Disabling and Re-Enabling LDAP features

Use these instructions as an addendum to IBM infocenter documentation for enabling / disabling and re-enabling LDAP feature in WCS

Toolkit Scenario #1

#1 You have enabled LDAP feature by using enablementscript "–DfeatureName=ldap"
#2 You would like to now disable LDAP feature


1. Modify WCDE_ENT70\workspace\WC\xml\config\wc-server.xml in the MemberSubSystem element :
Change to
<MemberSubSystem
AuthenticationMode="DB" ProfileDataStorage="DB" ... And then restart
here is a snippet of configuration for LDAP and Database, comment out the section accordingly and restart Toolkit instance




2.  You need to now modify the Database account UID formats if you previously used it to login against LDAP.

update USERREG.LOGONID values to short format where LOGONID like 'uid=%'




Toolkit Scenario #2

#1 You have gone through Toolkit Scenatio #1 and would like to re-enable LDAP now.
#2 There is a known issue that if you re-run enablementscript "–DfeatureName=ldap" again it will complain that LDAP feature is already enabled, the reason is WCS stores LDAP configuration information in database as well and in the previous step we only rolled back the WC instance configuration for LDAP and unfortunately there is no clean way to rollback Database LDAP configuration, follow these tweaks to workaround this issue.


(a) Find the following two lines in                                  
components/common/xml/enableFeatureForToolkit.xml and markup (comment
out) the unless attributes. comment out is like <!-- AAAA -->        
                                                                     
    <target name="enableFeatureFDG" depends="getWASAdminUserPassword,
CheckPrereqInDBEAR" unless="isFullyEnabledInDBEAR${featureName}">    
    <target name="featureEnablementInToolkitWorkspace"                
depends="CheckPrereqInEAR" unless="isFeatureEnabledInEAR${featureName}">
                                                                     
(b) Find the following section and mark up the if-then check          
    <target name="featureEnablementInServer" >                        
         <if>                                                        
                <equals arg1="${enablementStatusInAppServer}"        
arg2="false"/>                                                        
         <then>     Here is a snippet of modified section of components/common/xml/enableFeatureForToolkit.xml                                                  

                                                                   
3. rerun the enable feature command.


Server Scenario #1

#1 You have enabled LDAP feature by using enablementscript "–DfeatureName=ldap"
#2 You would like to now disable LDAP feature
Follow this infocenter link, essentially this step modifies wc-server.xml to switch to DB Authentication mode and re-publishes the WC EAR file


Server Scenario #2

#1 You have gone through Server Scenatio #1 and would like to re-enable LDAP now.
#2. If LDAP is enabled in database, it registers a entry in SITE table   
with primary key as LDAP: SELECT COUNT(*) FROM SITE WHERE               
COMPNAME='ldap'                                                         
#3. If it is enabled in EAR, there will be a file called                 
LDAP.Server.70.component in the following directory:                    
    Toolkit: <Toolkit>/properties/version/ldap.toolkit.appserver.enabled
    Server: <wcUserInstallDir>/instances/<instanceName>properties/version/ldap.server.70.component                                                          
#4. If enablementScript detects that security is enabled in WAS and one of the          
repositories is WC_<instanceName>_Rep , it will not rerun the config in 
WAS.

(a) Delete from site where compname = 'ldap'                                
update USERREG.LOGONID values to short format where LOGONID like 'uid=%'
(b)  Remove the following file:                                          
    Toolkit: <Toolkit>/properties/version/ldap.toolkit.appserver.enabled
    Server:                                                             
<wcUserInstallDir>/instances/<instanceName>properties/version/ldap.serve
r.70.component                                                          
(c) disable security by updating security.xml, set enabled=false
Refer his technote for more details
(d) restart server1
(e) You should be able to run LDAP enablement script now.      

If you continue to see any configuration issues with LDAP, trace following components and work with your IBM support team

*=info: enable.trace.log.*=all :                                        
com.ibm.websphere.commerce.WC_USER=all:                                 
com.ibm.websphere.commerce.WC_SERVER=all : com.ibm.websphere.wim.*=all   
: com.ibm.ws.wim.*=all: com.ibm.wsspi.wim.*=all 
                                         
Pituluik Media Blogger | Freelancer |Operations Manager | Marketing and Sales Manager | Lancer Evo 4 Community. Indonesian Bloggers Who Become Bloggers Because of Hobby. Feel free to connect with me on Social Media Instagram @alberandesko

0 Response to "Disabling and Re-Enabling LDAP features"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel