Here’s a script that I used to configure the WebSphere 6.1 global security setting to use LDAP using Jython.
# Properties username = "user" password = "pass" ldapServer = "somecompany.com" ldapPort = "389" # Configure the LDAP authentication AdminConfig.save(); # This needs to happen so you can write to the Security file. ltpa = AdminConfig.list("LTPA"); ldapUserRegistry = AdminConfig.list("LDAPUserRegistry"); params = []; params.append(["primaryAdminId", username]); params.append(["useRegistryServerId", "false"]); params.append(["type", "ACTIVE_DIRECTORY"]); params.append(["realm", ldapServer + ":" + ldapPort]); params.append(["baseDN", "DC=somecompany,DC=com"]); params.append(["bindDN", "CN=" + username + ",OU=Service Accounts,DC=somecompany,DC=com"]); params.append(["bindPassword", password]); AdminConfig.modify(ldapUserRegistry, params); # Configure the LDAP Advanced Settings ldapSearchFilter = AdminConfig.list("LDAPSearchFilter"); params = []; params.append(["userFilter", "(&(sAMAccountName=%v)(objectcategory=user))"]); params.append(["groupFilter", "(&(cn=%v)(objectcategory=group))"]); params.append(["userIdMap", "user:sAMAccountName"]); params.append(["groupIdMap", "*:cn"]); params.append(["groupMemberIdMap", "memberof:member"]); params.append(["certificateMapMode", "EXACT_DN"]); params.append(["certificateFilter", ""]); AdminConfig.modify(ldapSearchFilter, params); # Configure the LDAP endpoint. endpointStr = AdminConfig.showAttribute(ldapUserRegistry, "hosts"); endpointStr = endpointStr[1:len(endpointStr)-1]; endpoint = endpointStr.split(' ')[0]; print endpoint params = []; params.append(["host", ldapServer]); params.append(["port", ldapPort]); AdminConfig.modify(endpoint, params); # Configure Global Security security = AdminConfig.list("Security") # ex. (cells/CompNode10Cell|security.xml#Security_1) params = []; params.append(["enabled", "true"]); params.append(["appEnabled", "true"]); params.append(["enforceJava2Security", "false"]); params.append(["activeUserRegistry", ldapUserRegistry]); params.append(["activeAuthMechanism", ltpa]); AdminConfig.modify(security, params); # Save Config at the end. AdminConfig.save();
Wow – great script, exactly what I was looking for! One question though, In a SSL enabled config – there are some more properties (apart from switching port) that you haven’t given an example of. That is setting “SSLEnabled” and then defining the SSL alias to use (at the bottom of the page in the NDMgr GUI – do you know how to set those two things?
haha never mind – found it already:
params.append([“sslEnabled”, “true”]);
params.append([“sslConfig”, “CellDefaultSSLSettings”])