Disabling and Re-Enabling LDAP features
Use these instructions as an addendum to IBM infocenter documentation for enabling / disabling and re-enabling LDAP feature in WCS
#2 You would like to now disable LDAP feature
1. Modify WCDE_ENT70\workspace\WC\xml\config\wc-server.xml in the MemberSubSystem element :
Change to
<MemberSubSystem
AuthenticationMode="DB" ProfileDataStorage="DB" ... And then restart
here is a snippet of configuration for LDAP and Database, comment out the section accordingly and restart Toolkit instance
2. You need to now modify the Database account UID formats if you previously used it to login against LDAP.
update USERREG.LOGONID values to short format where LOGONID like 'uid=%'
(a) Find the following two lines in
components/common/xml/enableFeatureForToolkit.xml and markup (comment
out) the unless attributes. comment out is like <!-- AAAA -->
<target name="enableFeatureFDG" depends="getWASAdminUserPassword,
CheckPrereqInDBEAR" unless="isFullyEnabledInDBEAR${featureName}">
<target name="featureEnablementInToolkitWorkspace"
depends="CheckPrereqInEAR" unless="isFeatureEnabledInEAR${featureName}">
(b) Find the following section and mark up the if-then check
<target name="featureEnablementInServer" >
<if>
<equals arg1="${enablementStatusInAppServer}"
arg2="false"/>
<then> Here is a snippet of modified section of components/common/xml/enableFeatureForToolkit.xml
3. rerun the enable feature command.
Toolkit Scenario #1
#1 You have enabled LDAP feature by using enablementscript "–DfeatureName=ldap"#2 You would like to now disable LDAP feature
1. Modify WCDE_ENT70\workspace\WC\xml\config\wc-server.xml in the MemberSubSystem element :
Change to
<MemberSubSystem
AuthenticationMode="DB" ProfileDataStorage="DB" ... And then restart
here is a snippet of configuration for LDAP and Database, comment out the section accordingly and restart Toolkit instance
2. You need to now modify the Database account UID formats if you previously used it to login against LDAP.
update USERREG.LOGONID values to short format where LOGONID like 'uid=%'
Toolkit Scenario #2
#1 You have gone through Toolkit Scenatio #1 and would like to re-enable LDAP now.
#2 There is a known issue that if you re-run enablementscript "–DfeatureName=ldap" again it will complain that LDAP feature is already enabled, the reason is WCS stores LDAP configuration information in database as well and in the previous step we only rolled back the WC instance configuration for LDAP and unfortunately there is no clean way to rollback Database LDAP configuration, follow these tweaks to workaround this issue.
(a) Find the following two lines in
components/common/xml/enableFeatureForToolkit.xml and markup (comment
out) the unless attributes. comment out is like <!-- AAAA -->
<target name="enableFeatureFDG" depends="getWASAdminUserPassword,
CheckPrereqInDBEAR" unless="isFullyEnabledInDBEAR${featureName}">
<target name="featureEnablementInToolkitWorkspace"
depends="CheckPrereqInEAR" unless="isFeatureEnabledInEAR${featureName}">
(b) Find the following section and mark up the if-then check
<target name="featureEnablementInServer" >
<if>
<equals arg1="${enablementStatusInAppServer}"
arg2="false"/>
<then> Here is a snippet of modified section of components/common/xml/enableFeatureForToolkit.xml
3. rerun the enable feature command.
Server Scenario #1
#1 You have enabled LDAP feature by using enablementscript "–DfeatureName=ldap"
#2 You would like to now disable LDAP feature
#2 You would like to now disable LDAP feature
Follow this infocenter link, essentially this step modifies wc-server.xml to switch to DB Authentication mode and re-publishes the WC EAR file
Server Scenario #2
#1 You have gone through Server Scenatio #1 and would like to re-enable LDAP now.
#2. If LDAP is enabled in database, it registers a entry in SITE table
with primary key as LDAP: SELECT COUNT(*) FROM SITE WHERE
COMPNAME='ldap'
#3. If it is enabled in EAR, there will be a file called
LDAP.Server.70.component in the following directory:
Toolkit: <Toolkit>/properties/version/ldap.toolkit.appserver.enabled
Server: <wcUserInstallDir>/instances/<instanceName>properties/version/ldap.server.70.component
#4. If enablementScript detects that security is enabled in WAS and one of the
repositories is WC_<instanceName>_Rep , it will not rerun the config in
WAS.
(a) Delete from site where compname = 'ldap'
update USERREG.LOGONID values to short format where LOGONID like 'uid=%'
(b) Remove the following file:
Toolkit: <Toolkit>/properties/version/ldap.toolkit.appserver.enabled
Server:
<wcUserInstallDir>/instances/<instanceName>properties/version/ldap.serve
r.70.component
(c) disable security by updating security.xml, set enabled=false
Refer his technote for more details
(d) restart server1
(e) You should be able to run LDAP enablement script now.
If you continue to see any configuration issues with LDAP, trace following components and work with your IBM support team
*=info: enable.trace.log.*=all :
com.ibm.websphere.commerce.WC_USER=all:
com.ibm.websphere.commerce.WC_SERVER=all : com.ibm.websphere.wim.*=all
: com.ibm.ws.wim.*=all: com.ibm.wsspi.wim.*=all
0 Response to "Disabling and Re-Enabling LDAP features"
Post a Comment