Change LDAP server name for a WPS 6 server

Today one of the portal administrators in my team was trying to reconfigure the LDAP server being used by an existing WebSphere Portal v6 install. The specific reconfiguration that he was doing was extremely simple - he was replacing one LDAP server with another identically configured LDAP server - so the only change was the name of the LDAP server. We were able to perform this change without disabling/re-enabling security in WebSphere Portal.

You end up changing two files to change the LDAP server name -

• security.xml: This file reconfigures the LDAP server being used by WebSphere Application Server. You can find this file in ${WP_PROFILE_ROOT}\config\cells\. You change the LDAP server name (highlighted in red) in the following lines -

ldap_server_name:389″ limit=”0″ ignoreCase=”true” type=”CUSTOM” sslEnabled=”true” sslConfig=”test/DefaultSSLSettings” baseDN=”dc=com” bindDN=”wpsbind_dn” bindPassword=”{xor}wpsbind_pwd” searchTimeout=”120″ reuseConnection=”true”>

ldap_server_name” port=”389″/>

• wmm.xml: This file reconfigures the LDAP server being used by WebSphere Portal WMM component. You can find this file in ${WP_SERVER_ROOT}\wmm. You change the LDAP server name (highlighted in red) in the following XML snippet -

UUID=”LDAP1″
adapterClassName=”com.ibm.ws.wmm.ldap.ibmdir.IBMDirectoryAdapterImpl”
supportDynamicAttributes=”false”
configurationFile=”wmmLDAPServerAttributes.xml”
wmmGenerateExtId=”false”
supportGetPersonByAccountName=”true”
profileRepositoryForGroups=”LDAP1″
supportTransactions=”false”
adminId=”admin_dn”
adminPassword=”admin_pwd”
ldapHost=”ldap_server_name“
ldapPort=”389″
ldapTimeOut=”6000″
ldapAuthentication=”SIMPLE”
ldapType=”0″
sslEnabled=”true”
sslTrustStore=”C:\WebSphere\AppServer\etc\DummyServerTrustFile.jks”
dirContextsMaxSize=”20″
dirContextsMinSize=”5″
dirContextTimeToLive=”-1″
cacheGroups=”false”
groupsCacheTimeOut=”600″
cacheAttributes=”true”
attributesCacheSize=”2000″
attributesCacheTimeOut=”600″
cacheNames=”true”
namesCacheSize=”2000″
namesCacheTimeOut=”600″>

Once you have changed the LDAP server name in these two files to match the new server name, restart WebSphere Portal and you should be set to go.

Open up SystemOut.log in ${WP_SERVER_ROOT}\log and look for the following line during server startup to verify that you are using the new LDAP server -

[6/18/08 12:10:34:690 CDT] 0000000a LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server ldap://wpsldap:389.

In our case, the LDAP server name is “wpsldap”.

IMP TIP: In our test environments, we usually follow the practice of using virtual host names for the LDAP and database server. Rather than configuring the actual host names of the LDAP and database server being used by a given WebSphere Portal server, we use hosts file entries on Windows that configure wpsldap and wpsdb to point to the IP addresses of the relevant LDAP and database servers. Whenever we need to reconfigure a test WP server to use a different LDAP/database server, all we need to do is change the IP address in the hosts file to point to the new server.