Archive by Author | santosh_nair

Step by Step: High Availability & Fault Tolerance of Deployment Manager using NFS on Linux

The DETAILED STEPS can be downloaded from the below link

http://webspherepundit.com/wp-content/uploads/2016/08/High-Availability-Fault-Tolerance-of-the-Deployment-Manager-using-NFS-on-Linux.pdf

 

Abstract:

  • For this exercise a shared filesystem will be created using NFS 4 on which the dmgr profile will be created.
  • This filesystem would be mounted on both the Primary and secondary dmgr servers.
  • Ip alias and host alias would be used during the creation of dmgrs profiles
  • The Ip alias will be active only on one Dmgr at a time either primary or standby depending on the situation of failover or failback.
  • The dmgr process will be running on the node which hosts the ip alias .

NOTE : I have used NFS4 to simulate this scenario .. but in a productions env you could use SAN storage or any similar Technology . Also for the clustering it can be setup using any other OS based clustering available like POWER HA or RHEL Clustering etc

Env Diagram :

WebSphere Version: 8.5.5.0
OS : RHEL 6.5

dmgrHA1

Highlevel Steps :

Step1 : Install and configure NFS 4 on the Server which will hold the Dmgr profile
Step2 : Create the Shared Filesystem for Dmgr profiles on the NFS Server
Step3: Mount shared filesystem on Primary Dmgr : dmgr1.myorg.com  (10.0.0.1)
Step4: Mount shared filesystem on Standby Dmgr : dmgr2.myorg.com  (10.0.0.2)
Step5: Set Ip Alias on the Primary ie dmgr1.myorg.com (10.0.0.1)
Step6: Install WebSphere Application Server on the Primary Dmgr ie dmgr1.myorg.com (10.0.0.1)
Step7: Create the Dmgr profile on dmgr1.myorg.com
Step8: Install WebSpere Application Server on the Application Server Node ie wasnode.myorg.com (10.0.0.3)
Step9: Create AppServer profile on wasnode.myorg.com (10.0.0.3)
Step10: Federate the Appserver Profile from wasnode.myorg.com (10.0.0.3) to the Dmgr Cell
Step11: Install WebSpere Application Server on the Standby  Dmgr ie dmgr2.myorg.com (10.0.0.2)
Step12: Copy profileRegistry.xml from the dmg1.myorg.com to dmg2.myorg.com
Step13: Failover from Primary ie dmgr1.myorg.com ( 10.0.0.1) to the Standby dmgr2.myorg.com (10.0.0.2)
Step14: Testing the Failover to Standby dmgr2.myorg.com ( 10.0.0.2) from Primary ie dmgr1.myorg.com ( 10.0.0.1)
Step15: Failback to Primary ie dmgr1.myorg.com ( 10.0.0.1) from  Standby dmgr2.myorg.com ( 10.0.0.2)

 

To get automated mail updates of my Posts..
Please subscribe to the site http://webspherepundit.com
And also like the Facebook Page
https://www.facebook.com/webspherepundit

 

“Unable to obtain an object lock on “null” & table or view does not exist” after adding Vertical Portal Cluster member

We were getting the below error in the SystemOut.logs  in our newly added WebSpherePortal server during restart and at runtime .

Error:

[6/14/16 14:18:14:404 IST] 00000063 JPAEventlogRe E   Synchronization Failed. Error: Unable to obtain an object lock on “null”.   <openjpa-2.2.3-SNAPSHOT-r422266:1564471 fatal store error> org.apache.openjpa.persistence.OptimisticLockException: Unable to obtain an object lock on “null”.
FailedObject: SELECT V FROM VirtualPortalEntryImpl V WHERE V.VP = :VP [java.lang.String]
at org.apache.openjpa.jdbc.sql.DBDictionary.narrow(DBDictionary.java:4983)
[6/14/16 14:18:15:994 IST] 00000063 ModuleManager E    <openjpa-2.2.3-SNAPSHOT-r422266:1564471 fatal store error> org.apache.openjpa.persistence.OptimisticLockException: Unable to  obtain an object lock on “null [java.lang.String]”.
FailedObject: 0 [org.apache.openjpa.util.IntId] [java.lang.String]

Caused by: org.apache.openjpa.lib.jdbc.ReportingSQLException: ORA-00942: table or view does not exist 
{prepstmnt 1108295475 SELECT t0.VPID FROM jcr.WCM_VPORTALS t0 WHERE t0.VPID = ?} [code=942, state=42000]

Image1

Image2

Background:

It’s a newly created Server with vertical cluster and two Members  ie WebSphere_Portal and WebSphere_Portal_1

1) The Portal Cluster Creation was performed before the DB transfer
2) Second Portal Vertical Cluster member was created after the DB transfer
3) DB Oracle :Schema Names , FDKBUSR,LMDBUSR,RELDBUSR,COMDBUSR,CUSTDBUSR,
JCRDBUSR
4) The error were only displayed in the SystemOut.log for Second Portal Member
“WebSphere_Portal_1”

Steps Taken:

As the logs mentioned some locking errors,

a) I stopped  WebSphere_Portal and just working on “WebSphere_Portal_1” still same error on WebSphere_Portal_1
b) I started WebSphere_Portal_1 first  and then started WebSphere_Portal ..still same error on WebSphere_Portal_1

 On reanalyzing the logs found this entry in the logs of WebSphere_Portal_1

“Caused by: org.apache.openjpa.lib.jdbc.ReportingSQLException: ORA-00942: table or view does not exist
{prepstmnt 1108295475 SELECT t0.VPID FROM jcr.WCM_VPORTALS t0 WHERE t0.VPID = ?} [code=942, state=42000]”

>>Our schema for JCRDB is JCRDBUSR whereas in the error  its referring to “SELECT t0.VPID FROM jcr.WCM_VPORTALS t0 WHERE t0.VPID = ?}”

Also this table didn’t exist in the Database

So it seems  “WebSphere_Portal_1” was somehow referring to the default schema instead of the one configured for the Cluster

Solution :

On checking the WebSphere Variable Under Scope : Node : Nodename and Server = ServerName

Ie Scope : Node : NodeName and Server : WebSphere_Portal_1

 Here the Variable  for WebSphere_Portal_1

WCM_Schema : jcr
WCM_DATASOURCE= jdbc/wpdbDS

 These were the default settings but those details were  not as per our environment

Image3

Comparing with same variables from WebSphere_Portal for these parameters

For WebSphere_Portal the variables were :
WCM_Schema : JCRDBUSR
WCM_DATASOURCE= jdbc/wpdbDS_jcr
WCM_PORT=10028

I changed the Websphere Variable for Node : NodeName and Server : WebSphere_Portal_1 from

 WCM_Schema : jcr
WCM_DATASOURCE= jdbc/wpdbDS
WCM_PORT=10028

To

WCM_Schema : JCRDBUSR
WCM_DATASOURCE= jdbc/wpdbDS_jcr
WCM_PORT=10103

 

Image4

>>Sync the config and Save the changes
>>Restart the  Portal Servers

This resolved the Errors from the logs and we were able to login and access the portal url of WebSphere_Portal_1

Additional Link:

Later found this link which mentions to make those changes if “transferred your databases after you created the cluster, “

https://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/install/add_vert_clus.html

 “ If you transferred your databases after you created the cluster, complete the following steps on each vertical cluster member:

  1. Log on to the deployment manager WebSphere Integrated Solutions Console.
  2. Go to Environment > WebSphere Variables.
  3. From the Scope menu, select the Node=nodename, Server=servername option to narrow the scope of the listed variables. Node=nodename is the node that contains the WebSphere Portal application server.
  4. Update the WCM_DATASOURCE variable with the JCR data source name. Create the variable in the jdbc/jcr.DataSourceName format. For example, jdbc/wpdbds_jcr.
  5. Save all changes and synchronize the nodes.

