Manuals / IBM / Personal Care / Hearing Aid

IBM G210-1784-00 manual Chapter Configuring WebSphere Application Server Security

Models: G210-1784-00

1 131

Download 131 pages 28.82 Kb

Page 78

Chapter 13

Configuring WebSphere Application Server Security

The Learning Management System assumes that the WebSphere Application Server (WAS) is configured to use LDAP authentication. The WAS Administrative Console is used to configure LDAP as the active user registry and to specify the LDAP settings as part of setting up WAS Security. Before you attempt to do this, your LDAP server must be installed, running, and populated with the node within the directory tree that is the starting point for all directory searches—an identity under this node that is used by the WAS server for security purposes, and an identity used to bind to the directory.

For example, in the set-up description below, we’ll assume you’ve created an LDAP directory using the IBM Directory Server V4.1 called “ldapserver.ibm.com” that runs on default port 389 and contains a root node called “o=ibm”. In addition, the root node contains a security identity with following characteristics:

Distinguished Name:

cn=ldapadmin,o=ibm

Uid:ldapadmin

Password:password

Finally, the bind identity (setup during installation of the LDAP directory) has the following characteristics:

Distinguished Name:

cn=root

Password:password

Security must be configured and enabled after WAS is installed but before the Learning Management System application is deployed. This is done from the WAS Administrative Console; accessed by launching an Internet browser and navigating to http://was_server:9090/admin (substitute the name of your server for was_server).

Chapter 13: Configuring WebSphere Application Server Security 71

Image 78

IBM G210-1784-00 manual Chapter Configuring WebSphere Application Server Security

