configure itds to db2

8/10/2019 Configure ITDS to DB2

1/32

Installing IBM Tivoli Directory Server forWebSphere version 8 Pleases read this article in it's entirety before you use the instructions, as I did it in a single pass andthere are some forks in the process that might be different depending on your requirement .

When using a WebSphere Application Server federated LDAP repository for user and group managementthere are many LDAP providers. This article is a quick run though of how to install and use the TivoliDirectory Server Web Administration Tool with WAS 8.

Our goal is to set up some users for use ion testing federated LDAP repositories.

Download ITDS trial v6.3 from IBM at the following location: http://www-01.ibm.com/software/tivoli/products/directory-server/

I could used the ISO (Tivoli Directory Server 6.3 (ISO File) for Linux x86-64 tds63-linux-x86-64.iso (1.89 GB) bu I just wanted ITDS and DB/2

======================

Note: We are Installing DB2 first then ITDS

Locate the DB2 installer and run the installer by looking for the install script in the DB2 install folder

./db2_install

for example :/db2/
http://www-01.ibm.com/software/tivoli/products/directory-server/http://www-01.ibm.com/software/tivoli/products/directory-server/http://www-01.ibm.com/software/tivoli/products/directory-server/http://www-01.ibm.com/software/tivoli/products/directory-server/http://www-01.ibm.com/software/tivoli/products/directory-server/http://www-01.ibm.com/software/tivoli/products/directory-server/


2/32

./db2setup


3/32


4/32


5/32


6/32


7/32

Backup and turn this option off


8/32


9/32

password = db2admin


10/32


11/32


12/32


13/32

review settings and click Finish, the installation wizard will now, begin the installation.

Required steps:

In order to start using DB2 you need to logon using a valid user ID such as the DB2 instance owner's ID


14/32

"db2inst1".

You can connect to the DB2 instance "db2inst1" using the port number "50000". Record it for futurereference.

Optional steps:

To validate your installation files, instance, and database functionality, run the Validation Tool,/opt/ibm/db2/V9.7/bin/db2val. For more information, see "db2val" in the DB2 Information Center.

Open First Steps by running "db2fs" using a valid user ID such as the DB2 instance owner's ID. You willneed to have DISPLAY set and a supported web browser in the path of this user ID.

You should ensure that you have the correct license entitlements for DB2 products and features installedon this machine. Each DB2 product or feature comes with a license certificate file (also referred to as alicense key) that is distributed on an Activation CD, which also includes instructions for applying thelicense file. If you purchased a base DB2 product, as well as, separately priced features, you might needto install more than one license certificate. The Activation CD for your product or feature can bedownloaded from Passport Advantage if it is not part of the physical media pack you received from IBM.For more information on licensing, search the Information Center(http://publib.boulder.ibm.com/infocenter/db2luw/v9r7 ) using terms such as "licensing" or "db2licm".

Refer to "What's New"http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.wn.doc/doc/c0052035.html inthe DB2 Information Center to learn about the new functions for DB2 9.7.

Verify that you have access to the DB2 Information Center based on the choices you made during thisinstallation. If you performed a typical or a compact installation, verify that you can access the IBM Website using the internet. If you performed a custom installation, verify that you can access the DB2Information Center location specified during the installation.

Review the response file created at /root/db2ese.rsp. Additional information about response fileinstallation is available in the DB2 documentation under "Installing DB2 using a response file".

=========================== Installing Tivoli Directory Server

cd tdsV6.3/tds

run the installer in X11 session

./install_tds.bin
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7http://publib.boulder.ibm.com/infocenter/db2luw/v9r7http://publib.boulder.ibm.com/infocenter/db2luw/v9r7http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.wn.doc/doc/c0052035.htmlhttp://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.wn.doc/doc/c0052035.htmlhttp://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.wn.doc/doc/c0052035.htmlhttp://publib.boulder.ibm.com/infocenter/db2luw/v9r7


15/32

Accept License screen


16/32

Next you can choose a WAS 7 instance or use the embedded server a provided by ITDS.


17/32


18/32

Click on the Create an Instance button as shown above

=========================

If you get this error then DB2 was not installed first! GO back and install it using the instructions coveringDB2 install above.

=========================== I used the following values:


19/32


20/32


21/32

If the directory server has not started click start/stop

You can view setting by clicking on View, the following screen is presented.


