Direkt zum Hauptbereich

Change ISC security role for TAM WPM 6.1

If you already configured the WPM and then found out that it is implemented in the ISC (What a bad idea!), then you have to unconfigure the WPM:

# /opt/PolicyDirector/sbin/amwpmcfg -action unconfig -interactive

Then unpack the iscwpm.war (/opt/PolicyDirector/java/export/pdwpm/iscwpm.war):

# /opt/WebSphere/AppServer/java/bin/jar xvf /tmp/iscwpm.war

Modify ibm-portal-security.xml:

old:
new:

Repack the iscwpm.war (remove the copy of your original /tmp/iscwpm.war first) and put it into place again:

# /opt/WebSphere/AppServer/java/bin/jar cvf /opt/PolicyDirector/java/export/pdwpm/iscwpm.war /tmp/*

Reconfigure the WPM:

# /opt/PolicyDirector/sbin/amwpmcfg -action config -interactive

Then you can give your WPM Adminperson the role wpm-user within the ISC. Then he/she can see everything, but can only do changes in WPM.

IBM link: http://www-01.ibm.com/support/docview.wss?rs=638&context=SSPREK&q1=6.1+role&uid=swg21307731&loc=en_US&cs=utf-8&lang=en

Kommentare

Beliebte Posts aus diesem Blog

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc)

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) pdadmin sec_master> user create dg1234 uid=dg1234,cn=team1,cn=users,o=company lala lala ********** Could not perform the administration request Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) Description: After the upgrade from Policy Director (policy server) V5.1 to V6.0 the errors above occured when trying to write to the registry. Solution: The task of updating the ldap schema did not work well for some reason. After doing it again the errors did not occur again: # ivrgy_tool -d -h ldap_host -p port -D ldap_admin -w pwd schema

WebSphere Application Server LDAP: The administrative user ID does not exist in the user repository.

When you try to enable global security with ldap authentication you get the following error when configuring your ldap repository (IBM Directory Server): The administrative user ID does not exist in the user repository. Reason: The bind user must be searchable. This means that an ldapsearch with this user as bind user must return his own entry. If this does not work, you have to add an aclEntry: vi change-was7101-aclentry.ldif dn: uid=was7101,cn=mygroup,cn=admusr,o=mycomp aclentry: access-id:UID=WAS7101,CN=MYGROUP,CN=ADMUSR,O=MYCOMP:normal:rsc $ ldapmodify -h myhost -x -D "cn=root" -w ******* -f change-was7101-aclentry.ldif modifying entry "uid=was7101,cn=mygroup,cn=admusr,o=mycomp" Now user was7101 can do an ldapsearch to find itself and therefore you can use it to configure you LDAP repository. This article gave me the hint: http://www-01.ibm.com/support/docview.wss?rs=767&uid=swg21219253