| Apache DS and WAS 6.1: Creating Users and Groups |
 |
 |
 |
| Written by Chintan Rajyaguru | ||||||||||||
| Thursday, 15 February 2007 18:00 | ||||||||||||
|
Last time , we talked about installing and configuring Apache DS. Now, we will add users and groups to it. We need to create the following users: wasadmin: This is the WebSphere 6.1 administrator user. Once security is configured, we will log into WAS admin console using this user bob: This is a test application user. We will log into the 'security enabled' application using this test user Users are typically placed in LDAP groups so that groups can be mapped to application roles as opposed to mapping individual users (users come and go, groups they belong to stay in the organization). We will create the following groups: admins: This group will hold all administrators. For now, we have only one administrator - wasadmin endusers: This group will hold all the application users. For now, we have only one end user - bob Organizations typically organize their data in organizational units. A user could be part of multiple organizational units. For example, the user bob may be part of ou=HR as well as ou=people. We will create 2 organizational units: groups: This organizational unit will hold ALL the groups in Apache DS people: This organizational unit will hold ALL users. Both bob and wasadmin will be under this unit even though wasadmin is just a system user As we will see shortly, a user may be part part of an organizational unit AND may belong to a group. Creating groups and users The high level steps to create users and groups are:
To create the above items, you can specify all the information in a text file, commonly known as ldif file and load the file in the ldap server. Create a file called organizational_units.ldif and put the following content in it. If you are completely unfamiliar with LDAP concepts, this article may be a good start.
In JXplorer, select LDIF > Import File, select this file and click Open. This will result in two new organizational units, ou=people and ou=groups under dc=example,dc=com. We will put all users (including system users) in people ou and all groups in groups ou. Let's create users first. Create a file called users.ldif and put the following content in it.
Importing the file above creates 2 users under ou=people,dc=example,dc=com. For example, the dn of the wasadmin users becomes, uid=wasadmin,ou=people,dc=example,dc=com. We will use this dn to login to WAS admin console after we enable administrative security. To create groups, create a text file called groups.ldif and put the following content in it:
Notice how both the groups use the member attribute and point to the dn of its members. This attribute is required because our groups use groupOfNames object class. Since the member attribute is required, we created users first and then the groups. At this point, your ldap settings in JXplorer should look like this:
That's it! We are now ready to enable security in WebSphere 6.1. I will describe that process in the next entry.
Powered by !JoomlaComment 3.26
3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."
|
||||||||||||
| Last Updated on Saturday, 17 February 2007 20:01 |