Contents

Version Installation GuideLotus Learning Management System R1 MarchCopyright CopyrightsDisclaimer List of TrademarksNetscape and Netscape Navigator are registered trademarks of Netscape Communications Corporation in the United States and other countries Chapter 6 Installing or Identifying the LDAP Directory ContentsChapter 5 Installing the WebSphere Core Chapter 8 Installing the Delivery Server DS Application FilesChapter 18 Post-Installation Tasks Chapter 11 Configuring JDBC Data SourcesChapter 12 Configuring Environment Entries Chapter 10 Installing the Network Deployment ND ModuleIndex Appendix A LMS Performance and Fine-tuning InformationChapter 19 Special Installation Issues Chapter 20 Removing the IBM Lotus Learning Management Systemvi IBM Lotus LMS Release 1 Installation Guide Introduction What is the Learning Management System?Chapter About the IBM Lotus Learning Management System Understanding the Learning Management System ArchitectureRelational database management system 2 IBM Lotus LMS Release 1 Installation GuideDatabase server requirements Time zone settingsChapter Learning Management System Requirements Learning Management System server requirementsAudio and video requirements Client hardware requirementsClient software requirements 4 IBM Lotus LMS Release 1 Installation GuideChapter Learning Management System Installation Overview Packaging overview3. Install WebSphere core An outline of the installation process2. Install the database server software 4. Install or identify the LDAP Directory6. Install and/or configure logical database servers and schema 9. Configure environment entries 7. Install the Network Deployment module optional8. Configure JDBC data sources 10.Configure WebSphere Application Server security14.Complete post-installation tasks 13.Start the applications10 IBM Lotus LMS Release 1 Installation Guide Chapter Identifying Learning Management System Hardware Assets Allocating server responsibilitiesCreating a new database or upgrading an existing database Learning Management System Hardware requirements 12 IBM Lotus LMS Release 1 Installation GuideChapter Installing the WebSphere Core Enabling SSO in WebSphere Expand the Security panel on the left side 16 IBM Lotus LMS Release 1 Installation Guide Chapter Installing or Identifying the LDAP Directory Installing the IBM Directory Server LDAP Directory an exampleInstallation Steps Directory Configuration Steps 6. Logoff from the administrative interface by doing the following WebSphere Application Server and LDAP User filter strings Additional LDAP information and guidelinesINSTALLER Chapter Installing the Learning Management System Server ApplicationInstaller program information FilesInstalling the Learning Management System Server application software Select the Learning Management System features to installSelect the correct LDAP settings and test the LDAP connection Select the Learning Management System Server settings 24 IBM Lotus LMS Release 1 Installation Guide Select the Administrator settings Select the Content Management settingsSelect the installation destination and complete the installation Starting the Learning Management System Server application 28 IBM Lotus LMS Release 1 Installation Guide INSTALLER Chapter Installing the Delivery Server DS Application FilesInstaller program information PLATFORMSelect the correct LDAP settings and test the LDAP connection Installing the Delivery Server application softwareSelect the Learning Management System features to install 30 IBM Lotus LMS Release 1 Installation GuideSelect the Learning Management System Server settings Select the Delivery Server settings 32 IBM Lotus LMS Release 1 Installation GuideSelect the Web Server settings Select the Content Deployment settings for FTP deployment Select the Content Deployment settings for file system deployment Select the System Administrator E-mail settingsStarting the Delivery Server application Select the installation destination and complete the installation36 IBM Lotus LMS Release 1 Installation Guide Chapter Installing and Configuring Database Servers and Schema Database Creation OverviewInstallation Requirements Before you beginUPDATESOLARISKERNEL The settings can be verified with these commandsDatabase creation details Creating an Audit databaseCreating the LMM database Connecting the DB2 client to a remote database Installing the DB2 clientCreating the DS databases Configure JDBC Verify the DB2 client UNIX only3. Run the startup script INSTHOME/sqllib/db2profile Catalog the remote databasesdb2 connect to databasealias user userid using password db2 catalog database databasename as databasealias at node nodenameOracle database creation for the Learning Management System Installation requirementsCreating a Learning Management System schema Database creation detailsMS SQL Server database creation for the Learning Management System Creating an Audit schemaCreating the DS schemas JDBC driver informationCisql -S servername -d auditdb -U sa -e -i auditmssql.sql audit.log JDBC Driver informationCisql -S servername -U sa -i crmssqldbaudit.sql auditdb.log Cisql -S servername -d auditdb -U sa -i auditdata.sql auditseed.logTo meet the need for UNIX script files for DB2 that accomplish the same thing that the provided DB2 DOS batch files do, .sh scripts have been provided. There is one script for each database. These files should be read and edited before executing them 48 IBM Lotus LMS Release 1 Installation Guide Chapter Installing the Network Deployment ND Module 50 IBM Lotus LMS Release 1 Installation Guide Additional guidelines regarding the use of ND 52 IBM Lotus LMS Release 1 Installation Guide Chapter Configuring JDBC Data Sources Data source overviewDefining the JDBC provider Defining the JDBC provider for a DB2 databaseChapter 11 Configuring JDBC Data Sources 4. Click OK to continue56 IBM