Home » IBM Manuals » Computer Software » IBM E02HRLL-G » Manual Viewer

IBM E02HRLL-G Administration Guide - Page 81

LDAP support for logon authentication, Using LDAP

Add to My Manuals
Save this manual to your list of manuals

Page 81 highlights

Chapter 7. LDAP support for logon authentication In addition to using WebSphere Partner Gateway partner registry for console authentication, WebSphere Partner Gateway supports Lightweight Directory Access Protocol (LDAP) container-based authentication that uses the WebSphere Application Server authentication mechanism. WebSphere Application Server supports 3 types of authentication: 1. LDAP registry 2. Local operating system registry 3. Custom registry WebSphere Partner Gateway uses WebSphere Application Server LDAP registry authentication. By enabling the container managed authentication in applications like WebSphere Partner Gateway which are deployed in WebSphere Application Server, the administrator can manage user authentication in a central location outside of the WebSphere Partner Gateway application. Using LDAP Use LDAP when Container based authentication is selected: v During installation. v By setting the attribute bcg.ldap.containerauth located in Console System Administration > Common Properties to True. Enabling the container managed authentication mechanism To enable the container managed authentication mechanism, set the bcg.ldap.containerauth property value to True in the WebSphere Partner Gateway console, then configure the WebSphere Application Server Global Security setting to use LDAP. After you have enabled the authentication, users are authenticated against the LDAP server when logging into WebSphere Partner Gateway. Note: When LDAP is enabled during the installation process, the administrator must ensure that the configured LDAP server is given a user named hubadmin, This is a valid logon user name for LDAP authentication regardless of whatever logon type is chosen. Enabling J2EE security About this task If you are enabling J2EE security in addition to WebSphere Application Server global security, create a policy file (for example: wpg.policy) for the Java Runtime Environment (JRE) granting the necessary security permissions. To add this file into the JRE, perform the following steps: 1. Make an entry in the java.security file residing in the WASND_ROOT/java/jre/ lib/security folder. The syntax for the new entry in the java.security file is: policy.url.3=file:///fully qualified path/wpg.policy 2. Restart all of the Java processes. © Copyright IBM Corp. 2007, 2008 75

