Manuals / IBM / Computer Equipment / Laptop

IBM SG24-6526-00 manual XML security

Models: SG24-6526-00

1 184

Download 184 pages 3.35 Kb

Page 105

<property id="ldap_server" value="ldap://server.domain.co.uk/" /> <property id="ldap_base" value="ou=ges,o=geac,c=uk" /> <property id="ldap_bind_dn" value="cn=root" />

<property id="ldap_bind_password" value="password" />

<property id="authorization_group_type" value="businesscategory" />

</directory> </authentication_context>

Change the ldap.server parameter to the name and domain of the iSeries that is running the LDAP service. You may also change other LDAP properties if required, for example, LDAP base.

XML security

If an LDAP server is not present, then you can configure the DEFAULT context to use /vendorconnect/deployed/UserDirectory.xml as the user directory. Simply edit the following settings in SecurityManager.xml:

<authentication_context id="XML"> <directory id="file" type="XML">

<property id="file" value="UserDirectory.xml" /> </directory>

</authentication_context>

<authentication_context id="DEFAULT"> <directory id="SecureWay" type="LDAP">

<property id="ldap_server" value="ldap://server.domain.co.uk/" /> etc.

Change the first authentication context id=“XML” to context id=“DEFAULT”. Since the context ID must be unique within the file, change the second authentication context ID immediately to anything other than DEFAULT as shown in the following example:

<authentication_context id="DEFAULT"> <directory id="file" type="XML">

<property id="file" value="UserDirectory.xml" /> </directory>

</authentication_context>

<authentication_context id="XYZ"> <directory id="SecureWay" type="LDAP">

<property id="ldap_server" value="ldap://server.domain.co.uk/" /> etc.

Create the vcadmin user in UserDirectory.xml. Add the following section to this file, entering the user password as required:

<entry dn="cn=vcadmin, ou=cad, ou=ges,o=geac,c=uk"> <objectclass>

<oc-value>top</oc-value> <oc-value>person</oc-value> <oc-value>organizationalPerson</oc-value> <oc-value>inetOrgPerson</oc-value> <oc-value>ePerson</oc-value> <oc-value>s21User</oc-value>

</objectclass>

<attr name="cn"><value>vcadmin </value></attr>

<attr name="sn"><value>Administrator </value></attr> <attr name="uid"><value>vcadmin</value></attr>

