IBM BS029ML - WebSphere Portal Server Self Help Manual page 126

<properties xmi:id="Property_1174328490172" name="wasAdminFileLoc"
value="C:/IBM/WEBSPH~1/PORTAL~1/wmm/wmmWASAdmin.xml" required="true"/>
<properties xmi:id="Property_1186336290766" name="userRegistryRealm"
value="corpldap.acme.com:389" required="false"/>
</userRegistries>
<userRegistries xmi:type="security:LDAPUserRegistry" xmi:id="LDAPUserRegistry_1"
serverId="uid=wasadmin,ou=people,ou=dept,o=acme.com" serverPassword="{xor}HB8rEW8aHy0\="
realm="corpldap.acme.com:389" ignoreCase="true" type="IBM_DIRECTORY_SERVER" sslEnabled="false"
sslConfig="wp6vm_n/DefaultSSLSettings" baseDN="uid=wasadmin,ou=people,ou=dept,o=acme.com"
bindDN="" bindPassword="{xor}HB8rEW8aHy0\=" searchTimeout="120" reuseConnection="true">
<searchFilter xmi:id="LDAPSearchFilter_1"
userFilter="(&amp;(uid=%v)(objectclass=inetOrgPerson))"
groupFilter="(&amp;(cn=%v)(objectclass=groupOfUniqueNames))" userIdMap="*:uid" groupIdMap="*:cn"
groupMemberIdMap="ibm-allGroups:uniqueMember" certificateMapMode="EXACT_DN"
certificateFilter=""/>
<hosts xmi:id="EndPoint_1" host="corpldap.acme.com" port="389"/>
</userRegistries>
The active user registry is highlighted and its ID is specified by the activeRegistry parameter
at the beginning. People sometimes are confused about which registry is configured. In this
example, we can see that WMMUR (CustomUserRegistry) is active. We can also find some
configuration information in the LDAPUserRegistry section. This tells us that the administrator
might have configured the LDAP without realm support before and the LDAP related
configuration remains in the file. This may not be necessarily bad. We should simply be aware
which registry is
Note: Running the configuration task "disable-security" does not erase the configuration
settings in the global security configuration of WebSphere Application Server. It simply sets
enabled to false.
The user registry realm and customer property userRegistryRealm defined in the WMMUR
segment should point to the same LDAP server and port. These configurations are required
to be manually added for working with other application servers, such as Domino, for single
sign-on (SSO).
Tip: Do not confuse the user registry realm with the WMM realm defined in wmmur.xml.
The realm defined here is only to identify the LDAP realm for single sign-on. It has nothing
to do with the separation of user populations used in WebSphere Portal's virtual portals.
Tip: The location of the WMMUR configuration files in a cluster is different. It is based on
the WebSphere variable ${WMM_CONFIG_PATH} created during cluster creation.
Example 4-5 shows the third segment of the sample security.xml file.
Example 4-5 Sample security.xml: the third segment
...
<applicationLoginConfig xmi:id="JAASConfiguration_1">
<entries xmi:id="JAASConfigurationEntry_1" alias="ClientContainer">
<loginModules xmi:id="JAASLoginModule_1"
moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
authenticationStrategy="REQUIRED">
112
IBM WebSphere Portal V6 Self Help Guide
active
.