Date Created: Wed 13-Jul-2011

Get my WebSphere Application Server course here >> http://www.themiddlewareshop.com/products/


Installing IBM Tivoli Directory Server for WebSphere version 8

Pleases read this article in it's entirety before you use the instructions, as I did it in a single pass and there are some forks in the process that might be different depending on your requirement.

When using a WebSphere Application Server federated LDAP repository for user and group management there are many LDAP providers. This article is a quick run though of how to install and use the Tivoli Directory Server Web Administration Tool with WAS 8.

Our goal is to set up some users for use ion testing federated LDAP repositories.


Download ITDS trial v6.3 from IBM at the following location: http://www-01.ibm.com/software/tivoli/products/directory-server/



I could used the ISO (Tivoli Directory Server 6.3 (ISO File) for Linux x86-64
tds63-linux-x86-64.iso (1.89 GB) bu I just wanted ITDS and DB/2


======================

Note: We are Installing DB2 first then ITDS

Locate the DB2 installer and run the installer by looking for the install script in the DB2 install folder

./db2_install

for example <CDROM or mount point>:/db2/



./db2setup






On next screen accept license











Backup and turn this option off





password = db2admin













review settings and click Finish, the installation wizard will now, begin the installation.





Required steps:

In order to start using DB2 you need to logon using a valid user ID such as the DB2 instance owner's ID "db2inst1".

You can connect to the DB2 instance "db2inst1" using the port number "50000". Record it for future reference.

Optional steps:

To validate your installation files, instance, and database functionality, run the Validation Tool, /opt/ibm/db2/V9.7/bin/db2val. For more information, see "db2val" in the DB2 Information Center.

Open First Steps by running "db2fs" using a valid user ID such as the DB2 instance owner's ID. You will need to have DISPLAY set and a supported web browser in the path of this user ID.

You should ensure that you have the correct license entitlements for DB2 products and features installed on this machine. Each DB2 product or feature comes with a license certificate file (also referred to as a license key) that is distributed on an Activation CD, which also includes instructions for applying the license file. If you purchased a base DB2 product, as well as, separately priced features, you might need to install more than one license certificate. The Activation CD for your product or feature can be downloaded from Passport Advantage if it is not part of the physical media pack you received from IBM. For more information on licensing, search the Information Center (http://publib.boulder.ibm.com/infocenter/db2luw/v9r7) using terms such as "licensing" or "db2licm".

Refer to "What's New" http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.wn.doc/doc/c0052035.html in the DB2 Information Center to learn about the new functions for DB2 9.7.

Verify that you have access to the DB2 Information Center based on the choices you made during this installation. If you performed a typical or a compact installation, verify that you can access the IBM Web site using the internet. If you performed a custom installation, verify that you can access the DB2 Information Center location specified during the installation.

Review the response file created at /root/db2ese.rsp. Additional information about response file installation is available in the DB2 documentation under "Installing DB2 using a response file".



===========================
Installing Tivoli Directory Server

cd tdsV6.3/tds

run the installer in X11 session

./install_tds.bin



Accept License screen













Next you can choose a WAS 7 instance or use the embedded server a provided by ITDS.




We will do this step later below




One installed a Java Administration tool will be loaded.




Click on the Create an Instance button as shown above




=========================

If you get this error then DB2 was not installed first! GO back and install it using the instructions covering DB2 install above.




===========================
I used the following values:
instance Owner
User password: ldapadmin
Encryption seed: QWERTY123456
Administratoin DN password: ldapadmin









One the instance has been created, click Manage




Click Start Administration Server



If the directory server has not started click start/stop

You can view setting by clicking on View, the following screen is presented.







Click finish

Installation root in my case is /opt/ibm/ldap/V6.3

=============================

DB/2 comes with an embedded WebSphere Application Server instance, we can administer DB/2 using the WAS server. I don't like this option and I could not get it to work and there is no clear manual. IBM has let us down on this one. the text below is just for reference, you may have the patience to get it working. I have done this manually using an existing WAS instance.

Copy the appsrv folder from the DVD to your Linux server. This is an installation template for WebSphere Express.


