Date Created: Wed 13-Jul-2011

Get my WebSphere Application Server course here >>

Installing IBM Tivoli Directory Server for WebSphere version 8

Pleases read this article in it's entirety before you use the instructions, as I did it in a single pass and there are some forks in the process that might be different depending on your requirement.

When using a WebSphere Application Server federated LDAP repository for user and group management there are many LDAP providers. This article is a quick run though of how to install and use the Tivoli Directory Server Web Administration Tool with WAS 8.

Our goal is to set up some users for use ion testing federated LDAP repositories.

Download ITDS trial v6.3 from IBM at the following location:

I could used the ISO (Tivoli Directory Server 6.3 (ISO File) for Linux x86-64
tds63-linux-x86-64.iso (1.89 GB) bu I just wanted ITDS and DB/2


Note: We are Installing DB2 first then ITDS

Locate the DB2 installer and run the installer by looking for the install script in the DB2 install folder


for example <CDROM or mount point>:/db2/


On next screen accept license

Backup and turn this option off

password = db2admin

review settings and click Finish, the installation wizard will now, begin the installation.

Required steps:

In order to start using DB2 you need to logon using a valid user ID such as the DB2 instance owner's ID "db2inst1".

You can connect to the DB2 instance "db2inst1" using the port number "50000". Record it for future reference.

Optional steps:

To validate your installation files, instance, and database functionality, run the Validation Tool, /opt/ibm/db2/V9.7/bin/db2val. For more information, see "db2val" in the DB2 Information Center.

Open First Steps by running "db2fs" using a valid user ID such as the DB2 instance owner's ID. You will need to have DISPLAY set and a supported web browser in the path of this user ID.

You should ensure that you have the correct license entitlements for DB2 products and features installed on this machine. Each DB2 product or feature comes with a license certificate file (also referred to as a license key) that is distributed on an Activation CD, which also includes instructions for applying the license file. If you purchased a base DB2 product, as well as, separately priced features, you might need to install more than one license certificate. The Activation CD for your product or feature can be downloaded from Passport Advantage if it is not part of the physical media pack you received from IBM. For more information on licensing, search the Information Center ( using terms such as "licensing" or "db2licm".

Refer to "What's New" in the DB2 Information Center to learn about the new functions for DB2 9.7.

Verify that you have access to the DB2 Information Center based on the choices you made during this installation. If you performed a typical or a compact installation, verify that you can access the IBM Web site using the internet. If you performed a custom installation, verify that you can access the DB2 Information Center location specified during the installation.

Review the response file created at /root/db2ese.rsp. Additional information about response file installation is available in the DB2 documentation under "Installing DB2 using a response file".

Installing Tivoli Directory Server

cd tdsV6.3/tds

run the installer in X11 session


Accept License screen

Next you can choose a WAS 7 instance or use the embedded server a provided by ITDS.

We will do this step later below

One installed a Java Administration tool will be loaded.

Click on the Create an Instance button as shown above


If you get this error then DB2 was not installed first! GO back and install it using the instructions covering DB2 install above.

I used the following values:
instance Owner
User password: ldapadmin
Encryption seed: QWERTY123456
Administratoin DN password: ldapadmin

One the instance has been created, click Manage

Click Start Administration Server

If the directory server has not started click start/stop

You can view setting by clicking on View, the following screen is presented.

Click finish

Installation root in my case is /opt/ibm/ldap/V6.3


DB/2 comes with an embedded WebSphere Application Server instance, we can administer DB/2 using the WAS server. I don't like this option and I could not get it to work and there is no clear manual. IBM has let us down on this one. the text below is just for reference, you may have the patience to get it working. I have done this manually using an existing WAS instance.

Copy the appsrv folder from the DVD to your Linux server. This is an installation template for WebSphere Express.