 

To get automated mail updates of my Posts..
Please subscribe to the site http://webspherepundit.com
And also like the Facebook Page
https://www.facebook.com/webspherepundit

Sample ldif file — 2

Sample User addition ldif file for Tivoli Directory Server

Suffix : dc=myorg,dc=com

Create a file createUser.ldif

[root@connections V6.3]# vi /opt/ibm/ldap/V6.3/createuser.ldif

Copy the below lines to the createuser.ldif

dn: dc=myorg,dc=com
objectclass: domain
objectclass: top
dc: myorg,dc=com
dc: myorg

dn: cn=admusers,dc=myorg,dc=com
objectclass: container
objectclass: top
cn: admusers

dn: cn=employee,dc=myorg,dc=com
objectclass: container
objectclass: top
cn: employee

dn: cn=groups,dc=myorg,dc=com
objectclass: top
objectclass: container
cn: groups

dn: uid=wasadmin,cn=admusers,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: wasadmin
userpassword: wasadmin
sn: wasadmin
givenName: wasadmin
cn: wasadmin

dn: uid=wasoperator,cn=admusers,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: wasoperator
userpassword: wasoperator
sn: wasoperator
givenName: wasoperator
cn: wasoperator

dn: uid=cadmin,cn=admusers,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: cadmin
userpassword: cadmin
sn: cadmin
givenName: cadmin
cn: cadmin

dn: uid=fnadmin,cn=admusers,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: fnadmin
userpassword: fnadmin
sn: fnadmin
givenName: fnadmin
cn: fnadmin

dn: uid=ldapbind,cn=admusers,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: ldapbind
userpassword: ldapbind
sn: ldapbind
givenName: ldapbind
cn: ldapbind

dn: uid=wasmonitor,cn=admusers,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: wasmonitor
userpassword: wasmonitor
sn: wasmonitor
givenName: wasmonitor
cn: wasmonitor

dn: uid=wpsbind,cn=admusers,dc=myorg,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: wpsbind
userpassword: wpsbind
sn: wpsbind
givenName: wpsbind
cn: wpsbind

dn: uid=conadmin,cn=admusers,dc=myorg,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: conadmin
userpassword: conadmin
sn: conadmin
givenName: conadmin
cn: conadmin

dn: uid=wpsadmin,cn=admusers,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: wpsadmin
userpassword: wpsadmin
sn: wpsadmin
givenName: wpsadmin
cn: wpsadmin

dn: uid=vivek,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: vivek
userpassword: vivek
sn: pujari
givenName: vivek pujari
cn: vivek

dn: uid=chirag,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: chirag
userpassword: chirag
sn: pujari
givenName: chirag pujari
cn: chirag

dn: uid=ravi,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: ravi
userpassword: ravi
sn: pujari
givenName: ravi pujari
cn: ravi

dn: uid=pratik,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: pratik
userpassword: pratik
sn: pujari
givenName: pratik pujari
cn: pratik

dn: uid=santosh,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: santosh
userpassword: santosh
sn: nair
givenName: santosh nair
cn: santosh

dn: uid=vijaya,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: vijaya
userpassword: vijaya
sn: nair
givenName: vijaya nair
cn: vijaya

dn: uid=mihika,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: mihika
userpassword: mihika
sn: temkar
givenName: mihika temkar
cn: mihika

dn: uid=Akshita,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Akshita
userpassword: Akshita
sn: temkar
givenName: Akshita temkar
cn: Akshita

dn: uid=Abha,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Abha
userpassword: Abha
sn: temkar
givenName: Abha temkar
cn: Abha

dn: uid=Arushi,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Arushi
userpassword: Arushi
sn: temkar
givenName: Arushi temkar
cn: Arushi

dn: uid=Adrika,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Adrika
userpassword: Adrika
sn: temkar
givenName: Adrika temkar
cn: Adrika

dn: uid=Abhijit,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Abhijit
userpassword: Abhijit
sn: temkar
givenName: Abhijit temkar
cn: Abhijit

dn: uid=Abhiram,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Abhiram
userpassword: Abhiram
sn: temkar
givenName: Abhiram temkar
cn: Abhiram

dn: uid=Abhisar,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Abhisar
userpassword: Abhisar
sn: modi
givenName: Abhisar modi
cn: Abhisar

dn: uid=Abhi,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Abhi
userpassword: Abhi
sn: modi
givenName: Abhi modi
cn: Abhi

dn: uid=Aagney,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Aagney
userpassword: Aagney
sn: modi
givenName: Aagney modi
cn: Aagney

dn: uid=Aadit,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Aadit
userpassword: Aadit
sn: modi
givenName: Aadit modi
cn: Aadit

dn: uid=Achal,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Achal
userpassword: Achal
sn: modi
givenName: Achal modi
cn: Achal

dn: uid=Achalraj,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Achalraj
userpassword: Achalraj
sn: modi
givenName: Achalraj modi
cn: Achalraj

dn: uid=Aadesh,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Aadesh
userpassword: Aadesh
sn: modi
givenName: Aadesh modi
cn: Aadesh

dn: uid=Durvish,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Durvish
userpassword: Durvish
sn: modi
givenName: Durvish modi
cn: Durvish

dn: uid=Dvimidha,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Dvimidha
userpassword: Dvimidha
sn: modi
givenName: Dvimidha modi
cn: Dvimidha

dn: uid=Dyaus,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Dyaus
userpassword: Dyaus
sn: modi
givenName: Dyaus modi
cn: Dyaus

dn: uid=Eashan,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Eashan
userpassword: Eashan
sn: modi
givenName: Eashan modi
cn: Eashan

dn: uid=Ekachakra,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Ekachakra
userpassword: Ekachakra
sn: kumar
givenName: Ekachakra kumar
cn: Ekachakra

dn: uid=Ekalinga,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Ekalinga
userpassword: Ekalinga
sn: kumar
givenName: Ekalinga kumar
cn: Ekalinga

dn: uid=Ekanga,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Ekanga
userpassword: Ekanga
sn: kumar
givenName: Ekanga kumar
cn: Ekanga

dn: uid=Eklavya,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Eklavya
userpassword: Eklavya
sn: kumar
givenName: Eklavya kumar
cn: Eklavya

dn: uid=Eknath,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Eknath
userpassword: Eknath
sn: kumar
givenName: Eknath kumar
cn: Eknath

dn: uid=Eshaan,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Eshaan
userpassword: Eshaan
sn: kumar
givenName: Eshaan kumar
cn: Eshaan

dn: uid=Eshwar,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Eshwar
userpassword: Eshwar
sn: kumar
givenName: Eshwar kumar
cn: Eshwar

dn: uid=Falak,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Falak
userpassword: Falak
sn: kumar
givenName: Falak kumar
cn: Falak

dn: uid=Fateh,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Fateh
userpassword: Fateh
sn: kumar
givenName: Fateh kumar
cn: Fateh

dn: uid=Gagan,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Gagan
userpassword: Gagan
sn: shetty
givenName: Gagan shetty
cn: Gagan

dn: uid=Gagandeep,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Gagandeep
userpassword: Gagandeep
sn: shetty
givenName: Gagandeep shetty
cn: Gagandeep

dn: uid=Gajanan,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Gajanan
userpassword: Gajanan
sn: shetty
givenName: Gajanan shetty
cn: Gajanan

dn: uid=Gajendra,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Gajendra
userpassword: Gajendra
sn: shetty
givenName: Gajendra shetty
cn: Gajendra

dn: uid=Gajendranath,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Gajendranath
userpassword: Gajendranath
sn: kapoor
givenName: Gajendranath kapoor
cn: Gajendranath

dn: uid=Gaman,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Gaman
userpassword: Gaman
sn: kapoor
givenName: Gaman kapoor
cn: Gaman

