How to configure WebSphere Global Security to use LDAP with Jython

Here's a script that I used to configure the WebSphere 6.1 global security setting to use LDAP using Jython.

# Properties
username = "user"
password = "pass"
ldapServer = "somecompany.com"
ldapPort = "389"

# Configure the LDAP authentication
AdminConfig.save(); # This needs to happen so you can write to the Security file.
ltpa = AdminConfig.list("LTPA");
ldapUserRegistry = AdminConfig.list("LDAPUserRegistry");
params = [];
params.append(["primaryAdminId", username]);
params.append(["useRegistryServerId", "false"]);
params.append(["type", "ACTIVE_DIRECTORY"]);
params.append(["realm", ldapServer + ":" + ldapPort]);
params.append(["baseDN", "DC=somecompany,DC=com"]);
params.append(["bindDN", "CN=" + username + ",OU=Service Accounts,DC=somecompany,DC=com"]);
params.append(["bindPassword", password]);
AdminConfig.modify(ldapUserRegistry, params);
# Configure the LDAP Advanced Settings
ldapSearchFilter = AdminConfig.list("LDAPSearchFilter");
params = [];
params.append(["userFilter", "(&(sAMAccountName=%v)(objectcategory=user))"]);
params.append(["groupFilter", "(&(cn=%v)(objectcategory=group))"]);
params.append(["userIdMap", "user:sAMAccountName"]);
params.append(["groupIdMap", "*:cn"]);
params.append(["groupMemberIdMap", "memberof:member"]);
params.append(["certificateMapMode", "EXACT_DN"]);
params.append(["certificateFilter", ""]);
AdminConfig.modify(ldapSearchFilter, params);
# Configure the LDAP endpoint.
endpointStr = AdminConfig.showAttribute(ldapUserRegistry, "hosts");
endpointStr = endpointStr[1:len(endpointStr)-1];
endpoint = endpointStr.split(' ')[0];
print endpoint
params = [];
params.append(["host", ldapServer]);
params.append(["port", ldapPort]);
AdminConfig.modify(endpoint, params);

# Configure Global Security
security = AdminConfig.list("Security") # ex. (cells/CompNode10Cell|security.xml#Security_1)
params = [];
params.append(["enabled", "true"]);
params.append(["appEnabled", "true"]);
params.append(["enforceJava2Security", "false"]);
params.append(["activeUserRegistry", ldapUserRegistry]);
params.append(["activeAuthMechanism", ltpa]);
AdminConfig.modify(security, params);

# Save Config at the end.
AdminConfig.save();

2 thoughts on “How to configure WebSphere Global Security to use LDAP with Jython”

  1. Wow – great script, exactly what I was looking for! One question though, In a SSL enabled config – there are some more properties (apart from switching port) that you haven’t given an example of. That is setting “SSLEnabled” and then defining the SSL alias to use (at the bottom of the page in the NDMgr GUI – do you know how to set those two things?

Leave a Reply