HCL Commerce Version 9.1.5.0 or later

Habilitación de la seguridad con depósitos federados

Para utilizar HCL Commerce con LDAP, debe configurar la seguridad administrativa de WebSphere Application Server con depósitos federados. Los depósitos federados constan de uno o varios servidores LDAP y un depósito integrado, basado en archivos.

El depósito basado en archivos almacena el usuario administrativo primario de WebSphere Application Server. Incluso aunque el servidor LDAP no esté disponible, el usuario administrativo primario puede conectarse de todos modos a la consola administrativa de WebSphere Application Server.

Antes de empezar

Asegúrese de llevar a cabo las siguientes tareas:

  • Asegúrese de que se ha iniciado la base de datos.
  • Asegúrese de que el servidor LDAP se haya iniciado.
  • HCL Commerce DeveloperHCL Commerce Version 9.1.6.0 or laterAsegúrese de que WebSphere Application Server se está ejecutando.
  • HCL Commerce DeveloperHCL Commerce Version 9.1.6.0 or laterSi utiliza SSL con el servidor LDAP, asegúrese de que la seguridad administrativa de WebSphere Application Server se habilite utilizando el registro basado en archivos. Si la seguridad administrativa no está habilitada, se producirá un error en los scripts de configuración.
  • Si tiene la intención de establecer HCL Commerce para conectarse con varios servidores LDAP, consulte los pasos de configuración de ejemplo que se muestran en Federar dos servidores LDAP con una organización raíz común.
Importante:
  • HCL Commerce no da soporte a la retrotracción para utilizar el depósito de la base de datos después de configurar HCL Commerce para utilizar un depósito LDAP.
  • La integración LDAP de HCL Commerce se implementa en la versión 9.1.5. Asegúrese de que está utilizando esta versión de HCL Commerce o una superior.

Por qué y cuándo se efectúa esta tarea

La integración LDAP de HCL Commerce es compatible con los siguientes tipos de servidor LDAP:
  • IBM Security Directory Server
  • Servidor compatible con LDAP v3 personalizado

Procedimiento

Complete los pasos siguientes para habilitar la seguridad de WebSphere Application Server con depósitos federados:
  1. Copie el archivo vmm.properties de la ubicación siguiente en el contenedor ts-app o ts-utils.
    • Ubicación en el contenedor ts-app: /SETUP/ldap/properties
    • Ubicación en el contenedor ts-utils: /opt/WebSphere/CommerceServer90/components/ldap/properties
  2. Actualice el archivo vmm.properties con la información LDAP necesaria. 
    For example:
#
# -----------------------------------------------------------------
# Licensed Materials - Property of HCL Technologies
#
# HCL Commerce
#
# (C) Copyright HCL Technologies Limited 1996, 2020
# -----------------------------------------------------------------
#
# LDAP server type
#     Accepted values: (IDS, DOMINO, SUNONE, AD, NDS, CUSTOM)
#         IDS = IBM Security Directory Server
#         DOMINO = IBM Lotus Domino
#         SUNONE = Sun Java System Directory Server
#         AD = Microsoft Windows Active Directory
#         NDS = Novell Directory Services
#         CUSTOM=A custom Directory Server
#--------------------------------------------------------
vmm.ldapType=IDS

# Fully qualified LDAP server host name or IP address
#--------------------------------------------------------
vmm.ldapHost=123.456.789.210

# LDAP server port number
#--------------------------------------------------------
vmm.ldapPort=389

# Specifies whether the LDAP server requires an SSL connection

# 	Accepted values are: (true, false)
#--------------------------------------------------------
vmm.ldapWithSSL=false

# The keystore file path for SSL commnication to LDAP
#--------------------------------------------------------
vmm.keystorePath=

# The keystore password 
# (To avoid decrypting warnings in the log, it is strongly recommended to use 
# the ASCII encrypted string generated from the <WCInstallDir>/bin/wcs_encrypt.bat 
# command without the merchant key option.)
#--------------------------------------------------------
vmm.keystorePassword=