dn: uid=Hanshal,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Hanshal
userpassword: Hanshal
sn: kapoor
givenName: Hanshal kapoor
cn: Hanshal

dn: uid=Haresh,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Haresh
userpassword: Haresh
sn: kapoor
givenName: Haresh kapoor
cn: Haresh

dn: uid=Hari,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Hari
userpassword: Hari
sn: kapoor
givenName: Hari kapoor
cn: Hari

dn: uid=Harihar,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harihar
userpassword: Harihar
sn: patel
givenName: Harihar patel
cn: Harihar

dn: uid=Harina,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harina
userpassword: Harina
sn: patel
givenName: Harina patel
cn: Harina

dn: uid=Haridutt,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Haridutt
userpassword: Haridutt
sn: patel
givenName: Haridutt patel
cn: Haridutt

dn: uid=Harilal,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harilal
userpassword: Harilal
sn: patel
givenName: Harilal patel
cn: Harilal

dn: uid=Harith,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harith
userpassword: Harith
sn: patel
givenName: Harith patel
cn: Harith

dn: uid=Harman,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harman
userpassword: Harman
sn: patel
givenName: Harman patel
cn: Harman

dn: uid=Harmendra,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harmendra
userpassword: Harmendra
sn: patel
givenName: Harmendra patel
cn: Harmendra

dn: uid=Harsh,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harsh
userpassword: Harsh
sn: patel
givenName: Harsh patel
cn: Harsh

dn: uid=Harshad,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harshad
userpassword: Harshad
sn: patel
givenName: Harshad patel
cn: Harshad

dn: uid=Harshal,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harshal
userpassword: Harshal
sn: patel
givenName: Harshal patel
cn: Harshal

dn: uid=Harshul,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harshul
userpassword: Harshul
sn: patel
givenName: Harshul patel
cn: Harshul

dn: uid=Harsith,cn=employee,dc=myorg,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: Harsith
userpassword: Harsith
sn: patel
givenName: Harsith patel
cn: Harsith

==============================
==============================
Add Members to the Groups

Suffix : dc=myorg,dc=com

Create a file addmembers.ldif

[root@connections V6.3]# vi /opt/ibm/ldap/V6.3/addmembers.ldif

Copy the below lines to the addmembers.ldif
dn: cn=hr,cn=groups,dc=myorg,dc=com
objectclass: accessGroup
objectclass: ibm-searchLimits
cn: hr
ibm-searchsizelimit: 200000
ibm-searchtimelimit: 0
member: uid=Adrika,cn=employee,dc=myorg,dc=com
member: uid=Abhijit,cn=employee,dc=myorg,dc=com
member: uid=Abhiram,cn=employee,dc=myorg,dc=com
member: uid=Abhisar,cn=employee,dc=myorg,dc=com
member: uid=Abhi,cn=employee,dc=myorg,dc=com
member: uid=Aagney,cn=employee,dc=myorg,dc=com
member: uid=Aadit,cn=employee,dc=myorg,dc=com
member: uid=Achal,cn=employee,dc=myorg,dc=com
member: uid=Achalraj,cn=employee,dc=myorg,dc=com
member: uid=Aadesh,cn=employee,dc=myorg,dc=com
member: uid=Durvish,cn=employee,dc=myorg,dc=com

dn: cn=accounts,cn=groups,dc=myorg,dc=com
objectclass: groupOfUniqueNames
cn: account
uniquemember: uid=Dvimidha,cn=employee,dc=myorg,dc=com
uniquemember: uid=Dyaus,cn=employee,dc=myorg,dc=com
uniquemember: uid=Eashan,cn=employee,dc=myorg,dc=com
uniquemember: uid=Ekachakra,cn=employee,dc=myorg,dc=com
uniquemember: uid=Ekalinga,cn=employee,dc=myorg,dc=com
uniquemember: uid=Ekanga,cn=employee,dc=myorg,dc=com
uniquemember: uid=Eklavya,cn=employee,dc=myorg,dc=com
uniquemember: uid=Eknath,cn=employee,dc=myorg,dc=com
uniquemember: uid=Eshaan,cn=employee,dc=myorg,dc=com
uniquemember: uid=Eshwar,cn=employee,dc=myorg,dc=com
uniquemember: uid=Falak,cn=employee,dc=myorg,dc=com
uniquemember: uid=Fateh,cn=employee,dc=myorg,dc=com

dn: cn=admins,cn=groups,dc=myorg,dc=com
objectclass: groupOfUniqueNames
cn: admins
uniquemember: uid=wasadmin,cn=admusers,dc=myorg,dc=com
uniquemember: uid=wasoperator,cn=admusers,dc=myorg,dc=com
uniquemember: uid=cadmin,cn=admusers,dc=myorg,dc=com
uniquemember: uid=fnadmin,cn=admusers,dc=myorg,dc=com
uniquemember: uid=ldapbind,cn=admusers,dc=myorg,dc=com
uniquemember: uid=wasmonitor,cn=admusers,dc=myorg,dc=com
uniquemember: uid=wpsbind,cn=admusers,dc=myorg,dc=com
uniquemember: uid=conadmin,cn=admusers,dc=myorg,dc=com
uniquemember: uid=wpsadmin,cn=admusers,dc=myorg,dc=com

Sample ldif file — 1

Sample User addition ldif file for Tivoli Directory Server

Suffix : dc=ibm,dc=com

Create a file createUser.ldif

[root@connections V6.3]# vi /opt/ibm/ldap/V6.3/createuser.ldif

Copy the below lines to the createuser.ldif
dn: dc=ibm,dc=com
objectclass: domain
objectclass: top
dc: ibm,dc=com
dc: ibm

dn: cn=users,dc=ibm,dc=com
objectclass: container
objectclass: top
cn: users

dn: cn=groups,dc=ibm,dc=com
objectclass: top
objectclass: container
cn: groups

dn: uid=wpsadmin,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: wpsadmin
userpassword: wpsadmin
sn: admin
givenName: wps
cn: wps admin

dn: uid=santosh,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: santosh
userpassword: santosh
sn: santosh
givenName: wps
cn: wps santosh

dn: uid=vijaya,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: vijaya
userpassword: vijaya
sn: vijaya
givenName: wps
cn: wps vijaya

dn: uid=mihika,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: mihika
userpassword: mihika
sn: mihika
givenName: wps
cn: wps mihika

dn: uid=siva,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: siva
userpassword: siva
sn: siva
givenName: wps
cn: wps siva

dn: uid=ganesh,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: ganesh
userpassword: ganesh
sn: ganesh
givenName: wps
cn: wps ganesh

dn: uid=cognosadm,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: cognosadm
userpassword: cognosadm
sn: cognosadm
givenName: wps
cn: wps cognosadm

dn: uid=webadmin,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: webadmin
userpassword: webadmin
sn: webadmin
givenName: wps
cn: wps webadmin

dn: uid=shiva,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: shiva
userpassword: shiva
sn: shiva
givenName: wps
cn: wps shiva

dn: uid=wpsadmin,cn=users,dc=ibm,dc=com
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: wpsadmin
userpassword: wpsadmin
sn: admin
givenName: wps
cn: wps admin

dn: uid=wpsbind,cn=users,dc=ibm,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: wpsbind
userpassword: wpsbind
sn: bind
givenName: wps
cn: wps bind

dn: cn=wpsadmins,cn=groups,dc=ibm,dc=com
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: uid=wpsadmin,cn=users,dc=ibm,dc=com
cn: wpsadmins

Installing ifixes in IBM Connections 4.5 CR 5

This blog will provide the highlevel steps to install an ifixes on IBM Connections 4.5 CR 5.