22/32

Click finish

Installation root in my case is /opt/ibm/ldap/V6.3

=============================

DB/2 comes with an embedded WebSphere Application Server instance, we can administer DB/2 usingthe WAS server. I don't like this option and I could not get it to work and there is no clear manual. IBM haslet us down on this one. the text below is just for reference, you may have the patience to get it working. Ihave done this manually using an existing WAS instance.

Copy the appsrv folder from the DVD to your Linux server. This is an installation template for WebSphereExpress.

Installing Embedded WebSphere Application Server

To manually install Embedded WebSphere Application Server, use the following procedure:

After you download and unzip (or untar) the Tivoli Directory Server zip or tar files, go to the directorywhere you extracted the files, and then change to the appsrv subdirectory. Type the following command at a command prompt: On Windows systems:

install.bat -installRoot EWAS_installpath

On AIX, Linux, and Solaris systems:

install.sh -installRoot EWAS_installpath

where EWAS_installpath is the directory where you are installing Embedded WebSphere ApplicationServer. By convention, this directory is the appsrv subdirectory of the directory where Tivoli DirectoryServer is installed, but you can use any directory. (This directory is /opt/IBM/ldap/V6.3/appsrv on AIX andSolaris systems, /opt/ibm/ldap/V6.3/appsrv on Linux systems, and C:\ProgramFiles\IBM\LDAP\V6.3\appsrv on Windows systems, by convention.) Install the Web Administration Tool, using either the InstallShield GUI or an operating system utility foryour operating system.


23/32

In my example, I used the following path as the installation root where I wanted the script to install theEmbedded WebSphere Application Server 7.0

./install.sh -installRoot /opt/IBM/ldap/V6.3/appsrv

+---------------------------------------+

+ EWAS Version 7.0 Install + +---------------------------------------+

Validating target directory ... Copying files ... Setting permissions ... Installation complete.

============================

Use the following instructions to install and deploy IBM Web Administration Tool into WebSphere.

Install the Web Administration Tool using either the InstallShield GUI or the installation utility for youroperating system. The file containing the Web Administration Tool is named IDSWebApp.war, and it is inthe idstools subdirectory of the installation directory you specified during installation of Tivoli DirectoryServer.

============================== CONTINUE HERE for MANUAL install to exiting WAS server I elected to use a manual approach to deploy the IDSWebApp.war

If you WAS server does not already have a profile you could use this script

/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName TDSWebAdminProfile - profilePath /opt/ibm/ldap/V6.3/appsrv/profiles/TDSWebAdminProfile -templatePath /opt/IBM/WebSphere/AppServer/profileTemplates/default -nodeName DefaultNode -hostName localhost -cellName DefaultNode -isDefault -portsFile /opt/ibm/ldap/V6.3/idstools/TDSWEBPortDef.props

These will be the ports it uses:

WC_defaulthost=12100 WC_adminhost=12104 WC_defaulthost_secure=12101 WC_adminhost_secure=12105 BOOTSTRAP_ADDRESS=12102 SOAP_CONNECTOR_ADDRESS=12103

SAS_SSL_SERVERAUTH_LISTENER_ADDRESS=9405 CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS=9406 CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS=9407 ORB_LISTENER_ADDRESS=9105 DCS_UNICAST_ADDRESS=9375 IPC_CONNECTOR_ADDRESS=5563 SIB_ENDPOINT_ADDRESS=7276 SIB_ENDPOINT_SECURE_ADDRESS=7286 SIB_MQ_ENDPOINT_ADDRESS=5558


24/32

SIB_MQ_ENDPOINT_SECURE_ADDRESS=5577 SIP_DEFAULTHOST=5075 SIP_DEFAULTHOST_SECURE=5076

===============================

Steps showing deploying IDSWebApp.war, to WebSphere version 8

Install WAR file located in : /opt/ibm/ldap/V6.3/idstools/IDSWebApp.war

tLogin to the WebSphere Admin console, the default URL is:

http://:9060/ibm/console

Enter the user ID and password of the user. This user should have sufficient permission to performoperations on WebSphere Application Server.

On the left navigational pane, expand Application and then click New Application. From the New Application panel, click New Enterprise Application.

On the Path to the new application panel, do one of the following depending from where the WebSphere Admin console is launched: If from the local system, select Local file system and then enter the path of the IDSWebApp.war file in theFull path field. You can also click Browse to specify the path. If from a remote system, select Remote file system and then enter the path of the IDSWebApp.war file inthe Full path field. You can also click Browse to specify the path.