# LDAP search base distinguished name, must be lower case
#--------------------------------------------------------
vmm.baseDN=o=root organization

# LDAP bind distinguished name, must be lower case
#--------------------------------------------------------
vmm.bindDN=cn=root

# LDAP bind password XOR encoded by WAS PropFilePasswordEncoder utility
# For example: {xor}Lz4sLChvLTs=
#
# Needed for Runtime Environment.
#--------------------------------------------------------
vmm.xorBindPassword={xor}Lz4sLChvLTs=

# LDAP bind password
# (To avoid decrypting warnings in the log, it is strongly recommended to use 
# the ASCII encrypted string generated from the <WCInstallDir>/bin/wcs_encrypt.bat 
# command without the merchant key option.)
#
# Needed for Development Environment.
#--------------------------------------------------------
vmm.bindPassword=MVDKlJXqsnF6jaJjqJFu0+EaHcS1e7lZc1Iran+Ms8Q=

# A full DN that maps to the HCL Commerce root organization; must be lower case.
#--------------------------------------------------------
vmm.rootOrgDN=o=root organization

# A full DN that maps to the HCL Commerce default organization; must be lower case.
#--------------------------------------------------------
vmm.defaultOrgDN=o=default organization,o=root organization

# Specifies the property names to use to log into the application server.
# This field takes multiple login properties, delimited by a semicolon (;).
# For example, uid;mail. All login properties are searched during login.
# If multiple entries or no entries are found, an exception is thrown.
# For example, if you specify the login properties as uid;mail and the login ID as Bob,
# the search filter searches for uid=Bob or mail=Bob. When the search returns a single entry,
# then authentication can proceed. Otherwise, an exception is thrown.
#--------------------------------------------------------
vmm.ldapLoginProp=uid

# The realm name, default to WC_<instanceName>_Realm.
#--------------------------------------------------------
vmm.realmName=myrealm

# The primary admin user id for the administrative security.
# If global security is already enabled, input the primary user
# currently using.
# Otherwise, input a user which does not exist in the federated
# repositories, the tool will create it into the WebSphere Application
# Server built-in file base user repository.
#--------------------------------------------------------
vmm.primaryAdminId=configadmin

# The primary admin user password for the administrative security.
# (To avoid decrypting warnings in the log, it is strongly recommended to use 
# the ASCII encrypted string generated from the <WCInstallDir>/bin/wcs_encrypt.bat 
# command without the merchant key option.)
#
# This is used by Toolkit.  In Runtime, it's retrieved from a local file
#--------------------------------------------------------
vmm.primaryAdminPwd=Ntjz8goyUYB8qplNy78MOBiIbv9pKAviyQYk5S/O6xY=

# The Commerce test server name on toolkit, 
# Old name: WebSphere Commerce Test Server
# New name: HCL Commerce Test Server 
# The default name is HCL Commerce Test Server, if you use the old test server name, 
# please set the property to the old name.
#--------------------------------------------------------
commerceTestServerName=WebSphere Commerce Test Server

# LDAP user search filter, needed when vmm.ldapType=CUSTOM
#--------------------------------------------------------
vmm.ldapUserFilter=(&(uid=%v)(objectclass=inetOrgPerson))

# LDAP user prefix, needed when vmm.ldapType=CUSTOM
(for example, uid)
#--------------------------------------------------------
vmm.userPrefix=uid

# LDAP organization prefix (for example, o)
# Needed when vmm.ldapType=CUSTOM
#--------------------------------------------------------
vmm.orgPrefix=o

# LDAP organizational unit prefix, needed when vmm.ldapType=CUSTOM
# (for example, ou)
#--------------------------------------------------------
vmm.orgUnitPrefix=ou

# LDAP user object class, needed when vmm.ldapType=CUSTOM
# (for example, inetOrgPerson)
#--------------------------------------------------------
vmm.userObjClass=inetOrgPerson