Note: These steps are generic in nature and would apply for most of the ifix in connections unless specified by the PMR team or documented in the ReadMe of that ifix

Env: IBM Connections 4.5 CR 5

iFixes to be installed :

4.5.0.0-IC-News-IFLO75278.jar

4.5.0.0-IC-News-IFLO75278-OSGi.jar

IBM connections Installation Path : /opt/IBM/Connections

Step1: Ensure that the ifixes are not already installed

              a. Run the setupCmdLine.sh to load the env setting for the Connections

[root@connections1 /]$ . /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/setupCmdLine.sh

NOTE: the updateSilent.sh command will not launch if the setupCmlLine.sh is not executed

            b. Navigate to where the updateInstaller is located , in my case its /opt/IBM/Connections/updateInstaller

[[root@connections1 /]$cd /opt/IBM/Connections/updateInstaller

            c. Run the updateSilent.sh with the attributes mentioned below

 [root@connections1 updateInstaller]$ ./updateSilent.sh -fix -installDir /opt/IBM/Connections | grep 75278 

Where 75278   is the ifix Number  which we are going to install

image

We don’t have the ifixes installed so proceed with the downloading of the ifixes

Step2: Download the Fixpack from the Fixcentral based on your environment and your issues

We will downloading the ifix 4.5.0.0-IC-News-IFLO75278.jar & 4.5.0.0-IC-News-IFLO75278-OSGi.jar

NOTE :For the ifix to be installed the Fix Central will recommend the prerequisite updateInstaller

which needed to be installed

Download the following

      4.5.0.0-IC-News-IFLO75278.jar

      4.5.0.0-IC-News-IFLO75278-OSGi.jar

And also download the UPDI which is required to install the above ifix

    4.5.0.0-IC-Multi-UPDI-20131020.zip

image

=================================================================

NOTE : This is needed only if your updateInstaller is not of the same version

To check the version of the updateInsaller

            a. Navigate to /opt/IBM/Connections/updateInstaller/version

bash-3.2$ [root@connections1 /]$ cd /opt/IBM/Connections/updateInstaller/version

       b. Open lcui.product file

[root@connections1 version]$ more lcui.product‘<!DOCTYPE product SYSTEM “product.dtd”>
‘<product name=”Update Installer for IBM Connections”>
‘<id>lcui</id>
‘<version>4.5.0.0</version>
‘<build-info date=”10/20/2013” level=”00000001″/>
‘</product>
[root@connections1 version]$

Which is  4.5.0.0-IC-Multi-UPDI-20131020.zip

If the version are same as the one required by the ifix  you don’t need to upgrade your updateInstaller

===================================================================

Step3: Installation of the New updateInstaller 4.5.0.0-IC-Multi-UPDI-20131020.zip

NOTE: This step is needed only if the updateInstaller is lower that the one required by the ifixes

 a. Extract the 4.5.0.0-IC-Multi-UPDI-20131020.zip

b.Take the backup of the existing updateInstaller in the location /opt/IBM/Connections/

[root@connections1 Connections]$cd /opt/IBM/Connections/
[root@connections1 Connections]$mv updateInstaller updateInstaller.backup

c. Extract the file 4.5.0.0-IC-Multi-UPDI-20131020.zip in the location /opt/IBM/Connections

And make the scripts executable with chmod 755 *.sh if it is not in executable

[root@connections1 updateInstaller]$chmod –R 755 *.sh

That’s It .. This will install the updateInstaller

Step4: Take the necessary backup

        a. Take the backup of the Connections Customization Directory. You could take a tarzip

backup or copy it in a backup location

NOTE : To get the Customization Directory

Login to the connections admin console >>

WebSphere Variables >>CONNECTIONS_CUSTOMIZATION_PATH

[root@connections1 ifixes]$ cp -r /share/customization/ /backup/customization.backup

          b. Take the backup of the LotusConnections-config from the Dmgr Cell

[root@connections1 updateInstaller]$ cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/connectionsCell01/
[root@connections1 connectionsCell01]$ cp -r LotusConnections-config/ /backup/LotusConnections-config.backup

          c. Take the copy  of the Existing ifixes installed for references

For Eg.

[root@connections1 updateInstaller]$ . /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/setupCmdLine.sh
[root@connections1 updateInstaller]$ ./updateSilent.sh -fix -installDir /opt/IBM/Connections > /backup/VersionDetails_BeforeIfix.txt

 

        d. Take the Backup of the specific Database if the ifix modifies some changes in the DB

Step5: Installation of the Ifix

1. Stop the Connections Servers Servers and the Nodeagent

2. Ensure the dmgr is started Otherwise during the UpdateWizard will not be able to proceed further

 3. Copy the ifix which were downloaded from the fixcentral to the ifixes folder in updateInstaller Folder  , Though  It can be any location within the server

[root@connections1 updateInstaller]$ mkdir /opt/IBM/Connections/updateInstaller/ifixes

            

  The Files were transferred using Winscp

image

[root@connections1 updateInstaller]$ ls -l ifixes

image

  4. Launch the GUI Console of RHEL Server

As root ( or any user with which the installation was done) launch the GUI Console of the

RHELServer using VNC or Xming or any X11 forwarding tools

        

  5.  Run setupCmdLine.sh to load the env variables

[root@connections1 updateInstaller]$ . /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/setupCmdLine.sh

NOTE: the updateWizard.sh command will not launch if the setupCmdLine.sh is not executed

6. Then Launch the updateWizard.sh from  the GUI from the path /opt/IBM/Connections/updateInstaller

image

   7. Click Next on the welcome screen

image

          8. Select the “Install updates ” Option and provide the Path of the ifixes folder .

          In my case its /opt/IBM/Connections/updateInstaller/ifixes.

Then click Next

image

         9. The updateWizard will detect the ifixes in that folder . We had copied two ifixes  

4.5.0.0-IC-News-IFLO75278.jar

4.5.0.0-IC-News-IFLO75278-OSGi.jar

We can click “Details” if we want more information on these ifixes

Select both the ifixes and click Next

NOTE: If there are any dependencies ifixes requirement it will be prompted

image

        10. The updateWizard will provide a message to take the necessary backups before the installation.

Check the box and Click  OK

image

          11.  Provide the Deployment Manager Admin user name and Password . This will be validated to proceed

image

            l2. After the Validation Successful .. Click OK

image

          13.   Check the summary page . it will again display the ifixes which we have selected to Install

Click Install

image

Note : It may take some time depending on the number of ifixes

image

           14. The logs are created in the /opt/IBM/Connections/version/log/

Tail the logs for the ifixes

 [root@connections1 log]$ cd /opt/IBM/Connections/version/log/
[root@connections1 log]$tail –f  20151107_032631_LO75278-OSGi_news_install.log

image

              15.  If the iFIx installation was successful we will get a “ Result: The iFix Installation was successful”

message in the updateWizard

image

Checks the logs too . The BUILD SUCESSFUL message should be displayed in them

image

===============================================================================

NOTE: The Installation of the ifix can be done using command line too

For example:

[root@connections1 updateInstaller]$./updateSilent.sh -installDir /opt/IBM/Connections -fix -fixDir /opt/IBM/Connections/update/ifixes -install -fixes LO75278 LO75278-OSGi -wasUserId wasadmin -wasPassword <password>  -featureCustomizationBackedUp yes

=============================================================================

           16. Validate if the ifix is installed

[root@connections1 log]$ cd /opt/IBM/Connections/updateInstaller

a. Run setupCmdLine.sh

[root@connections1 /]$ . /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/setupCmdLine.sh

 b. Run updateScript.sh with the options mentioned below

[root@connections1 updateInstaller]$ ./updateSilent.sh -fix -installDir /opt/IBM/Connections | grep 75278

image

We see that the ifixes for LO75278 is installed

   17.  Restart Dmgr and Check the dmgr logs
Stop Dmgr

[root@connections1 /]$ cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/stopManager.sh

Provide the wasadmin credentials while stopping

           Start dmgr

[root@connections1 /]$ cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh

18. Start the nodeagent , Do a full synchronization

[root@connections1 /]$ /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh
  1. Start the Sever , and check  the logs for any errors

In this way we can install the Ifixes for on IBM connections 4.5

 

To get regular mail updates on my Posts..
Please subscribe to the site http://webspherepundit.com
And also like the Facebook Page
https://www.facebook.com/webspherepundit

Integrate TDS LDAP with Websphere Applicaiton Server

Security is a critical aspect of any distributed application model. Most of the firms have a centralized repository of the users in LDAP servers like Active Directory, TDS, Open DJ etc.

