Migrating users from a Tomcat user database to a WebSphere Custom file-based registry (not LDAP).

Authors: MikeDelargy

When deploying IBM Collaborative Lifecycle Management (CLM) on Tomcat, user authentication information is stored in a Tomcat user database. When migrating to WebSphere from Tomcat, alternate methods of user authentication must be utilized.

For the majority of CLM deployments on WebSphere Application Server, an LDAP server is utilized to handle user authentication. However, if you do not have access to LDAP in your environment, you can still use WebSphere to host your applications by incorporating a Federated DB (Custom Registry) from within WebSphere. The purpose of this article is to guide you on this endeavor.

Setting up the Custom Registry in WAS

1. Create a directory on your WebSphere Application server called WAS_Security.

2. Create a file called groups.props in the WAS_Security directory

The file will have a format similar to:

#
# Format: 
# name:gid:users:display name 
#  Group Name   /  Group ID   / Users in the group separated by a comma   / Display name for the group
#       gid    = uniqueId of the group
#       users  = list of all the userIds that the group contains
#       display name =  (optional) display name for the group.

JazzAdmins:222:ADMIN,ted,bob
JazzDWAdmins:333:ADMIN,ted,bob
JazzProjectAdmins:444:ADMIN,ted,bob
JazzUsers:555:ADMIN,ted,dave,vikas,bob
JazzGuests:777:ADMIN,bob

3. Create a file called users.props in the WAS_Security directory

The file will have a format similar to:

#
# Format:
# name:passwd:uid:gids:display name 
# Name   /  password   / user id   /   IDs of the groups the user belongs to separated by comma  /  Display Name

# where name   = userId/userName of the user 
#       passwd = password of the user 
#       uid    = uniqueId of the user
#       gid    = groupIds of the groups that the user belongs to
#       display name = (optional) display name for the user. 

bob:bob1:123:222,333,444,555,777:Bob 

The above would result in: user bob
password bob1
user id 123
who is in all of the groups
display name Bob

dave:dave1:124,678:
jay:jay1:125,678,789:Jay-Jay
ted:ted1:126,678:Teddy G
jeff:jeff1:127,789:Jeff
vikas:vikas1:128:789:vikas
bobby:bobby1:129,789:
ADMIN:ADMIN;130:222,333,444,555,777:

Be sure to include all of your users and group IDs. Each of the users in a Tomcat deployment can be found in the tomcat-users.xml file found in the Tomcat directory.
Also worth noting: the password must be chosen by the person editing the user.props file, in other words it's not possible to migrate the password of the users over to WAS as it is encrypted.

Set up the Custom Registry in WebSphere Application Server

1. Log into the IBM Console http://your_server_name:9060/ibm/console
2. Go to Security --> Global Security
3. Click the Security Configuration Wizard

4. Select Enable Application Security

Click Next

5. Select Standalone Custom Registry

Click Next

6. Enter ADMIN for the Primary Administrative Name

7. Enter the following values

usersFile example: C:/IBM/WebSphere/WAS_Security/users.props

groupsFile example: C:/IBM/WebSphere/WAS_Security/groups.props

8. enter Review the Summary and click Finish

Proceed to setting up your CLM deployment on WebSphere Application Server

You can follow the steps outlined on the Configure CLM on Websphere Application Server with LDAP
Be sure to skip the step for Configure LDAP for WAS

Related topics: Deployment web home, Deployment web home

External links:

• IBM

Additional contributors: TWikiUser, TWikiUser