Disabling and Re-Enabling LDAP features

Posted by Unknown on
Use these instructions as an addendum to IBM infocenter documentation for enabling / disabling and re-enabling LDAP feature in WCS

Toolkit Scenario #1

#1 You have enabled LDAP feature by using enablementscript "–DfeatureName=ldap"
#2 You would like to now disable LDAP feature


1. Modify WCDE_ENT70\workspace\WC\xml\config\wc-server.xml in the MemberSubSystem element :
Change to
<MemberSubSystem
AuthenticationMode="DB" ProfileDataStorage="DB" ... And then restart
here is a snippet of configuration for LDAP and Database, comment out the section accordingly and restart Toolkit instance




2.  You need to now modify the Database account UID formats if you previously used it to login against LDAP.

update USERREG.LOGONID values to short format where LOGONID like 'uid=%'




Toolkit Scenario #2

#1 You have gone through Toolkit Scenatio #1 and would like to re-enable LDAP now.
#2 There is a known issue that if you re-run enablementscript "–DfeatureName=ldap" again it will complain that LDAP feature is already enabled, the reason is WCS stores LDAP configuration information in database as well and in the previous step we only rolled back the WC instance configuration for LDAP and unfortunately there is no clean way to rollback Database LDAP configuration, follow these tweaks to workaround this issue.


(a) Find the following two lines in                                  
components/common/xml/enableFeatureForToolkit.xml and markup (comment
out) the unless attributes. comment out is like <!-- AAAA -->        
                                                                     
    <target name="enableFeatureFDG" depends="getWASAdminUserPassword,
CheckPrereqInDBEAR" unless="isFullyEnabledInDBEAR${featureName}">    
    <target name="featureEnablementInToolkitWorkspace"                
depends="CheckPrereqInEAR" unless="isFeatureEnabledInEAR${featureName}">
                                                                     
(b) Find the following section and mark up the if-then check          
    <target name="featureEnablementInServer" >                        
         <if>                                                        
                <equals arg1="${enablementStatusInAppServer}"        
arg2="false"/>                                                        
         <then>     Here is a snippet of modified section of components/common/xml/enableFeatureForToolkit.xml                                                  

                                                                   
3. rerun the enable feature command.


Server Scenario #1

#1 You have enabled LDAP feature by using enablementscript "–DfeatureName=ldap"
#2 You would like to now disable LDAP feature
Follow this infocenter link, essentially this step modifies wc-server.xml to switch to DB Authentication mode and re-publishes the WC EAR file


Server Scenario #2

#1 You have gone through Server Scenatio #1 and would like to re-enable LDAP now.
#2. If LDAP is enabled in database, it registers a entry in SITE table   
with primary key as LDAP: SELECT COUNT(*) FROM SITE WHERE               
COMPNAME='ldap'                                                         
#3. If it is enabled in EAR, there will be a file called                 
LDAP.Server.70.component in the following directory:                    
    Toolkit: <Toolkit>/properties/version/ldap.toolkit.appserver.enabled
    Server: <wcUserInstallDir>/instances/<instanceName>properties/version/ldap.server.70.component                                                          
#4. If enablementScript detects that security is enabled in WAS and one of the          
repositories is WC_<instanceName>_Rep , it will not rerun the config in 
WAS.

(a) Delete from site where compname = 'ldap'                                
update USERREG.LOGONID values to short format where LOGONID like 'uid=%'
(b)  Remove the following file:                                          
    Toolkit: <Toolkit>/properties/version/ldap.toolkit.appserver.enabled
    Server:                                                             
<wcUserInstallDir>/instances/<instanceName>properties/version/ldap.serve
r.70.component                                                          
(c) disable security by updating security.xml, set enabled=false
Refer his technote for more details
(d) restart server1
(e) You should be able to run LDAP enablement script now.      

If you continue to see any configuration issues with LDAP, trace following components and work with your IBM support team

*=info: enable.trace.log.*=all :                                        
com.ibm.websphere.commerce.WC_USER=all:                                 
com.ibm.websphere.commerce.WC_SERVER=all : com.ibm.websphere.wim.*=all   
: com.ibm.ws.wim.*=all: com.ibm.wsspi.wim.*=all 
                                         

7 comments:

  1. i am running a website for plumbing works in dubai and i want to know that are there any tools on your blog which i can use to optimize my sites speed or can check that.?

    ReplyDelete
  2. Hello admin,
    I read your blog about the Disabling and Re-Enabling LDAP features. It is full of value as like your other blogs. Thanks for this information.
    Knowledgeadventure.com Games

    ReplyDelete
  3. It is a nice blog. I like the information you share with us.
    I was searching for this coding detail which you provide here and glad i find in.
    Thanks for that information
    gomovies

    ReplyDelete
  4. It's nice to read article about cxml, it will definitely help me in future.
    Commerce XML?

    ReplyDelete
  5. Blogs and articles can spark meaningful discussions and contribute to societal dialogue. They provide a platform for diverse perspectives and encourage readers to think critically about various topics. Digitalhikes The ability to voice opinions and exchange ideas fosters intellectual growth and encourages empathy.

    ReplyDelete
  6. Cogent assessment of the factors at play. Appreciate the balanced look at both sides of this multifaceted issue. Very informative overview on this complex subject. Not sure I fully agree with the proposed solution but value the conversation. tarpaulin

    ReplyDelete