Activity :
To Integrate Tivoli Directory Server LDAP with Websphere Application Server as Federated Repository

Assumptions : 
a) Tivoli Directory server is allready Installed and users are avaliable in it ( Note Any LDAP ie Active Directory , TDS , OpenDj , Sun Directory Server etc can be used )

b) Websphere Application Server is installed and profiles and servers created and running .
c) The TDS Ldap server should be reachable from the DMGR and the Nodes .. so you can test it using telnet command
From Dmgr and Node check telnet to LDAP at Port 389 ( or which ever port its is running)

Eg : telnet <Ldap IP> 389

d) In this example I have a Dmgr , Nodeagent and a server and will be integrating the Dmgr with TDS LDap

 

Steps to Integrate LDAP with WAS

Step 1: Details from the LDAP Team.
Before beginning the Ldap Integrating there are a few information  which are needed from the LDAP team ( If its not managed by you )

Basic Details needed :

Hostname/IP address of TDS Server : 10.0.0.15
Port No : 386  ( non SSL)
Bind DN : cn =root
Bind Password : password
Base Dn: dc=ibm,dc=com

Additional properties may be needed depending on your env like
User Filter:
Group filter:
User ID map:
Group ID map:  etc..

But in my case its not needed as most are default

NOTE : Ensure that the WAS admin user which we logged in the WAS console with ie wasadmin is unique in both the Filebased and in LDAP  ie the user wasadmin should not be avaliable in the LDAP  as its allready there in the FileBased Registry

And If “wasadmin” is also there in LDAP , then there will be conflict and we will be prevented to login to the admin console as “wasadmin” post the Integration with TDS.

As a best practice , keep wasadmin intact but create another user in the LDAP and later add this use to the admin group from the was console .

For eg  I have created “webadmin” as an user in the LDAP which I will add to the was administration group after the WAS integration wth LDAP in this article

This is applicable for all the users in the WAS and LDAP. It should be unique in the repositories

 

Step 2: Validating using LDAP Browsers

a) Downlaod the Ldap Browser and extract it . Then Launch the “lbe.jar”

lbe

lbe1

b) Go File >> New

lbe2

c) Give a name to the connections for recognition . I have entered TDSLDAP

lbe3

d) Go to “Connections” tab

LdapBrowser1
             1) Enter the IP Address(10.0.0.15) Port No (389) and click Fetch DN .
             2) Select dc=ibm,dc=com
            3) Uncheck  “Anonymous bind”
            4) Enter username “cn=root” and password = password
            5) Click Save and then Connect

e) We will see all the users which are there in the Ldap in the Ldap Browser console

LdapBrowser2

Step 3: Once all the information is available and validated, we can proceed with the integration of Ldap with WAS


Step 4: 
Login to the WAS Admin console with wasadmin user

url :https://10.0.0.15:9043/ibm/console 

Just to check the list of users Navigate to Users and Group >> Manage Users
We  see the List of users before the integration . Only “wasadmin” as File Based Realm

FederatedRepos0

Step 5: To Integrate Ldap .. Click  “Global Security “

FederatedRepos

Then Click “Configure” on the Federated Repositories


Step 6:
 Click on “Manage Repositories” as per the screenshot

FederatedRepos1


Step 7:
 Click  “ADD” and  , Select “LDAP repository” from the dropdown

FederatedRepos3


Step 8:
 This page we need to enter the details of the LDAP ( shared by Ldap team )
      a ) Enter the LDAP Name  (  Can be any name which will identify it . I have named it TDSLDAP )
     b )  In the Drop Down Select “IBM Tivoli Directory Server “
     c ) Enter the Bind Distintguised Name : cn=root
    d )   Enter the Bind Password : password
    e )  Here the Federated Repository properties for login is “uid” it might differ based on your              environment it could be “cn” “email id ” etc
    f )  Primary Host Name : connections.ibm.com ( you could provide the ip too )
    g )  Port No : 389
    i )  Click Apply and Save

FederatedRepos4

 

FederatedRepos5


Step 9:
 Click on Global security > Federated repositories

FederatedRepos6

Click on “Add Repositories ( LDAP custom etc )


Step 10:
 From the drop Down Select “TDSLDAP”

FederatedRepos7

Enter the Base DN in our case : dc=ibm,dc=com


Step 11:
 Click Apply and Save

FederatedRepos8


Step 12:
 Check “Allow operations if some of the repositories are down”

FederatedRepos9

This will enable us to login as wasadmin to the admin console even if the LDAP id down .


Step 13: 
Click Apply and Save

FederatedRepos10

Step 14: Do full Synchronise


Step 15:
 Stop the Servers, Nodeagent and the Dmgr

Stop Servers
/opt/IBM/WebSphere/AppServer/profiles/Custom01/bin/stopServer.sh server1

Stop Nodeagent
/opt/IBM/WebSphere/AppServer/profiles/Custom01/bin/stopNode.sh server1

Stop Dmgr
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/stopManager.sh

 

Step 16: Start the Dmgr , Nodeagent and Servers
Start Dmgr :
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh

Start Nodeagent :
/opt/IBM/WebSphere/AppServer/profiles/Custom01/bin/startNode.sh

Start Server :
/opt/IBM/WebSphere/AppServer/profiles/Custom01/bin/startServer.sh server1

Check for any errors for LDAP etc in the SystemOut logs


Step 17:
 Validation : Now login with the file based registry user ie “wasadmin”

We can see the users from the LDAP and also  wasadmin user from file based repository


tds1

 

 

Testing

Test 1: We will add user “santosh”  from the LDAP as a monitor role in WAS  and test it

           a ) Click User and Groups >> Administrative user Roles
Currently only “wasadmin” is available

FederatedRepos32

b )
 Click Add ,

FederatedRepos32

          c ) Select “monitor” Role
Search the users using the Search button , We will be able to see the users from the ldap
Select “santosh” and drag it to the other side

FederatedRepos33
Select OK and Save the configurations

FederatedRepos34
The user “santosh “ is added to the Administrative role as a “monitor” Role

FederatedRepos35Apply and Sync with the nodes

         d )  Now Logout

         e )  Try login with user Santosh and password: password (As mentioned in the LDAP ) 
         f )  We are able to login properly if all the setting are done correctly

FederatedRepos36
           g )  Navigate to other options and you will not see lots of options which were visible in the                            wasadmin login

FederatedRepos37
for eg under Nodes we dont see the options like Full Syncronise , Add etc


Test 2 :
 We will add webadmin this user is from the LDPA we will add it to the admin group

               a)  Click User and Groups >> Administrative user Roles
Currently only “wasadmin” is there
              b )  Click Add ,

              c )  Select “administrator” Role
Search the users using the Search button , We will be able to see the users there
Select “webadmin” and drag it to the other side

FederatedRepos38

Click OK and Save the changes

FederatedRepos39
Apply and Sync with the nodes

          d ) Now Logout

         e )  Try login with user webadmin and password: password (Password from the Ldap) 

FederatedRepos40
         f ) We will see all the options which were available for wasadmin is also available for                     “webadmin“.

 

This is how we integrate TDS LDAP with Websphere Application Server . Similarly we can integrate any LDAP like Active Directory  etc in a federated Repository .