<attr name="userpassword"><value>anything</value></attr> </entry>

Chapter 4. Installing and setting up vendor.connect 93

Image 105

IBM SG24-6526-00 manual XML security

Contents

Yessong Johng Colin Brown Jim Hirsch John Lawler Front coverFollow the step-by-step guide to install commerce.connect Geac System21 commerce.connectPage International Technical Support Organization DecemberSG24-6526-00 First Edition December Copyright IBM Corp. 2002. All rights reserved Contents3.3.4 Restoring IFS objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.4 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.4.1 WebSphere node name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3.4.2 Errors on starting the client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3.4.3 Errors when running the client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3.4.4 Cached data and .bl and .cd files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3.4.5 Log files and debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 3.5 Manual configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 3.5.1 Non-standard Order Management and call.connect installation . . . . . . . . . . . . . . 56 3.5.2 WebSphere manual configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 3.5.3 Manual client installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 3.6 Alternative configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3.6.1 Setting up a test instance of WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3.6.2 Setting up an iSeries server for a test system. . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 3.6.3 Server configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 3.6.4 WebSphere administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 3.6.5 Manual client installation Index ContentsPage Notices Trademarks Preface The team that wrote this redbookBecome a published author Comments welcome Chapter 1. The .connect applications 2 Geac System21 commerce.connect Implementation on the iSeries Server 1.1 call.connectStock allocation Rule-based stock allocation and sourcing engine Web-based interfaces to System21 to support 1.2 vendor.connectPage 6 Geac System21 commerce.connect Implementation on the iSeries Server Chapter 2. Architecture of the commerce.connect products 8 Geac System21 commerce.connect Implementation on the iSeries Server 2.1 The need for an architectureChapter 2. Architecture of the commerce.connect products 2.1.2 The architecture moving forward2.1.5 The design methodology Using Unified Modelling Language 2.1.3 The development process2.1.4 Implementation Pricing SalesOrderSupply Delivery2.2.1 call.connect 2.2 Messaging Java Message Service and IBM WebSphere MQcontract shipmentAdding a Sales Order Line scenario Events 2.2.2 vendor.connect2.3 Overview of process.connect System21Database 2.4 Architectural representation 2.4.1 Architectural goals and constraints2.4.2 Non-functional architectural considerations 2.5.1 Accessing System21 RPG business logic 2.5 Reusing and extending System21 business logic2.4.3 Functional architectural considerations The deployment influenceStored procedures Java Native Interface JNIThe choice Copyright IBM Corp. 2002. All rights reserved Chapter 3. Installing and setting up call.connect3.1.1 Skills 3.1.2 PrerequisitesiSeries hardware requirements iSeries Developer Kit for Java 5769-JV1, Version 1.2 option iSeries software requirements3.1.3 System21 authorization code for Order Management OM 3.2 Standard installation proceduresWorkstation hardware requirements Workstation software requirementsChecklist of the basic steps 3.2.1 Installing Order Management and call.connectSystem21 base System21 Order Management OM3.2.2 WebSphere installation and configuration Java components and configuration filesStarting the administration server Importing the configuration file Starting the application Journaling the files without an ASP 3.2.3 JournalingJournaling the files with an ASP Journaling a single fileJournaling multiple files within a library 3.2.4 Stored procedures and SQL Command = STRJRNPF FILE&L/&N JRNOSLF3/OSL OMTJRNE*OPNCLOStored procedures To run SQL scripts, follow these steps 3.2.5 Java Message Service 5. Open the /OrderManagement/Stored Procedures folderOther SQL Creating a queue manager Setting up MQSeriesCreating a queue Granting authorityQueue Name SALESORDER.QUEUE Object Type *Q User Names *PUBLIC see the following note Additional files needed Creating the JNDI/MQ objectsStandard properties Additional WebSphere configuration Testing the messaging3.2.6 User profiles Job descriptionSetting up System21 user profiles Setting up call.connect users in the XML user directoryuserpassword Password for call.connectSetting up an operator 3.2.7 System21 data set up Ensuring that the HTTP administrative server is ready3.2.8 