r7 - 2015-01-23 - 17:54:26 - StevenBeardYou are here: TWiki >  Deployment Web > DeploymentAdminstering > MigrateUsersFromTomcatToWASFederatedDB

uc.png Migrating users from a Tomcat user database to a WebSphere Federated file-based registry (not LDAP).

Authors: MikeDelargy

When deploying IBM Collaborative Lifecycle Management (CLM) on Tomcat, user authentication information is stored in a Tomcat user database. When migrating to WebSphere from Tomcat, alternate methods of user authentication must be utilized.

For the majority of CLM deployments on WebSphere Application Server, an LDAP server is utilized to handle user authentication. However, if you do not have access to LDAP in your environment, you can still use WebSphere to host your applications by incorporating a Federated DB (Custom Registry) from within WebSphere. The purpose of this article is to guide you on this endeavor.

Setting up the Custom Registry in WAS

1. Create a directory on your WebSphere Application server called WAS_Security.

2. Create a file called groups.props in the WAS_Security directory

The file will have a format similar to:

#
# Format: 
# name:gid:users:display name 
#  Group Name   /  Group ID   / Users in the group separated by a comma   / Display name for the group
#       gid    = uniqueId of the group
#       users  = list of all the userIds that the group contains
#       display name =  (optional) display name for the group.

JazzAdmins:222:ADMIN,ted,bob
JazzDWAdmins:333:ADMIN,ted,bob
JazzProjectAdmins:444:ADMIN,ted,bob
JazzUsers:555:ADMIN,ted,dave,vikas,bob
JazzGuests:777:ADMIN,bob

3. Create a file called users.props in the WAS_Security directory

The file will have a format similar to:

#
# Format:
# name:passwd:uid:gids:display name 
# Name   /  password   / user id   /   IDs of the groups the user belongs to separated by comma  /  Display Name

# where name   = userId/userName of the user 
#       passwd = password of the user 
#       uid    = uniqueId of the user
#       gid    = groupIds of the groups that the user belongs to
#       display name = (optional) display name for the user. 

bob:bob1:123:222,333,444,555,777:Bob 

The above would result in: user bob
password bob1
user id 123
who is in all of the groups
display name Bob

dave:dave1:124,678:
jay:jay1:125,678,789:Jay-Jay
ted:ted1:126,678:Teddy G
jeff:jeff1:127,789:Jeff
vikas:vikas1:128:789:vikas
bobby:bobby1:129,789:
ADMIN:ADMIN;130:222,333,444,555,777:

Be sure to include all of your users and group IDs. Each of the users in a Tomcat deployment can be found in the tomcat-users.xml file found in the Tomcat directory.
Also worth noting: the password must be chosen by the person editing the user.props file, in other words it's not possible to migrate the password of the users over to WAS as it is encrypted.

Set up the Custom Registry in WebSphere Application Server

1. Log into the IBM Console http://your_server_name:9060/ibm/console
2. Go to Security --> Global Security
3. Click the Security Configuration Wizard
1_security_config_wiz.png

4. Select Enable Application Security
2_enable_app_security.png
Click Next

5. Select Standalone Custom Registry
3_standalone_cust_registry.png
Click Next

6. Enter ADMIN for the Primary Administrative Name

7. Enter the following values

usersFile example: C:/IBM/WebSphere/WAS_Security/users.props

groupsFile example: C:/IBM/WebSphere/WAS_Security/groups.props


4_enter_user_file_location.png

8. enter Review the Summary and click Finish

Proceed to setting up your CLM deployment on WebSphere Application Server

You can follow the steps outlined on the Configure CLM on Websphere Application Server with LDAP
Be sure to skip the step for Configure LDAP for WAS

Related topics: Deployment web home, Deployment web home

External links:

Additional contributors: TWikiUser, TWikiUser

Topic attachments
I Attachment Action Size Date Who Comment
Propsprops groups.props manage 0.4 K 2013-12-11 - 14:08 MikeDelargy  
Propsprops users.props manage 0.7 K 2013-12-11 - 14:09 MikeDelargy  
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r7 < r6 < r5 < r4 < r3 | More topic actions
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our Terms of Use. Please read the following disclaimer.
Ideas, requests, problems regarding the Deployment wiki? Create a new task in the RTC Deployment wiki project