Installing Embedded WebSphere Application Server

To manually install Embedded WebSphere Application Server, use the following procedure:

After you download and unzip (or untar) the Tivoli Directory Server zip or tar files, go to the directory where you extracted the files, and then change to the appsrv subdirectory.
Type the following command at a command prompt:
On Windows systems:

install.bat -installRoot EWAS_installpath

On AIX®, Linux, and Solaris systems: -installRoot EWAS_installpath

where EWAS_installpath is the directory where you are installing Embedded WebSphere Application Server. By convention, this directory is the appsrv subdirectory of the directory where Tivoli Directory Server is installed, but you can use any directory. (This directory is /opt/IBM/ldap/V6.3/appsrv on AIX and Solaris systems, /opt/ibm/ldap/V6.3/appsrv on Linux systems, and C:\Program Files\IBM\LDAP\V6.3\appsrv on Windows systems, by convention.)
Install the Web Administration Tool, using either the InstallShield GUI or an operating system utility for your operating system.

In my example, I used the following path as the installation root where I wanted the script to install the Embedded WebSphere Application Server 7.0

./ -installRoot /opt/IBM/ldap/V6.3/appsrv

+ EWAS Version 7.0 Install +

Validating target directory ...
Copying files ...
Setting permissions ...
Installation complete.


Use the following instructions to install and deploy IBM Web Administration Tool into WebSphere.

Install the Web Administration Tool using either the InstallShield GUI or the installation utility for your operating system. The file containing the Web Administration Tool is named IDSWebApp.war, and it is in the idstools subdirectory of the installation directory you specified during installation of Tivoli Directory Server.

CONTINUE HERE for MANUAL install to exiting WAS server
I elected to use a manual approach to deploy the IDSWebApp.war

If you WAS server does not already have a profile you could use this script
/opt/IBM/WebSphere/AppServer/bin/ -create -profileName TDSWebAdminProfile -profilePath /opt/ibm/ldap/V6.3/appsrv/profiles/TDSWebAdminProfile -templatePath /opt/IBM/WebSphere/AppServer/profileTemplates/default -nodeName DefaultNode -hostName localhost -cellName DefaultNode -isDefault -portsFile /opt/ibm/ldap/V6.3/idstools/TDSWEBPortDef.props

These will be the ports it uses:



Steps showing deploying IDSWebApp.war, to WebSphere version 8

Install WAR file located in : /opt/ibm/ldap/V6.3/idstools/IDSWebApp.war

tLogin to the WebSphere Admin console, the default URL is:


Enter the user ID and password of the user. This user should have sufficient permission to perform operations on WebSphere Application Server.
On the left navigational pane, expand Application and then click New Application.
From the New Application panel, click New Enterprise Application.

On the Path to the new application panel, do one of the following depending from where the WebSphere Admin console is launched:
If from the local system, select Local file system and then enter the path of the IDSWebApp.war file in the Full path field. You can also click Browse to specify the path.
If from a remote system, select Remote file system and then enter the path of the IDSWebApp.war file in the Full path field. You can also click Browse to specify the path.

Click Next

On the How do you want to install the application panel, select the option you want and click Next. In this example, the Fast Path option is selected.

On the Select installation options panel, the default options are selected. Click Next.

On the Map modules to server panel, user can map modules to the servers specified in the Clusters and servers field. Select the check box for the required module and then click Apply. After the mapping is done, click Next.

Ensure we have a WAS virtual host mapped.

On the Map virtual hosts for Web modules panel, user can map the Web application to the specific virtual servers. If there are more virtual hosts, it requires knowledge of the WebSphere environment to select the right module. In this example, there is only one default_host option is available for selection. Click Next.

On the Map context roots for Web modules, enter a context root in the field. For example, /IDSWebApp. It is recommended that you use this context root as the application at this stage has hard coded image resources! Maybe get's fixed in a fix pack?

Click Next. A summary of options you selected is displayed. Click Finish.
This initiates the installation of your application. A summary of installation is displayed.
To start the application, you must first save the changes to the master configuration. Click Save.


