IBM BS029ML Self Help Guide - Page 113
Adding application specific attributes to users and groups, LWP_Security_ext
![]() |
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 113 highlights
In the following discussion, we assume the user IDs used for the purposes above are all different. After the discussion, readers can easily extrapolate the cases if the user IDs may play multiple roles. The portal Admin user's password is not stored in any of the portal databases, unless the security is enabled using the database as the user registry, such as the default WMMUR DB. So the password of the portal admin user can be changed through the portal Edit My Profile page, if portal is configured to be able to do so, or can be changed directly in the LDAP server. After the password change, the portal admin user should work fine, but you may find exceptions during the portal startup. This is due to RunAs roles configured on some of the enterprise applications deployed on the Application Server. Check the ones listed here: LWP_CAI LWP_Security_ext LWP_TAI pznscheduler.ear The portal admin user ID and the group DN cannot be simply replaced without re-configuring security, which mainly involves disabling security, modifying LDAP information in wpconfig.properties, and re-enabling security. The WebSphere Application Server admin user can be a little trickier, since the password is stored in configuration XML files. Timing is the key. The password should be updated in the Administrative Console. Before the password is changed in LDAP, you must have the Application Server running and already logged in to the Administrative Console. After the password is changed on the LDAP server, you can then change the password in the admin console. Restart the server to make sure the change is successful. Within a cluster, the password should be changed through the Deployment Manager. The process of changing the password of LDAPBindID is similar to that of the WebSphere Application Server admin user. The password for the WMM bind user ID (LDAPAdminUId) must be encrypted by using wmm_encrypt.bat/.sh, and written into wmm.xml (adminPassword). 4.2.4 Adding application specific attributes to users and groups With an LDAP server configuration, a set of default attributes have already been defined based on a standard objectclass, such as inetOrgPerson for users. In many cases, some new attributes, not available in the standard objectclass, are required for the applications. There are a couple of ways to accomplish this task. Chapter 4. WebSphere Portal security 99
![](/manual_guide/products/ibm-bs029ml-self-help-guide-6d3dd71/113.png)