# LDAP organization object class, needed when vmm.ldapType=CUSTOM
# (for example, organization)
#--------------------------------------------------------
vmm.orgObjClass=organization

# LDAP organizational unit object class, needed when vmm.ldapType=CUSTOM
# (for example, organizationalUnit)
#--------------------------------------------------------
vmm.orgUnitObjClass=organizationalUnit

# LDAP administrator distinguished name 
# @deprecated
#--------------------------------------------------------
vmm.ldapAdminDN=

# LDAP administrator password
# (To avoid decrypting warnings in the log, it is strongly recommended to use 
# the ASCII encrypted string generated from the <WCInstallDir>/bin/wcs_encrypt.bat 
# command without the merchant key option.)
# @deprecated
#--------------------------------------------------------
vmm.ldapAdminPassword=
  3. Habilite LDAP en la base de datos completando los pasos siguientes:
    1. Copie el archivo vmm.properties en el contenedor de utilidades. 
      For example:
docker cp vmm.properties bvt_utils_1:/opt/WebSphere/CommerceServer90/components/ldap/properties

    2. Ejecute el siguiente mandato para habilitar LDAP en la base de datos: 
      ./config_ant.sh -buildfile ../components/common/xml/enableFeature.xml -DWCInstallDir=/opt/WebSphere/CommerceServer90 -DinstanceName=demo -DfeatureName=ldap   -DdbType=<dbType>  -DdbHostname=<dbHost>  -DdbName=<dbName> -DdbServerPort=<dbPort> -DdbUserName=<dbUserName> -DdbUserPassword=<dbUserPassword> -DdbaName=<dbaName> -DdbaPassword=<dbaPassword> -DschemaName=<schemaName> -DjdbcDriver=<jdbcDriver> -DjdbcDriverLocation=<jdbcDriverLocation> -DjdbcURL=<jdbcUrl> Dloggerconfigfile=/opt/WebSphere/CommerceServer90/instances/demo/xml/loader/WCALoggerConfig.xml -Derrordirectory=/opt/WebSphere/CommerceServer90/instances/demo/logs
      For example:
./config_ant.sh -buildfile ../components/common/xml/enableFeature.xml -DWCInstallDir=/opt/WebSphere/CommerceServer90 -DinstanceName=demo -DfeatureName=ldap   -DdbType=db2  -DdbHostname=db  -DdbName=mall -DdbServerPort=50000 -DdbUserName=wcs -DdbUserPassword=wcs1 -DdbaName=db2inst1 -DdbaPassword=diet4coke -DschemaName=wcs -DjdbcDriver=com.ibm.db2.jcc.DB2Driver -DjdbcDriverLocation=/opt/WebSphere/CommerceServer90/lib/db2jcc4-4.19.26.jar -DjdbcURL=jdbc:db2://db:50000/mall -Dloggerconfigfile=/opt/WebSphere/CommerceServer90/instances/demo/xml/loader/WCALoggerConfig.xml -Derrordirectory=/opt/WebSphere/CommerceServer90/instances/demo/logs
  4. Cree la imagen de Docker personalizada de ts-app para habilitar LDAP siguiendo estos pasos:
    1. Añada enable LDAP a custConfiguration.sh. 
      For example:
#!/bin/bash
/SETUP/bin/enableLDAP.sh
    2. Complete los siguientes cambios en el archivo de Docker:
      • Copie el archivo vmm.properties a /SETUP/ldap/properties.
      • Copiar custConfiguration.sh en /SETUP/bin/custConfiguration.sh.
      • Cambie los permisos del archivo a 755.
      For example:
COPY vmm.properties /SETUP/ldap/properties
COPY custConfiguration.sh /SETUP/bin
RUN chmod 755 /SETUP/bin/custConfiguration.sh
    3. Cree la imagen de Docker personalizada ts-app.

Resultados

WebSphere Application Server La seguridad administrativa con depósitos federados ya está configurada.