Click Next

On the How do you want to install the application panel, select the option you want and click Next. In thisexample, the Fast Path option is selected.


25/32

On the Select installation options panel, the default options are selected. Click Next.

On the Map modules to server panel, user can map modules to the servers specified in the Clusters and

servers field. Select the check box for the required module and then click Apply. After the mapping isdone, click Next.

Ensure we have a WAS virtual host mapped.


26/32

On the Map virtual hosts for Web modules panel, user can map the Web application to the specific virtualservers. If there are more virtual hosts, it requires knowledge of the WebSphere environment to select theright module. In this example, there is only one default_host option is available for selection. Click Next.

On the Map context roots for Web modules, enter a context root in the field. For example, /IDSWebApp. Itis recommended that you use this context root as the application at this stage has hard coded imageresources! Maybe get's fixed in a fix pack?

Click Next. A summary of options you selected is displayed. Click Finish. This initiates the installation of your application. A summary of installation is displayed. To start the application, you must first save the changes to the master configuration. Click Save.

================================

On the left navigational pane, expand Applications and then click WebSphere enterprise applicationsunder Application Types. To start the application, from the Enterprise Applications panel select the check box adjacent toIDSWebApp_war and click Start. Start the Web Administration Tool (for example, through the Administrative Console). Now to launch the Web Administration Tool from a Web browser, type the following address: For HTTP, type:

http://:WAS_http_port/IDSWebApp

For HTTPS, type:

https://:WAS_https_port/IDSWebApp

By default, the HTTP port is 9080, and the HTTPS port is 9443.

The Tivoli Directory Server Web Administration login page window is displayed. Note: This address works only if you are running the browser on the computer on which the Web AdministrationTool is installed. If the Web Administration Tool is installed on a different computer, replace localhost withthe hostname or IP address of the computer where the Web Administration Tool is installed.


27/32

If Global or Administrative security is turned on for Websphere Application Server and SSL must beenabled for the Web Administration Tool when deploying the Web Administration Tool into Websphere

Application Server, user can use one of the following approaches: - Deploy the Web Administration Tool into a new profile. - If it is not possible to deploy the Web Administration Tool into a new profile, user must add the directory

server's certificate to the profile's trust store. Additionally, for server-client authentication user must addthe Websphere Application Server profile certificate to the directory server's trust store.

Launch Tivoli Directory Server Web Administration Tool

http://192.168.0.175:9080/IDSWebApp/

=============================

We can now login

superadmin /secret
http://192.168.0.175:9080/IDSWebApp/http://192.168.0.175:9080/IDSWebApp/http://192.168.0.175:9080/IDSWebApp/


28/32


29/32


30/32

create an ldif file for importing

dn: o=mycompany.org objectclass: top objectclass: organization

o: mycompany.org

dn: cn=users,o=mycompany.org objectclass: container objectclass: top cn: users

dn: cn=groups,o=mycompany.org objectclass: top objectclass: container cn: groups

dn: uid=wasadmin,cn=users,o=mycompany.org

objectclass: organizationalPerson objectclass: person objectclass: top objectclass: inetOrgPerson uid: wasadmin sn: admin givenname: was preferredlanguage: en userpassword: wasadmin


31/32

cn: was admin

dn: CN=ldapbind,cn=users,o=mycompany.org cn: ldapbind uid: ldapbind objectclass: top

objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson userpassword: ldapbind sn: ldapbind givenname: ldapbind title: ldapbind description: ldapbind

dn: CN=Steve Robinson,cn=users,o=mycompany.org cn: Steve Robinson uid: stever mail: [email protected]

objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson userpassword: password sn: Robinson givenname: Steve telephonenumber: 123456789 title: WebSphere Consultant description: LDAP test user

What we can is import the ldif file


32/32

Please make sure you restart the LDAP server as it would have been stopped during the import.

What has been created?

The following entries have been made in the LDAP repository:

wasadmin(with a password=password) Websphere Application Server administrator user. ldapbind is used by WAS to access the LDAP repository (password=ldap user) The user Steve is an end user (password=password)

Re using the Directory Server Web Administration Tool, select the Directory Management > Manageentries command for browsing your directory hierarchy, expand the hierarchy mycompany.org, thenexpand Users to check that the users imported are visible:

Expand until you see the users you have created

You are now ready to use these users for WebSphere Federated repository testing

configure itds to db2

Documents