Section	Page
Contents	3
Chapter 1. About this book	7
Audience	7
Roles, access levels, and responsibilities	7
Typographic conventions	8
Related documents	9
New in release 6.2	9
Chapter 2. Managing the WebSphere Partner Gateway component applications	11
Managing WebSphere Partner Gateway components in a simple mode system	11
Managing WebSphere Partner Gateway components in a distributed mode system	12
The Deployment Manager	13
Starting and stopping servers from the command line	14
Starting and stopping FTP Management Server from command line	14
Starting and stopping the components in a simple distributed mode system	15
Starting servers in a simple distributed mode system	15
Stopping servers in a simple distributed mode system	16
Starting and stopping the components in a full distributed mode system	17
Starting servers in a full distributed mode system	17
Stopping servers in a full distributed mode system	18
Chapter 3. Basic Community Console tasks	21
Logging in to the Community Console	21
Navigating through the Community Console	22
Community Console icons	22
Logging off from the Community Console	24
Chapter 4. Hub administration tasks	25
Managing password policy	25
Changing database connectivity, database user and password	26
Managing event codes	26
Viewing and editing event codes	27
Exporting event code names	27
Specifying events that can be notified	28
Document Validation Errors	28
Managing receivers	28
Viewing and editing receiver details	28
Enabling or disabling receivers	28
Deleting receivers	29
Localizing HTTP synchronous target time out	29
Managing interactions and document definitions	29
Managing XML formats	30
Large file support	31
Enabling or disabling actions	31
Managing handlers	31
Importing a handler	32
Deleting a handler	32
Configuring the content-type attribute in handlers	32
Managing maps	33
Updating validation maps	33
Viewing validation maps Where used	33
Deleting validation maps	33
Managing transformation maps	33
Managing EDI FA maps	34
Managing EDI	34
Envelope profile	34
Enveloper	35
Connection profiles	36
Control number initialization	36
Current control numbers	37
Managing system configuration data	38
Configuring the alert mail server	39
Viewing system activity	39
Managing event delivery	40
Managing API calls	40
Managing Document Manager information	41
Maximum hold time	41
Maximum files-per-poll-interval	41
Supporting ebMS	42
Uploading a CPA to WebSphere Partner Gateway	42
Non-prepopulated attributes	43
Algorithms supported by the ebMS	44
Configuration details for validating Webservices	44
Using non-repudiation logging	45
Using message store	45
Prerequisite to setup WebSphere Partner Gateway - WebSphere Transformation Extender Integration Environment	46
Chapter 5. Account administration tasks	47
Managing partner profiles	47
Viewing and editing partner profiles	47
Searching for partners	47
Deleting partners	48
Managing destination configurations	48
Required information for destination configuration	48
Viewing and editing destinations	49
Viewing and editing default destination	51
Viewing destination Where used	51
Deleting destination	51
Uploading transports	52
Deleting transports	52
Transport and destination retries	52
Forward proxy support	55
Managing certificates	55
Configuring the certpath related properties	57
Viewing and editing digital certificates	58
Disabling a digital certificate	59
Changing B2B attribute values	59
Managing partner connections	60
Connection components	60
Connection duplication	61
Searching for connections	61
Changing connection configurations	63
Managing exclusion lists	64
Adding partners to the exclusion list	65
Editing the exclusion list	65
Chapter 6. Administering partner migration	67
Using the migration utility from the command line	67
Invoking from the command line	69
Mapping of XML element with Console	71
Exporting partner migration	73
Considerations when creating your own import data	75
Manual validation of the import file	75
Migration configuration type dependencies	75
Export/Import order	78
BCG and DIS Import	79
Non-migratable configurations	79
Limitations of the migration utilities	79
Forward proxy migration	79
Chapter 7. LDAP support for logon authentication	81
Using LDAP	81
Enabling the container managed authentication mechanism	81
Enabling J2EE security	81
User names and groups	82
Stopping the use of LDAP authentication	82
Sample LDAP configuration	83
Configuring the WebSphere Application Server for the standalone IBM Tivoli Directory Server	83
Specifying LDAP users to use the WebSphere Partner Gateway Console	85
Chapter 8. Support for IPv6	87
Enabling tunneling IPv6 over IPv4	87
RHEL Linux 3	87
Windows 2003/XP	87
HP-UX 11i	88
Enabling IPV6	88
Configuring attributes	89
Chapter 9. Managing the Destination Queue	91
Viewing the Destination Queue	91
Viewing queued documents	92
Stopping the processing of documents from the destination queue	93
Viewing destination details	94
Changing destination status	94
Chapter 10. Analyzing document flows	95
Document Analysis tool	95
Viewing the state of documents in the system	96
Viewing documents in the system	96
Viewing process and event details	97
Document Volume Report	97
Creating a Document Volume Report	97
Exporting the Document Volume Report	98
Printing reports	98
Test Partner Connection	98
Pinging ebMS partners	99
Web Server result codes	99
EDI Reports	102
EDI FA Overdue Search	102
EDI Rejected Transaction Search	103
FTP Reports	105
FTP Statistics	105
FTP Connections	105
Chapter 11. Viewing events and documents	107
Event Viewer	107
Event types	108
Searching for events	108
Viewing event details	109
Error events	109
AS Viewer	110
Searching for messages	111
Viewing message details	112
RosettaNet Viewer	113
Searching for RosettaNet processes	113
Viewing RosettaNet process details	114
Viewing raw documents	115
Document Viewer	115
Searching for documents	115
Viewing document details, events, and raw documents	117
Mass document resend	118
Viewing EDI documents	119
Document Validation Errors	120
Viewing data validation errors	121
Stopping a document that is in process	122
Re-sending failed and successful documents	122