 

 

To get regular mail updates on my Posts..
Please subscribe to the site http://webspherepundit.com
And also like the Facebook Page
https://www.facebook.com/webspherepundit

 

Step By Step Installation and Configuration of Tivoli Directory Server 6.3 on RHEL

Activity : High Level Steps for Installation and basic Configuration of  Tivoli Directory Server 6.3 on Linux RHEL

Environment : Redhat Linux 5.6 64 Bit.
TDS Version : Tivoli Directory Server 6.3
Software File: tds63-linux-x86-64.iso

Step 1: Login to the Passport Advantage and download the TDS Software “tds63-linux-x86-64.iso

Step 2: Copy the software “tds63-linux-x86-64.iso” to the Linux Server

InstallTDS

InstallTDS1

Login to the TDS Server on the GUI Console or enable X11 forwarding to enable the GUI mode for the installation

Step 3: Mount the tds63-linux-x86-64.iso as a loop on the /mnt location using mount command

[root@connections IBMSoftware]# mount -o loop tds63-linux-x86-64.iso /mnt/

InstallTDS3
Step 4 :Navigate to the tds folder in the /mnt

login as: root
[root@connections2 ~]# cd /mnt/
[root@connections2 mnt]# ls -ltr

InstallTDS5

Step 5 :Execute the install_tds.bin folder

InstallTDS6

Step 6 : Select the English Language

InstallTDS7

Step 7 :The Install Shield Wizard opens up .. Click Next

InstallTDS8

 Step 8 : Accept the License

InstallTDS9

Step 9: Select the “Custom” Option

InstallTDS10

Step 10 : We can select the options available like

DB2 ( It is needed for the TDS . The user details , tree structure etc are all stored in the DB2 Database)
Tivoli Global Security Kit
Embedded Websphere Application Server  ( for the Web based administration )
etc
InstallTDS11

Step 11 :It provides the Summary of the path where the installation of various components would take place .
Click Install

InstallTDS12

Step 12 : It will take some time . the progress bar will display the components which are getting installed

InstallTDS13

InstallTDS14png

Step 13 :Once the Installation the TDS Instance Administration tool will open up
We need to create a new TDS instance ..

NOTE : you can launch the TDS Instance Administration tool using the idsxinst command too

[root@connections ~]# cd /opt/ibm/ldap/V6.3/sbin/
[root@connections sbin]# ./idsxinst

This tool will create the TDS Instance . Also note that this wizard will also create a DB instance

InstallTDS15

Step 14 :Check “Create the Instance “ Option

InstallTDS16

Step 15 : We will create a Default Instance

InstallTDS18

Step 16 : Update the passwords for the instance ( Please set a more complex password )
I have set password as “password
Encryption seed : qwertyqwerty
Administration DN password : password

Then Click Next

InstallTDS19
Step 17 :The Default Instance created is “dsrdbm01

InstallTDS20

Once done , Click Finish

It would take some time , Be patient ( you could view the logs on the console too )

InstallTDS21

Step 18 :The Task Completed Message would be prompted when its finished

InstallTDS22

Click Close

Step 19 : We can see the dsrdbm01 Instance Created

InstallTDS23

But you need to have X11 forwarding enabled on the Putty or the GUI mode for the Linux

Step 20 :Once the TDS Administration tool is launched

We observe that the TDS Instance Server is stopped state and TDS Administration Server is started state

To start the TDS Instance Server click on “Start/Stop”

InstallTDS23

Step 21 :Click the “Start Server” button

InstallTDS24
InstallTDS25

InstallTDS26

Step 22 : To View the details of the ports .. Click the View Button on the TDS Administration tool

InstallTDS26

InstallTDS29

Step 23 :To change the TDS Admin password :

In the TDS Administration tool >> Click on Manage

InstallTDS30
It will launch the TDS Configuration Tool

NOTE : To launch the TDS configuration tool you can navigate to /opt/ibm/ldap/V6.3/sbin/idsxcfg
[root@connections ~]# cd /opt/ibm/ldap/V6.3/sbin/
[root@connections sbin]# ./idsxcfg

Click on “Manage Administrator password “
Set the password

InstallTDS31

we need to restart the TDS Instance Server which will be prompted

InstallTDS32

These are the steps to install and create a Tivoli Directory Server Instances

Some Important Commands
Note : In our case “LDAP Install directory” is /opt/ibm/ldap/V6.3/sbin/
a) Starting an instance                     LDAP Install directory/sbin/idsslapd -I
b) Stopping an instance                   LDAP Install directory/bin/ibmdirctl stop -h [IP of the Server] -D cn=root -w password
Or
c) Stopping an instance                   LDAP Install directory/sbin/idsslapd -I -k
d) Checking an instance                  LDAP Install directory/bin/ibmdirctl status -h localhost -D cn=root -w password
e) Displaying list of instances        LDAP Install directory/sbin/idsilist
f) Loading the instance administration tool                         LDAP Install directory/sbin/idsxinst
g) Loading the configuration tool for an instance                    LDAP Install directory/sbin/idsxcfg -I 

==================================
==================================

Launch  WEB Admin Client

Note : Ensure that the Embedded Websphsere Application server was selected during installation .

If you have forgot to select or chose not to install it , it can be done later too ( a post for another time )

Step 1 : Launch the TDS Web App
a) Ensure that the embedded websphere server “server1” is Installed and started
Navigate to /opt/ibm/ldap/V6.3/appsrv/profiles/TDSWebAdminProfile/bin/
To start the webapp ./startServer.sh server1
To stop the webapp ./stopServer.sh server1

b) Once the server1 is started launch the browser
http://10.0.0.10:12100/IDSWebApp/
These are the default credentials for the IDSWebApp
username : superadmin
password : secret

InstallTDS33
c) We need to the add the new TDS instance in the WebApp for management
Click on “Manage Console Servers”

InstallTDS36

d) Click on “Add”


InstallTDS37

Update the hostname , IP address and the port no of the TDS ( We will get from the TDS Administration Tool)

InstallTDS38
InstallTDS39png
  e) Ensure that the TDS instance Server is started (  Steps  to start mentioned above )

InstallTDS30

f) Click Logout

g)  Access the url http://10.0.0.10:12100/IDSWebApp/ again now ,
We will see the Node which we have added

InstallTDS40
h) Enter the login credentials ie “cn=root” And Password ” passord “ which we have set above
InstallTDS41
i) From this web console we can manage the TDS instance
InstallTDS44

 

==================================
==================================
Adding Suffices to the TDS LDAP

Adding Suffices to the LDAP

a) Launch the TDS Configuration tool ( Ensure that you have X11 forwarding to enable the GUI Mode ”

[root@connections sbin]# cd /opt/ibm/ldap/V6.3/sbin/
[root@connections sbin]# ./idsxcfg

InstallTDS45
b) Click on Manage Suffixes

InstallTDS46

Enter dc=ibm,dc=com  ( you can provide your own suffices like dc=myorg,dc=com )
Click Add

InstallTDS47
c ) We need to create an  ldif files which contains the users and groups

Suffix : dc=ibm,dc=com
create a file createUser.ldif
[root@connections V6.3]# vi /opt/ibm/ldap/V8.3/createuser.ldif

you can refer to for sample from the links below

Sample ldif file — 1  for suffix dc=ibm,dc=com
or
Sample ldif file — 2  for suffix   dc=myorg,dc=com

d ) We need to import the ldif files

Click on “Import LDIF Data
Browse the createUser.ldif file
Click Import
If there is any errors in the ldif file it will only load the once which are proper . The duplicate once or the error once will not be loaded

InstallTDS48
It will require the TDS Instance to be stopped .

