment $newgroup
}
foreach newuser $deployers {
puts "  Adding user $newuser as a Deployer..."
addUserToRole $deployerRoleAssignment $newuser
}

foreach newgroup $deployerGroups {
puts "  Adding group $newgroup as Deployers..."
addGroupToRole $deployerRoleAssignment $newgroup
}

foreach newuser $adminsecuritymanagers {
puts "  Adding user $newuser as a adminsecuritymanager..."
addUserToRole $adminsecuritymanagerRoleAssignment $newuser
}

foreach newgroup $adminsecuritymanagerGroups {
puts "  Adding group $newgroup as adminsecuritymanagers..."
addGroupToRole $adminsecuritymanagerRoleAssignment $newgroup
}

foreach newuser $iscadmins {
puts "  Adding user $newuser as a iscadmins..."
addUserToRole $iscadminsRoleAssignment $newuser
}

foreach newgroup $iscadminsGroups {
puts "  Adding group $newgroup as iscadmins..."
addGroupToRole $iscadminsRoleAssignment $newgroup
}


if {[string compare $programGroup ""] != 0} {
puts "  Adding group $programGroup as Monitors..."
addGroupToRole $monitorRoleAssignment $programGroup
}
}

proc addUserToRole { roleAssignment username } {
global AdminConfig

foreach user [ lindex [ $AdminConfig showAttribute $roleAssignment u
sers ] 0 ] {
set nextName [ $AdminConfig showAttribute $user name ]
if {[string compare $nextName $username] == 0} {
puts "  User $user already exists..."
return
}
}

set nameAttr [ list name $username ]
set attrs [ list $nameAttr ]
set newuser [ $AdminConfig create UserExt $roleAssignment $attrs users ]
}

proc addGroupToRole { roleAssignment groupname } {
global AdminConfig

foreach group [ lindex [ $AdminConfig showAttribute $roleAssignment 
groups ] 0 ] {
set nextName [ $AdminConfig showAttribute $group name ]
if {[string compare $nextName $groupname] == 0} {
puts "  Group $group already exists..."
return
}
}

set nameAttr [ list name $groupname ]
set attrs [ list $nameAttr ]
set newuser [ $AdminConfig create GroupExt $roleAssignment $attrs groups
 ]
}

proc addUser { username role } {
global AdminConfig

foreach assignment [ $AdminConfig list RoleAssignmentExt ] {
set roleLink [ $AdminConfig showAttribute $assignment role ]
set roleName [ $AdminConfig showAttribute $roleLink roleName ]
if {[string compare $role $roleName] == 0} {
set roleAssignment $assignment
}
}

addUserToRole $roleAssignment $username
}

proc removeUser { username role } {
global AdminConfig

foreach assignment [ $AdminConfig list RoleAssignmentExt ] {
set roleLink [ $AdminConfig showAttribute $assignment role ]
set roleName [ $AdminConfig showAttribute $roleLink roleName ]
if {[string compare $role $roleName] == 0} {
set roleAssignment $assignment
}
}

foreach user [ lindex [ $AdminConfig showAttribute $roleAssignment u
sers ] 0 ] {
set nextName [ $AdminConfig showAttribute $user name ]
if {[string compare $nextName $username] == 0} {
puts "  Removing user $user..."
$AdminConfig remove $user
}
}
}

proc disableServerSecurity { cell node server } {
global AdminConfig

set appserv [ $AdminConfig getid /Cell:$cell/Node:$node/Server:$server/ 
]
set sec [ $AdminConfig list Security $appserv ]


set enabledAttr [ list enabled false ]
set enforceJava2SecurityAttr [ list enforceJava2Security false ]
set attrs [ list $enabledAttr $enforceJava2SecurityAttr ]

if {[string compare $sec ""] == 0} {
set sec [ $AdminConfig create Security $appserv $attrs ]
} else {
$AdminConfig modify $sec $attrs
}
}




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 07:48 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register