On the left navigational pane, expand Applications and then click WebSphere enterprise applications under Application Types.
To start the application, from the Enterprise Applications panel select the check box adjacent to IDSWebApp_war and click Start.
Start the Web Administration Tool (for example, through the Administrative Console).
Now to launch the Web Administration Tool from a Web browser, type the following address:
For HTTP, type:


For HTTPS, type:


By default, the HTTP port is 9080, and the HTTPS port is 9443.

The Tivoli Directory Server Web Administration login page window is displayed.
This address works only if you are running the browser on the computer on which the Web Administration Tool is installed. If the Web Administration Tool is installed on a different computer, replace localhost with the hostname or IP address of the computer where the Web Administration Tool is installed.

If Global or Administrative security is turned on for Websphere Application Server and SSL must be enabled for the Web Administration Tool when deploying the Web Administration Tool into Websphere Application Server, user can use one of the following approaches:
- Deploy the Web Administration Tool into a new profile.
- If it is not possible to deploy the Web Administration Tool into a new profile, user must add the directory server's certificate to the profile's trust store. Additionally, for server-client authentication user must add the Websphere Application Server profile certificate to the directory server's trust store.

Launch Tivoli Directory Server Web Administration Tool


We can now login


You can now log out and re-login as the root DN.

User DN=cn=root

Once you have logged in you can manage the directory.

However for this to be of any use in your WebSphere Federated WebSphere testing you need to configure the LDAP directory. We will import an LDIF file.

Still logged onto the machine hosting the directory server as any user in the default Administrators group (Windows) or as root (UNIX), type the following command at a command prompt:


to start the IBM Tivoli Directory Server Configuration Tool. In my case it is still running for the previous steps form when we installed TDS.

Click on Manage Suffixes:

create an ldif file for importing

objectclass: top
objectclass: organization

dn: cn=users,
objectclass: container
objectclass: top
cn: users

dn: cn=groups,
objectclass: top
objectclass: container
cn: groups

dn: uid=wasadmin,cn=users,
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: wasadmin
sn: admin
givenname: was
preferredlanguage: en
userpassword: wasadmin
cn: was admin

dn: CN=ldapbind,cn=users,
cn: ldapbind
uid: ldapbind
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
userpassword: ldapbind
sn: ldapbind
givenname: ldapbind
title: ldapbind
description: ldapbind

dn: CN=Steve Robinson,cn=users,
cn: Steve Robinson
uid: stever
mail: steve.robinson@mycompany.ord
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
userpassword: password
sn: Robinson
givenname: Steve
telephonenumber: 123456789
title: WebSphere Consultant
description: LDAP test user

What we can is import the ldif file

Please make sure you restart the LDAP server as it would have been stopped during the import.

What has been created?

The following entries have been made in the LDAP repository:
wasadmin(with a password=password)
Websphere Application Server administrator user.
ldapbind is used by WAS to access the LDAP repository (password=ldap user)
The user Steve is an end user (password=password)

Re using the Directory Server Web Administration Tool, select the Directory Management > Manage entries command for browsing your directory hierarchy, expand the hierarchy, then expand Users to check that the users imported are visible:

Expand until you see the users you have created

You are now ready to use these users for WebSphere Federated repository testing

Get my WebSphere Application Server course here >>

Steve Robinson - IBM Champion 2013

About Me

Steve Robinson has been working in IT for over 20 years and has provided solutions for many leading brands around the world. Steve specialises in JEE, DevOps and Thought Leadership.

In January 2013, I was awarded the prestigous 'IBM Champion' accolade.

  • Linked In
  • Twitter
  • About Me
  • Contact Me

Read my books?

IBM WebSphere Application Server 8.0 Administration Guide

IBM WebSphere Application Server 8.0 Administration Guide

WebSphere Application Server 7.0 Administration Guide

WebSphere Application Server 7.0 Administration Guide


  • WebSphere Courses


WebSphere Categories

Other Categories