InstallTDS49

e ) Once the import is completed then start the TDS Instance server
Navigate to Manage server state >> Start Server

InstallTDS50
f ) Validate the imported users in the TDS using the TDS WebApp console
Login to the TDS WebApp console
To validate the import of the users

http://10.0.0.10:12100/IDSWebApp

InstallTDS41

Click on the “Mange entries”

We will see all the users which are loaded from the ldif file .

InstallTDS53

  g) Validating using ldap Browsers
You can use any other Directory browsers avaliable

1)  Extract the Ldap Browser Utility and Launch the lbe.jar

lbe
lbe1
2) Click on File >> New

lbe2

3) Enter a Session Name : I have entered it TDSLDAP

lbe3

4)  Go to connections tab
LdapBrowser1
1) Enter the IP Address, Port No and click Get suffix .
2) Select dc=ibm,dc=com
3) Uncheck Anonymous login
4) Enter username cn=root and password = password
5) Click Save

5)  We will see all the users which are populated in the console

LdapBrowser2

These are the highlevel steps to start and have a running Tivoli Directory Server LDAP 6.3 quickly.

You can customize and change the configs as per your requirement.

To get regular mail updates on my Posts..
Please subscribe to the site http://webspherepundit.com
And also like the Facebook Page
https://www.facebook.com/webspherepundit

Update Websphere App Server Fixpack using “imcl” command line

 Note : This method to update Websphere Application Server can be used for Any WAS version which uses IBM Installation Manager 

Command : ./imcl install

Current Version : WAS ND 8.5.5.0
New Version : WAS ND 8.5.5.1

Procedure
a) Stop All the WAS Processes ( dmgr, Nodeagent , Server ) Also Apply the Fixpack to Dmgr First before applying to other nodes

b) Take the tar backup of the WAS directories, Profiles, IIM, IIM Data ( var/ibm ) etc to revert in case of any issues

c) Check the Current version of the WAS Installation using Installation Manager Command Line : imcl “./imcl listInstalledPackages”

[root@connections tools]# cd /opt/IBM/InstallationManager/eclipse/tools
[root@connections tools]# ./imcl listInstalledPackages
com.ibm.cic.agent_1.8.2001.20150409_1833
com.ibm.websphere.ND.v85_8.5.5000.20130514_1044

The version is WAS ND 8.5.5.0
Imcl

 

d) Check the Path of the WAS installation using “./imcl listInstallationDirectories”

[root@connections bin]# cd /opt/IBM/InstallationManager/eclipse/tools
[root@connections tools]# ./imcl listInstallationDirectories
/opt/IBM/WebSphere/AppServer

Imcl3

 

 

e) Also Check the Version of WAS using “versionInfo.sh”

[root@connections tools]# cd /opt/IBM/WebSphere/AppServer/bin/
[root@connections bin]# ./versionInfo.sh
WVER0010I: Copyright (c) IBM Corporation 2002, 2012; All rights reserved.
WVER0012I: VersionInfo reporter version 1.15.1.48, dated 2/8/12——————————————————————————–
——————————————————————————–
Name IBM WebSphere Application Server Network Deployment
Version 8.5.5.0
ID ND

Imcl2

 

f) Extract the Fixpack zip 8.5.5-WS-WASND-FP0000001-part1.zip & 8.5.5-WS-WASND-FP0000001-part2.zip in the same Folder .

I have extracted it in /IBMsoftware/Fixpacks/WASND_8.5.5.1FP/

 

g) List the Available packages in the fixpack Extracted path ie /IBMsoftware/Fixpacks/WASND_8.5.5.1FP/

Command : ./imcl listAvailablePackages -repositories /IBMsoftware/Fixpacks/WASND_8.5.5.1FP/

[root@connections tools]# ./imcl listAvailablePackages -repositories /IBMsoftware/Fixpacks/WASND_8.5.5.1FP/ com.ibm.websphere.BASE.v85_8.5.5001.20131018_2242
…………………..
com.ibm.websphere.ND.v85_8.5.5001.20131018_2242
………………………..
com.ibm.websphere.NDTRIAL.v85_8.5.5001.20131018_2242
[root@connections tools]#
[root@connections tools]#

Here we can see “com.ibm.websphere.ND.v85_8.5.5001.20131018_2242” Package .. We will upgrade this package as we are using websphere.ND.V8.5.5

Imcl5

 

h) Update the Fixpack using the imcl command
Command: ./imcl install com.ibm.websphere.ND.v85_8.5.5001.20131018_2242 -repositories /IBMsoftware/Fixpacks/WASND_8.5.5.1FP/ -installationDirectory /opt/IBM/WebSphere/AppServer -acceptLicense -sP

[root@connections tools]# ./imcl install com.ibm.websphere.ND.v85_8.5.5001.20131018_2242 -repositories /IBMsoftware/Fixpacks/WASND_8.5.5.1FP/ -installationDirectory /opt/IBM/WebSphere/AppServer -acceptLicense -sP
25%                  50%                     75%                     100%
——————|——————|——————|——————|
…………………………………………:….

Imcl6

 

h) After the completion of the above command .  check the updated version of WAS , it should be WAS 8.5.5.1 now .
We can see that the package is now “com.ibm.websphere.ND.v85_8.5.5001.20131018_2242″

[root@connections ]# cd /opt/IBM/InstallationManager/eclipse/tools/
[root@connections tools]# ./imcl listInstalledPackages
com.ibm.cic.agent_1.8.2001.20150409_1833
com.ibm.websphere.ND.v85_8.5.5001.20131018_2242
[root@connections tools]#

Imcl7

 

i) Check the versionInfo.sh to see if the Version of the WAS has been updated .

[root@connections tools]# cd /opt/IBM/WebSphere/AppServer/bin/
[root@connections bin]# ./versionInfo.sh
WVER0010I: Copyright (c) IBM Corporation 2002, 2012; All rights reserved.
——————————————————————————–Name IBM WebSphere Application Server Network Deployment
Version 8.5.5.1
ID ND ………….

Imcl8

 

j) Start the Dmgr, NodeAgent, WAS Servers after the fixpack updation and check the SystemOut.log to see if there are any errors

This is how we can easily update the fixpack using imcl

 

 

To get regular mail updates on my Posts..
Please subscribe to the site http://webspherepundit.com
And also like the Facebook Page
https://www.facebook.com/webspherepundit

=========================================================================

Multi-hopping with 4 Qmgrs

Just an Extension for Multi-hopping messages between 4  Queue Managers

Reference Links :
1) Distributed MQ communication Part 1
2) Distributed Two Way MQ Communication — Part2
3) MultiHopping with 3 Qmgrs

MultiHopping With 4 Qmgrs

Quick Reference Guide
Multi-hopping with 4 QMGRS , QMA–> QMB–> QMC–> QMD

On Queue Manager QMA
bash-3.2$ crtmqm QMA
bash-3.2$ strmqm QMA
bash-3.2$ runmqsc QMA
DEFINE QLOCAL(QMA.XMITQ) USAGE(XMITQ)
DEFINE CHANNEL(QMA.TO.QMB) CHLTYPE(SDR) CONNAME(‘192.168.111.128(1420)’) XMITQ(QMA.XMITQ)
DEFINE QREMOTE(QMC.RQ) RNAME(QMC.LCQ) RQMNAME(QMC) XMITQ(QMA.XMITQ)
DEFINE QREMOTE(QMD.RQ) RNAME(QMD.LCQ) RQMNAME(QMD) XMITQ(QMA.XMITQ)
START CHANNEL(QMA.TO.QMB)
DISPLAY CHSTATUS(*)On Queue Manager QMBbash-3.2$ crtmqm QMB
bash-3.2$ strmqm QMB
bash-3.2$ runmqsc QMB
DEFINE LISTENER(QMB.LISTENER) TRPTYPE(TCP) PORT(1420) IPADDR(192.168.111.128)
START LISTENER(QMB.LISTENER)
DEFINE CHANNEL(QMA.TO.QMB) CHLTYPE(RCVR)
DEFINE CHANNEL(QMB.TO.QMC) CHLTYPE (SDR) TRPTYPE(TCP) CONNAME(‘192.168.111.128(1421)’) XMITQ(QMB.XMITQ)
DEFINE QLOCAL(QMB.XMITQ) USAGE(XMITQ)– Qmgr Alias for QMC and QMD
DEFINE QREMOTE(QMC) RQMNAME(QMC) RNAME(”) XMITQ(QMB.XMITQ)
DEFINE QREMOTE(QMD) RQMNAME(QMD) RNAME(”) XMITQ(QMB.XMITQ)