ebMS Viewer	124
Searching for ebMS processes	124
Viewing ebMS process details	125
Viewing raw documents	125
Requesting and viewing the status of a document	126
Destination Queue	126
Chapter 12. Simulating production traffic	127
Preparing to test	128
Setting up test scenarios	128
Sample scenarios	129
Uploading and viewing your requests and responses	131
Initiating and viewing document type	131
Searching for an open document	132
Responding to an open document	132
Removing an open document	133
Chapter 13. Archiving	135
Archiver configuration	135
View archiver task	135
Archiver task modification	137
Export and Import of archiver configuration	138
Archiver runtime tasks	138
Archiver reports	139
Archiver Restore	141
Restoring archived data of WebSphere Partner Gateway V6.1 and earlier	142
Searching the restored documents	142
User intervention for archiving	143
Archiver Restrictions	144
Chapter 14. Using logging and tracing features	145
Log and trace files	145
Log file management	146
Trace file management	147
Configuring tracing in a simple mode system	148
Setting tracing in a distributed mode system	148
Tracing tasks common to both types of systems	149
Setting log detail levels	150
Identifying WebSphere Partner Gateway trace messages	151
EDI, XML, ROD subcomponent tracing	151
Interpreting WebSphere Application Server log and trace messages	152
WebSphere Application Server event types	152
Integrated FTP Server logging	152
Chapter 15. FTP Server Configuration Management	155
FTP user management	156
Chapter 16. Relocation and Redeployment of WebSphere Partner Gateway	157
Prerequisites	157
Restoring the configuration details	158
Changing host name and IP address of WebSphere Partner Gateway	158
Changing the host name and port number of database	159
Changing the port numbers	159
Relocation and redeployment examples	160
Chapter 17. Troubleshooting	163
Avoiding long processing time on large encrypted AS documents	164
Avoiding long processing time for large encrypted documents	165
Avoiding out-of-memory errors	165
Document Manager memory configuration	165
Document Manager workload	166
Document structure	166
Increasing the heap size	166
Collating data for multiple languages	166
Ensuring sufficient virtual memory for DB2 agents	167
Fixing DB2 SQL errors	167
SQLCODE -444 error	168
SQLCODE -289 error	168
SQLCODE -1225 error	168
SQL 0964C Transaction log full error on the BCGMAS database	168
IBM service log unreadable	169
WebSphere Application Server informational messages	169
Increasing the Receiver timeout setting	169
Optimizing database query performance	170
Resolving event 210031	170
Documents routed twice when network is lost or document manager server shutdown abruptly	171
0A1 generated with data validation errors	171
EDI reports export the first 1000 records only	171
Console does not start after a server restart	171
FTPScripting Receiver receives StringIndexOutofBoundsException	172
Error scenario	172
Working scenario	172
Receiver Failure to read Configuration File	172
Configuring Users to receiving Alerts Notification	172
Resolving ClassNotFoundException for User Exit classes	173
Reprocessing events and business documents that fail to log to the database	173
Disabling JIT in a WebSphere Application Server when WebSphere Partner Gateway produces a javacore	174
Defining a custom transport type	174
Resolving WebSphere Partner Gateway errors BCG210031 and BCG240415	174
Creating File directory destination on a drive other than C:	175
Preventing partner transactions from being processed by WebSphere Partner Gateway	175
Fixing the browser ERROR: 500	176
Downloading CRL for SSL transactions	176
Databinding in JMS Exports/Imports within WebSphere Process Server	177
Fixing test partner connection for SSL connections	178
Fixing errors BCGEDIEV0O56 and BCG210001	178
Fixing ORA-00988 error	178
Configuring Content-Types attribute for the fixed workflow handlers	178
Fixing BCG210013 error	179
Increasing buffer size to prevent document transmission low performance	180
WebSphere Partner Gateway hub installer logs error messages	180
DB password required error in bcgHubInstall.log	181
Using revocation check and using CRL DP support	181
Returning document volume report search information about the console	181
Loading the native library	182
Fixing error TCPC0003E and CHFW0029E	182
CA certificate expiration	183
VCBaseException in the SystemOut.log	184
Reporting file size for documents greater than 2 GB	184
SSL handshake fails because no certificate received	184
Fixing the hanging threads warning	185
Stopping the Document Manager exception	185
Fixing WebSphere MQ messages	186
MQJMS2007 error	186
MQJMS2013 error	187
java.security.InvalidKeyException: Illegal key size or default parameter	187
The MDN status of ′unknown′ for AS transactions	187
Servers fail to start after applying fixes	187
Correcting the shortcut ports for WebSphere Application Server	188
Avoiding duplicate document delivery when there is more than one router	188
Rendering of tab headings on displays with resolution greater than 1024	189
Documents not processed when using Oracle 9i Release 2	189
Document processing when the database goes down	189
java.lang.NoClassDefFoundError with reprocessDbLoggingErrors.bat	190
Recovery process when queue and disk is full or unavailable	190
Workflow Handler Runtime Error	190
Error while invoking WebSphere Transformation Extender Map	191
IBM Support Assistant (ISA) Plugin	191
Partner Migration Utility with LDAP	191
AS signature failure for interop content type	192
Appendix A - performance considerations	193
Managing queue overflow	193
Generating summary data	193
Appendix B - failed events	195
Appendix C - component-specific system attributes	229
Configuring attributes as WebSphere Application Server ND environment variables	229
Editing RosettaNet attribute values	229
Editing FTP Administration	230
Attribute tables	234
Notices	259
Programming interface information	261
Trademarks and service marks	261
Index	263
A	263
B	263
C	263
D	263
E	264
F	264
G	264
H	264
I	264
J	264
L	264
M	264
N	265
O	265
P	265
Q	265
R	265
S	265
T	265
U	266
V	266
W	266