Installing Embedded WebSphere Application Server

To manually install Embedded WebSphere Application Server, use the following procedure:

After you download and unzip (or untar) the Tivoli Directory Server zip or tar files, go to the directory where you extracted the files, and then change to the appsrv subdirectory.
Type the following command at a command prompt:
On Windows systems:

install.bat -installRoot EWAS_installpath

On AIX®, Linux, and Solaris systems:

install.sh -installRoot EWAS_installpath

where EWAS_installpath is the directory where you are installing Embedded WebSphere Application Server. By convention, this directory is the appsrv subdirectory of the directory where Tivoli Directory Server is installed, but you can use any directory. (This directory is /opt/IBM/ldap/V6.3/appsrv on AIX and Solaris systems, /opt/ibm/ldap/V6.3/appsrv on Linux systems, and C:\Program Files\IBM\LDAP\V6.3\appsrv on Windows systems, by convention.)
Install the Web Administration Tool, using either the InstallShield GUI or an operating system utility for your operating system.

In my example, I used the following path as the installation root where I wanted the script to install the Embedded WebSphere Application Server 7.0

./install.sh -installRoot /opt/IBM/ldap/V6.3/appsrv

+---------------------------------------+
+ EWAS Version 7.0 Install +
+---------------------------------------+

Validating target directory ...
Copying files ...
Setting permissions ...
Installation complete.



============================

Use the following instructions to install and deploy IBM Web Administration Tool into WebSphere.

Install the Web Administration Tool using either the InstallShield GUI or the installation utility for your operating system. The file containing the Web Administration Tool is named IDSWebApp.war, and it is in the idstools subdirectory of the installation directory you specified during installation of Tivoli Directory Server.


==============================
CONTINUE HERE for MANUAL install to exiting WAS server
I elected to use a manual approach to deploy the IDSWebApp.war

If you WAS server does not already have a profile you could use this script
/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName TDSWebAdminProfile -profilePath /opt/ibm/ldap/V6.3/appsrv/profiles/TDSWebAdminProfile -templatePath /opt/IBM/WebSphere/AppServer/profileTemplates/default -nodeName DefaultNode -hostName localhost -cellName DefaultNode -isDefault -portsFile /opt/ibm/ldap/V6.3/idstools/TDSWEBPortDef.props

These will be the ports it uses:

WC_defaulthost=12100
WC_adminhost=12104
WC_defaulthost_secure=12101
WC_adminhost_secure=12105
BOOTSTRAP_ADDRESS=12102
SOAP_CONNECTOR_ADDRESS=12103
SAS_SSL_SERVERAUTH_LISTENER_ADDRESS=9405
CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS=9406
CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS=9407
ORB_LISTENER_ADDRESS=9105
DCS_UNICAST_ADDRESS=9375
IPC_CONNECTOR_ADDRESS=5563
SIB_ENDPOINT_ADDRESS=7276
SIB_ENDPOINT_SECURE_ADDRESS=7286
SIB_MQ_ENDPOINT_ADDRESS=5558
SIB_MQ_ENDPOINT_SECURE_ADDRESS=5577
SIP_DEFAULTHOST=5075
SIP_DEFAULTHOST_SECURE=5076


===============================

Steps showing deploying IDSWebApp.war, to WebSphere version 8

Install WAR file located in : /opt/ibm/ldap/V6.3/idstools/IDSWebApp.war

tLogin to the WebSphere Admin console, the default URL is:


http://<hostnameOfWASsystem>:9060/ibm/console

Enter the user ID and password of the user. This user should have sufficient permission to perform operations on WebSphere Application Server.
On the left navigational pane, expand Application and then click New Application.
From the New Application panel, click New Enterprise Application.


On the Path to the new application panel, do one of the following depending from where the WebSphere Admin console is launched:
If from the local system, select Local file system and then enter the path of the IDSWebApp.war file in the Full path field. You can also click Browse to specify the path.
If from a remote system, select Remote file system and then enter the path of the IDSWebApp.war file in the Full path field. You can also click Browse to specify the path.



Click Next

On the How do you want to install the application panel, select the option you want and click Next. In this example, the Fast Path option is selected.




On the Select installation options panel, the default options are selected. Click Next.



On the Map modules to server panel, user can map modules to the servers specified in the Clusters and servers field. Select the check box for the required module and then click Apply. After the mapping is done, click Next.



Ensure we have a WAS virtual host mapped.

On the Map virtual hosts for Web modules panel, user can map the Web application to the specific virtual servers. If there are more virtual hosts, it requires knowledge of the WebSphere environment to select the right module. In this example, there is only one default_host option is available for selection. Click Next.



On the Map context roots for Web modules, enter a context root in the field. For example, /IDSWebApp. It is recommended that you use this context root as the application at this stage has hard coded image resources! Maybe get's fixed in a fix pack?


Click Next. A summary of options you selected is displayed. Click Finish.
This initiates the installation of your application. A summary of installation is displayed.
To start the application, you must first save the changes to the master configuration. Click Save.