START CHANNEL(QMA.TO.QMB)
START CHANNEL(QMB.TO.QMC)
DISPLAY CHSTATUS(*)
DISPLAY LSSTATUS(*)

On Queue Manager QMC

bash-3.2$ crtmqm QMC
bash-3.2$ strmqm QMC
bash-3.2$ runmqsc QMC
DEFINE LISTENER(QMC.LISTENER) TRPTYPE(TCP) PORT(1421) IPADDR(192.168.111.128)
START LISTENER(QMC.LISTENER)
DEFINE CHANNEL(QMB.TO.QMC) CHLTYPE(RCVR) TRPTYPE(TCP)
DEFINE CHANNEL(QMC.TO.QMD) CHLTYPE (SDR) TRPTYPE(TCP) CONNAME(‘192.168.111.128(1422)’) XMITQ(QMC.XMITQ)
DEFINE QLOCAL(QMC.XMITQ) USAGE(XMITQ)

— Qmgr Alias of QMD
DEFINE QREMOTE(QMD) RQMNAME(QMD) RNAME(”) XMITQ(QMC.XMITQ)
DEFINE QLOCAL(QMC.LCQ)
START CHANNEL(QMB.TO.QMC)
START CHANNEL(QMC.TO.QMD)
DISPLAY CHSTATUS(*)
DISPLAY LSSTATUS(*)

On Queue Manager QMD

bash-3.2$ crtmqm QMD
bash-3.2$ strmqm QMD
bash-3.2$ runmqsc QMD
DEFINE LISTENER(QMD.LISTENER) TRPTYPE(TCP) PORT(1422) IPADDR(192.168.111.128)
START LISTENER(QMD.LISTENER)
DEFINE CHANNEL(QMC.TO.QMD) CHLTYPE(RCVR) TRPTYPE(TCP)
DEFINE QLOCAL(QMD.LCQ)
START CHANNEL(QMC.TO.QMD)
DISPLAY CHSTATUS(*)
DISPLAY LSSTATUS(*)

Testing of MultiHopping on 4 Qmgrs

bash-3.2$ /opt/mqm/samp/bin/amqsput QMD.RQ QMA
Sample AMQSPUT0 start
target queue is QMD.RQ
This is 4 hopping qmgr

Sample AMQSPUT0 end

bash-3.2$ /opt/mqm/samp/bin/amqsget QMD.LCQ QMD
Sample AMQSGET0 start
message

 

MultiHopping with 3 Websphere MQ Qmgrs

Requirement : To set up a minimal steps for a Two Way MQ communication between two queue managers ie From QMA to  QMB & From QMB to QMC

Reference Links :
1) Distributed MQ communication Part 1
2) Distributed Two Way MQ Communication — Part2

Passing the messages between more than one intermediate queue managers is called Multi-Hopping. Multi-hopping occurs when a message needs to traverse one or more queue-managers in order to reach the destination queue-manager.

The Setup in which a QMGR is networked with the next QMGR which is networked to the next QMGR ie  (QMA -> QMB -> QMC -> QMD -> QME).

If a message is created on QMA, and the destination queue-manager is on QME, then the message must flow from QMB to QMC, to QMD to QME.

QMB and QMC will need a queue-manager aliases since they are non-adjacent (don’t have a transmission queue) to the destination queue-manager.

QMB needs a definition to move the message from QMB to the next hop QMC. and so on

So, when the message arrives on QMB, a queue-manager alias must exist to resolve the queue-manager name in the XQH (transmission queue header):
DEF QR(QME) RQMname(QME) XMITQ(QMC).

This definition tells the MCA (message channel agent) on QMB to move the message to transmission queue named QMC, so that the message will be sent to QMC.

When the message arrives on QMC, again a queue-manager alias will be need to be defined  to move the message to a transmission queue named QMD:
DEF QR(QME) RQMname(QME) XMITQ(QMD).

So QMA doesn’t know any thing about QME so by defining the QM alias the message is reached to the destination QME.

The only thing and the only route that QMA knows is how to get to QMB. Everything else is resolved at QMB. So as long as QMB is *secured*, then no application can send messages to QMC without going through QMB
Env Architecture :
OS : Linux Redhat 5.6
MQ Version : 7.0

Capture1

Quick Reference Commands  for Multi Hopping with 3 QMGRS

On Queue Manager QMA

bash-3.2$crtmqm QMA
bash-3.2$strmqm QMA
bash-3.2$ runmqsc QMA
DEFINE QLOCAL(QMA.XMITQ) USAGE(XMITQ)
DEFINE CHANNEL(QMA.TO.QMB) CHLTYPE(SDR) CONNAME(‘192.168.111.128(1420)’) XMITQ(QMA.XMITQ)
DEFINE QREMOTE(QMC.RQ) RNAME(QMC.LCQ) RQMNAME(QMC) XMITQ(QMA.XMITQ)
START CHANNEL(QMA.TO.QMB)
DISPLAY CHSTATUS(*)

On Queue Manager QMB

bash-3.2$crtmqm QMB
bash-3.2$strmqm QMB
bash-3.2$ runmqsc QMB
DEFINE CHANNEL(QMA.TO.QMB) CHLTYPE(RCVR)
DEFINE QLOCAL(QMB.XMITQ) USAGE(XMITQ)
DEFINE LISTENER(QMB.LISTENER) TRPTYPE(TCP) PORT(1420) IPADDR(192.168.111.128)
START LISTENER(QMB.LISTENER)
DEFINE CHANNEL(QMB.TO.QMC) CHLTYPE (SDR) TRPTYPE(TCP) CONNAME(‘192.168.111.128(1421)’) XMITQ(QMB.XMITQ)

— Qmgr Alias needs to be set in the QMB

DEFINE QREMOTE(QMC) RQMNAME(QMC) RNAME(”) XMITQ(QMB.XMITQ)
START CHANNEL(QMA.TO.QMB)
START CHANNEL(QMB.TO.QMC)
DISPLAY CHSTATUS(*)
DISPLAY LSSTATUS(*)

On Queue Manager QMC

bash-3.2$crtmqm QMC
bash-3.2$strmqm QMC
bash-3.2$ runmqsc QMC
DEFINE LISTENER(QMC.LISTENER) TRPTYPE(TCP) PORT(1421) IPADDR(192.168.111.128)
DEFINE CHANNEL(QMB.TO.QMC) CHLTYPE(RCVR) TRPTYPE(TCP)
START LISTENER(QMC.LISTENER)
DEFINE QLOCAL(QMC.LCQ)
START CHANNEL(QMB.TO.QMC)
DISPLAY CHSTATUS(*)
DISPLAY LSSTATUS(*)

Testing of MultiHopping

bash-3.2$ pwd
/opt/mqm/samp/bin
bash-3.2$ ./amqsput QMC.RQ QMA
Sample AMQSPUT0 start
target queue is QMC.RQ
This is a test

Sample AMQSPUT0 end
bash-3.2$ ./amqsbcg QMC.LCQ QMC

 

To get automated mail updates of my Posts..
Please subscribe to the site http://webspherepundit.com
And also like the Facebook Page
https://www.facebook.com/webspherepundit