Match case Limit results 1 per page

Chapter 7. LDAP support for logon authentication

In addition to using WebSphere Partner Gateway partner registry for console

authentication, WebSphere Partner Gateway supports Lightweight Directory Access

Protocol (LDAP) container-based authentication that uses the WebSphere

Application Server authentication mechanism. WebSphere Application Server

supports 3 types of authentication:

LDAP registry

Local operating system registry

Custom registry

WebSphere Partner Gateway uses WebSphere Application Server LDAP registry

authentication. By enabling the container managed authentication in applications

like WebSphere Partner Gateway which are deployed in WebSphere Application

Server, the administrator can manage user authentication in a central location

outside of the WebSphere Partner Gateway application.

Using LDAP

Use LDAP when Container based authentication is selected:

During installation.

By setting the attribute

bcg.ldap.containerauth

located in

Console System

Administration

Common Properties

to True.

Enabling the container managed authentication mechanism

To enable the container managed authentication mechanism, set the

bcg.ldap.containerauth

property value to

True

in the WebSphere Partner Gateway

console, then configure the WebSphere Application Server

Global Security

setting

to use LDAP. After you have enabled the authentication, users are authenticated

against the LDAP server when logging into WebSphere Partner Gateway.

Note:

When LDAP is enabled during the installation process, the administrator

must ensure that the configured LDAP server is given a user named hubadmin,

This is a valid logon user name for LDAP authentication regardless of whatever

logon type is chosen.

Enabling J2EE security

About this task

If you are enabling J2EE security in addition to WebSphere Application Server

global security, create a policy file (for example:

wpg.policy

) for the Java Runtime

Environment (JRE) granting the necessary security permissions. To add this file

into the JRE, perform the following steps:

Make an entry in the

java.security

file residing in the

WASND_ROOT

/java/jre/

lib/security

folder.

The syntax for the new entry in the

java.security

file is:

policy.url.3=file:///

fully qualified path

/wpg.policy

Restart all of the Java processes.