================================

On the left navigational pane, expand Applications and then click WebSphere enterprise applications under Application Types.
To start the application, from the Enterprise Applications panel select the check box adjacent to IDSWebApp_war and click Start.
Start the Web Administration Tool (for example, through the Administrative Console).
Now to launch the Web Administration Tool from a Web browser, type the following address:
For HTTP, type:

http://<localhost>:WAS_http_port/IDSWebApp

For HTTPS, type:

https://<localhost>:WAS_https_port/IDSWebApp

By default, the HTTP port is 9080, and the HTTPS port is 9443.

The Tivoli Directory Server Web Administration login page window is displayed.
Note:
This address works only if you are running the browser on the computer on which the Web Administration Tool is installed. If the Web Administration Tool is installed on a different computer, replace localhost with the hostname or IP address of the computer where the Web Administration Tool is installed.

If Global or Administrative security is turned on for Websphere Application Server and SSL must be enabled for the Web Administration Tool when deploying the Web Administration Tool into Websphere Application Server, user can use one of the following approaches:
- Deploy the Web Administration Tool into a new profile.
- If it is not possible to deploy the Web Administration Tool into a new profile, user must add the directory server's certificate to the profile's trust store. Additionally, for server-client authentication user must add the Websphere Application Server profile certificate to the directory server's trust store.




Launch Tivoli Directory Server Web Administration Tool

http://192.168.0.175:9080/IDSWebApp/








=============================

We can now login

superadmin/secret









You can now log out and re-login as the root DN.

User DN=cn=root
password=ldapadmin




Once you have logged in you can manage the directory.

However for this to be of any use in your WebSphere Federated WebSphere testing you need to configure the LDAP directory. We will import an LDIF file.

==========================================================
Still logged onto the machine hosting the directory server as any user in the default Administrators group (Windows) or as root (UNIX), type the following command at a command prompt:

./sbin/idsxcfg

to start the IBM Tivoli Directory Server Configuration Tool. In my case it is still running for the previous steps form when we installed TDS.

Click on Manage Suffixes:

o=mycompany.org






create an ldif file for importing

dn: o=mycompany.org
objectclass: top
objectclass: organization
o: mycompany.org

dn: cn=users,o=mycompany.org
objectclass: container
objectclass: top
cn: users

dn: cn=groups,o=mycompany.org
objectclass: top
objectclass: container
cn: groups

dn: uid=wasadmin,cn=users,o=mycompany.org
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: wasadmin
sn: admin
givenname: was
preferredlanguage: en
userpassword: wasadmin
cn: was admin

dn: CN=ldapbind,cn=users,o=mycompany.org
cn: ldapbind
uid: ldapbind
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
userpassword: ldapbind
sn: ldapbind
givenname: ldapbind
title: ldapbind
description: ldapbind

dn: CN=Steve Robinson,cn=users,o=mycompany.org
cn: Steve Robinson
uid: stever
mail: steve.robinson@mycompany.ord
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
userpassword: password
sn: Robinson
givenname: Steve
telephonenumber: 123456789
title: WebSphere Consultant
description: LDAP test user


What we can is import the ldif file



Please make sure you restart the LDAP server as it would have been stopped during the import.


What has been created?

The following entries have been made in the LDAP repository:
wasadmin(with a password=password)
Websphere Application Server administrator user.
ldapbind is used by WAS to access the LDAP repository (password=ldap user)
The user Steve is an end user (password=password)


Re using the Directory Server Web Administration Tool, select the Directory Management > Manage entries command for browsing your directory hierarchy, expand the hierarchy mycompany.org, then expand Users to check that the users imported are visible:



Expand until you see the users you have created



You are now ready to use these users for WebSphere Federated repository testing

Get my WebSphere Application Server course here >> http://www.themiddlewareshop.com/products/

Steve Robinson - IBM Champion 2013

About Me

Steve Robinson has been working in IT for over 20 years and has provided solutions for many leading brands around the world. Steve specialises in JEE, DevOps and Thought Leadership.

In January 2013, I was awarded the prestigous 'IBM Champion' accolade.


  • Linked In
  • Twitter
  • About Me
  • Contact Me

Read my books?

IBM WebSphere Application Server 8.0 Administration Guide

IBM WebSphere Application Server 8.0 Administration Guide

WebSphere Application Server 7.0 Administration Guide

WebSphere Application Server 7.0 Administration Guide

Courses

  • WebSphere Courses

Articles

WebSphere Categories

Other Categories