Lotus LMS Release 1 Installation Guide Defining the JDBC data sources Create the J2C Authentication Data Entries3. Click J2C Authentication Data Defining the JDBC provider for a SQL Server databaseCreate the data sources 13. Enter the following information Click Apply 16. Repeat this procedure for the two remaining databases 60 IBM Lotus LMS Release 1 Installation Guide1. Go to Data Sources 2. Click on the desired dbname URL jdbcoraclethin@server.acme.com1521name Chapter Configuring Environment Entries Configuring an environment entry for the log file location1. Create the Resource Environment Provider 2. Enter the provider information 64 IBM Lotus LMS Release 1 Installation Guideb. Click OK. A new provider appears in the list of defined providers 4. Configure the Referenceable 3. Enter the provider details5. Configure the Resource Environment entries c. Click New to go to the page to define an entry. Enter LMSLOG as both the name and JNDI name for the new entry f. Click OK to complete this entry and its properties 15. Click the Resource Env Entries link in the trail 16. Click New Chapter 12 Configuring Environment Entries13. Set Value to true 14. Click OK 17. Set Name to LMSFALSE 18. Set JNDI Name to LMSFALSE 19. Click OK70 IBM Lotus LMS Release 1 Installation Guide Chapter Configuring WebSphere Application Server Security Chapter 13 Configuring WebSphere Application Server Security2. Click on the LDAP link. The LDAP User Registry page is displayed 16. Click Save 17. Click OK Enable WAS Global Security Chapter Deploying the Learning Management System Server Application 1. Select the .ear file for deployment2. Prepare for application install 76 IBM Lotus LMS Release 1 Installation Guide3. Provide options to perform the installation 4. Map resources references to resources 78 IBM Lotus LMS Release 1 Installation Guide5. Map resource env environment entry references to resources 6. Map virtual hosts to web modules 7. Map modules to application servers80 IBM Lotus LMS Release 1 Installation Guide 8. Map security roles to users/groups Chapter 14 Deploying the LMS Server Application9. View summary and confirmation information 82 IBM Lotus LMS Release 1 Installation GuideReview them and if they are correct, click Finish to continue 10.Starting the application and regenerating web server plug-in 84 IBM Lotus LMS Release 1 Installation Guide Chapter Deploying the Delivery Server DS Application Starting the application and regenerating web server plug-in86 IBM Lotus LMS Release 1 Installation Guide Chapter 88 IBM Lotus LMS Release 1 Installation Guide Chapter Starting the Applications Starting the Learning Management System Server applicationStarting the Delivery Server application UNIX example /HTTPINSTALLROOT/apachectl restart Running the UpdaterWindows example \HTTPINSTALLROOT\Apache -k restart Regenerating the web server plug-inChapter 17 Starting the Applications Chapter Post-Installation Tasks Configuring on-line helpInstalling the Authoring Tool Installing the Command Line Import Utility CLIMPDeploying the Offline Learning Client Installing XVFB on UNIX platforms to enable reporting Installing XVFB on LinuxMigrating LearningSpace data 3. Extract the file with the following commands If you dont have this file, proceed with step5. Change the run-level to 3 by doing the following Change id5initdefault to id3initdefault Installing XVFB on AIX# 5 # 6 - reboot Do NOT set initdefault to this id5initdefault ln -s /etc/init.d/xvfb /etc/rc3.d/S75xvfbChapter 18 Post-Installation Tasks 98 IBM Lotus LMS Release 1 Installation Guide Chapter Special Installation Issues Using SSL with the Learning Management SystemUsing the Directory Server Web Administration Interface with Linux 100 IBM Lotus LMS Release 1 Installation Guide Removing the installed Learning Management System files Chapter Removing the IBM Lotus Learning Management SystemRemoving the Learning, DS, and Audit databases 102 IBM Lotus LMS Release 1 Installation Guide Appendix A LMS Performance and Fine-tuning Information Installing static files for the Learning Server user interfaceMoving static LMS elements to the Web Server Installing static files for the Delivery Server user interface Tuning LDAP performance LDAP tuning guidelinesTuning database server performance Indexing LDAP attributesDeferring the IsManager lookup TcpTimedWaitDelay Tuning TCP/IP settings on LMS serversMicrosoft Windows 2000 servers MaxUserPortIBM AIX servers tcpfintimeoutLinux servers TcpNumConnectionstcptimewaitinterval Tuning HTTP serversSun Solaris servers tcpfinwait2flushintervalAdjusting the Active Threads parameter Tuning the Sun ONE Web server, Enterprise Edition - SolarisTuning the Microsoft Internet Information Server IIS IIS permission propertiesTuning the IBM HTTP Server MaxPoolThreads and PoolThreadLimit parameterMinSpareServers, MaxSpareServers, StartServers, and MaxClients MaxRequestsPerChild Tuning the IBM HTTP Server in WindowsTimeout LoadModule and AddModuleMaxKeepAliveRequests Checking for thread usage using IBM HTTP Server server-statusChecking for thread usage with the Windows 2000 Performance Monitor MaxRequestsPerChildAfpaEnable HTTP Logging114 IBM Lotus LMS Release 1 Installation Guide Adjusting JVM Heap size Adjusting the Web container thread pool Adjusting the JVM parameter to avoid class verificationAdjusting the JVM parameter garbage collection threads Enabling the JIT compilerAdjusting the Web container MaxKeepAliveConnections Adjusting the Web container MaxKeepAliveRequests parameterAdjusting LMS logging Tuning the LMS applicationsAdjusting the JDBC Data Source Connection Pool size Application LogArchiving the LMS log files MaxRecords and Minutes parameters LMS parametersOracle PROCESSES Parameter Oracle server only Appendix A LMS Performance and Fine-tuning Information Index installing configuringinstalling regeneratingPrinted in USA