Java Web Start Configuring the HTTP Server on the iSeries Figure 3-12 HTTP Server configuration Figure 3-13 IBM HTTP Server Configuration and Administration page Configuring an HTTP Server for iSeries originalCreating a configuration Figure 3-15 Request routing page htm extension jnlp extensionCreating an instance Figure 3-18 Manage HTTP Servers page Configuring an HTTP Server for iSeries powered by ApacheType of server HTTP Server powered by Apache - recommended a. Select Static Web Pages and Files a. Click Add b. Enter the following information File Extension .jnlp Configuring JWS.bat Configuring CallConnect.jnlp3.3.1 Daily backups 3.2.9 Backup3. Click Install Java Web Start 3.3 call.connect housekeepingStarting WebSphere default instance 3.4 Troubleshooting3.3.3 Starting call.connect 3.3.4 Restoring IFS objects3.4.3 Errors when running the client 3.4.2 Errors on starting the client3.4.1 WebSphere node name 3.4.4 Cached data and .bl and .cd filesManually configured client Setting up logging on the client3.4.5 Log files and debugging Server3.5.1 Non-standard Order Management and call.connect installation 3.5 Manual configurationOrderManagement/test/cfg/ejbdefault PreGenerate Buying ListsStarting QEJBSBS on the iSeries 3.5.2 WebSphere manual configurationStarting the WebSphere console on a PC OrderManagement/test/cfg/log.cfgCreating JDBC drivers Creating DataSources3. Wait for the message, “Create completed successfully” Creating the application server Setting the node parametersCreating an EJB container Creating enterprise beans1. Right-click the container and select Create- Enterprise Bean Ejbdefault.cfg 3.5.3 Manual client installation3.6.1 Setting up a test instance of WebSphere 3.6 Alternative configurationsRunning the manually configured client Log.cfgSystem21 data 3.6.2 Setting up an iSeries server for a test systemJournaling Table 3-4 Steps required to configure a WebSphere instanceServer ejbdefault.cfg 3.6.3 Server configurationsystem21.password Password for this user Test useradminNodeName , -import , and -substitute 3.6.4 WebSphere administrationStarting the administration server Importing the configuration fileStarting application server 3.6.5 Manual client installationHTTP Server for iSeries original Testing Java Web StartEjbdefault.cfg Running the manually configured clientURL Template Replacement File Path HTTP Server for iSeries powered by ApacheIndex Actiona. Select Static Web Pages and Files Configuring CallConnect.jnlp Changing to another instanceConfiguring JWS.bat Figure 3-25 Manage HTTP Servers page Stopping the serverThe files to modify are ejbdefault.cfg log.cfg standard.properties See 3.6.5, “Manual client installation” on pageChapter 3. Installing and setting up call.connect Page Copyright IBM Corp. 2002. All rights reserved Chapter 4. Installing and setting up vendor.connect4.2 Installing vendor.connect 4.1 Preparing for the installationBasic steps checklist 4.1.1 Skills required4.2.2 Java components and configuration files 4.2.1 System21 basevendor.connect components 4.2.3 Restoring libraries 4.2.4 Installing and configuring WebSphereImporting the configuration file Starting the administration serverCreating a new instance Starting the instancePage 4.2.5 IBM HTTP Server for iSeries Ensuring that the HTTP Server is readyStarting the application Figure 4-3 AS/400 Tasks page Configuring the HTTP Server on the iSeriesFigure 4-4 IBM HTTP Server for AS/400 page Configuring IBM HTTP Server for iSeries originalFigure 4-5 IBM HTTP Server Configuration and Administration page Creating a configurationFigure 4-6 Create configuration page Chapter 4. Installing and setting up vendor.connectCreating an instance Journaling Setting up on the iSeriesYou must journal the following files at a minimum Command STRJRNPF FILE&L/&N JRNOSLF3/OSL OMTJRNE*OPNCLO Figure 4-8 Working with the user-defined optionsFigure 4-9 Create User-Defined Option display System21 data setup User profilesDatabase triggers Creating a queue manager 4.2.6 MQSeries4.2.8 Active Architecture framework 4.2.7 Work Management Trigger Handler for the iSeriesPublisher Verifying whether folders have write authorityUpdating the events rules Controller ConnectorManager.xml 4.2.10 Setting up new vendor.connect user IDs and supplier IDs4.2.9 JConnects server AIF .ini filesXML security Configuring the LDAP server Using LDAPb. Set Administrator name as CN=root a. Select the Start server when TCP is started boxc. Click the Password button. Enter and confirm your password Chapter 4. Installing and setting up vendor.connectFigure 4-13 Directory Properties Database/Suffixes page Using IBM SecureWaya. Enter the server name needjava in this example c. Enter the password you entered on the Add directory server display a. Select the Authenticated option b. Enter CN=root for User DNOn the Rebind to server panel these tasks d. Click OKc. Select the Organizational unit option Creating the vcadmin user in IBM SecureWay Creating the authorization rule Figure 4-20 Setting up a new user Figure 4-19 Logging on as vcadmin1. Set the library list by connecting to the iSeries 4. Run the set of SQL commands that are detailed in the following SQL example. They cause triggers to be fired so that the System21 data will be synchronized into the VendorConnect database. You can find the SQL in the SQL to sync dbs on initial load.txt file in the SQL folder 4.2.13 Backing up the configuration components 4.2.12 Testing the vendor.connect Web site4.3 Changing the iSeries on which the application is running 4.4 Housekeeping4.4.4 Restoring the vendor.connect IFS objects 4.4.3 StartingStarting the trigger handler and AIF controller Starting WebSphere default instanceChapter 5. Performance tuning This chapter covers performance tuning of Geac System21 productsCopyright IBM Corp. 2002. All rights reserved 5.1 Hardware 5.2 Operating System/400 OS/400 5.2.1 SQL server job configuration1. Sign on as QSECOFR 2. Enter the following command Figure 5-4 Display Prestart Job Entry Detail for QSQSRVR Figure 5-3 Display Prestart Job Entries listOnly one instance of WebSphere is running 5.2.2 Toolbox JDBC driver Note The commands are the same, but the parameters may be different Figure 5-7 WRKSYSSTS command showing the memory pool names 5.2.3 Subsystems and memory pools2. End the QEJBSBS subsystem by using the following command For a more simplified method, you can enter 12.End the SQL server prestart jobs by entering the following command 17.Change the SQL server prestart job to use the new pool 22.Check the QSQSRVR jobs by using the following command 5.2.4 Automatic performance adjustment 5.3.1 Stateful connections 5.2.5 Manual performance adjustment5.3.2 Stateless connections 5.3.3 Total connections and SQL server jobs 5.4 Performance topics for Java virtual machine JVM settings5.4.2 Maximum Java heap size 5.4.1 Initial Java heap size5.4.3 Verbose garbage collection 5.4.4 Static compilation Figure 5-20 The DSPJVAPGM command used with a compiled JAR file DSPJVAPGM CLSF/OrderManagement/Deployed/roseaodeployed.jarCRTJVAPGM CLSF/OrderManagement/Deployed/roseaodeployed.jar OPTIMIZE40 place of the OS/400 system class loader. This custom class loader does not detect the static programs 2. Add a colon to the end of each line, except the last Enterprise bean settings Performance requirements Application settingsConstrained performance Transaction time outPing interval and timeout Transaction inactivity time outFigure 5-24 Advanced page of the Application Server panel Datasource settings Idle time out Connection time outOrphan time out Figure 5-26 The Advanced page of the DataSource panelPage Copyright IBM Corp. 2002. All rights reserved Chapter 6. Tips and techniques6.1 The iSeries integrated file system 6.1.1 Using File Transfer Protocol FTP with the iSeries IFS 3. Expand File Systems, and select File Shares 6.1.2 Mapping a PC drive to the iSeries IFSFigure 6-1 Creating a file share 6.1.4 Stream files and CCSID 6.1.3 Editing an iSeries stream file using a PC editor6.1.6 Managing stream files with the OS/400 WRKLNK command 6.1.5 The cd commandTOCCSID819 DTAFMT*TXT cd /OrderManagement/log6.1.7 Other stream file commands 6.1.8 Stream file authority 6.2 The Qshell 6.1.9 Editing an iSeries stream file using the OS/400 EDTF commandFigure 6-4 The QSH Command Entry display 6.2.1 Managing stream files with Qshell commands 6.2.3 Viewing an iSeries stream file using the Qshell tail command 6.2.2 The touch and setccsid commands6.2.4 Qshell scripts tail -f /OrderManagement/log.stdout.txtDIRECTORY=/OrderManagement cd $DIRECTORY/log export DIRECTORY=/OrderManagementmyscript.sh redirect.out 6.3 Checking the QEJBSBS subsystem 6.3.1 Instance monitor jobs 6.3.2 Instance administration jobsFigure 6-6 Job log of the QEJBADMIN job Message . . . . WebSphere administration server QEJBADMIN readynetstat *cnn 6.3.3 Specifying ports 6.3.4 Application server jobsFigure 6-7 The NETSTAT command showing ports 900 and 6.4.1 Checking the WebSphere PTF level on the iSeries 6.4.2 Checking the WebSphere PTF level on a PC 6.5.1 Problems connecting the console to WebSphere on the iSeries 6.5 Common problems with commerce.connect on iSeries6.5.2 Checking the iSeries name as required by WebSphere 6.5.3 Checking the iSeries database name OS/400 Work Management, SC41-5306 Backup and Recovery, SC41-5304 How to get IBM RedbooksGeac call.connect Installation Guide Geac System21 Installation and Setup GuidePage Symbols IndexNumerics Page Page stateless connection Windows Explorer Page 0.2”spine 0.17”-0.473” 90-249 pages Page Page Learn helpful usage and performance tips and techniques Back coverFollow the step-by-step guide to install commerce.connect Geac System21 commerce.connect