Portal Server seems to be little complicated, but if if all parameters are correct in wpsconfig.properties, you will get error max twice or thrice :)
1. Change Dirctory to
c:\W\P\
2. Disable portal security
wpsconfig.bat disable-security
3. Enable Portal Security with Customized registry ( LDAP / ITDS / Active directory and more .. )
wpsconfig.bat enable-security-wmmur-ldap
sample wpsconfig.properties
##############################################################################
#
# WebSphere Portal configuration file
#
# key = value
#
# NOTE: Do NOT enclose any value in quotes!
# NOTE: Windows paths must use '/', not '\'.
# NOTE: Windows long paths are OK.
# NOTE: Properties are immutable. Once set, they cannot be overriden.
# Precedence is as follows, in decending order:
# Properties set on command line are read first (-DMyNode=somenode)
# Properties set in properties file are read next,
# Properties set in buildfile file are read last.
#
###############################################################################
###############################################################################
# Save Parent Properties
#
# The SaveParentProperties property indicates that upon successful task
# execution using properties from a parent file specified by the
# parentProperties property, those properties should be copied into the
# main configuration properties file so that it will reflect the current
# state. The default value (if the property is not defined) is True.
###############################################################################
SaveParentProperties=True
###############################################################################
# WebSphere Application Server Properties - BEGIN
###############################################################################
# VirtualHostName: The name of the WebSphere Application Server virtual host
VirtualHostName=default_host
# WasAdminServer: The name of the WebSphere Application Server administration server (server1)
WasAdminServer=server1
# WasHome: The directory where WebSphere Application Server product files are installed
WasHome=d:/W/A
# WasUserHome: The directory where WebSphere Application Server user data is created
WasUserHome=d:/W/A
# WasUserid: The user ID for WebSphere Application Server security authentication
# WMMUR DB: WasUserid=
# See LDAP examples below:
# IBM Directory Server: { uid=
# Domino: { cn=
# Active Directory: { cn=
# Active Directory AM: { cn=
# SunOne: { uid=
# Novell eDirectory { uid=
#WasUserid=wpsadmin
WasUserid=cn=wpsdevbind,ou=ServiceAccounts,o=**Organization**
# WasPassword: The password for WebSphere Application Server security authentication (LDAP and CUR)
WasPassword=de32wsxc
# WpsInstallLocation: The directory where WebSphere Portal is installed
WpsInstallLocation=d:/W/P
# PrimaryNode: This key is required if the configuration runs in a clustered environment.
# true: (default): it is the master node
# false it is not the master node
# Please be careful of changing this property.
PrimaryNode=true
# Define the Cluster Name
# Do not use spaces
ClusterName=PortalCluster
# Dynamic cache service
# Push frequency in seconds, default=1
PushFrequency=1
# Dynamic cache service
# Replication type, default=PUSH
ReplicationType=PUSH
# Define the Host Name of the Deployment Manager Node
DMgrHostName=
# Define the SOAP Port of the Deployment Manager Node
DMgrSoapPort=8879
# CellName: The name of the WebSphere Application Server Cell
CellName=dev-u
# NodeName: The name of WebSphere Application Server Node
NodeName=dev-u
# ServerName: The name of application server for WebSphere Portal
ServerName=WebSphere_Portal
# **Required for z/OS only**
# ServerShortName is the server's jobname, as specified in the MVS
# START command JOBNAME parameter. This value is also passed as a
# parameter to the server's start procedures to specify the location of
# the server's configuration files and identify the server to certain
# WebSphere for z/OS- exploited z/OS facilities (for example, SAF).
# The name must be 7 or fewer characters and all uppercase.
ServerShortName=BBOS002
# **Required for z/OS only**
# ClusterTransitionName is the WLM APPLENV (WLM application environment)
# name for this server.The name must be 8 or fewer characters and all
# uppercase.
ClusterTransitionName=BBOC002
# WpsHostName: The name of the WebSphere Portal host or the name of the Web server
# For example: http://
# For example "localhost" in the URL: http://localhost:80/wps/portal
WpsHostName=dev-utility02.ads.**Organization**.com
# WpsHostPort: The port used by WebSphere Portal or the Web server port
# For example: http://
# For example "80" in the URL: http://localhost:80/wps/portal
WpsHostPort=10038
# WpsSoapPort: The SOAP port used by WebSphere Portal Server
# Note: This property may not be used to reconfigure the SOAP port.
# This value is set by the basic configuration task of WebSphere Portal .
WpsSoapPort=10033
# **Required for iSeries only**
#The port block that will be used for WebSphere Portal Server
WpsHostBasePort=30230
# XmlAccessHost: The name of the local WebSphere Portal host
# Note: Should not be necessary to modify
XmlAccessHost=localhost
# XmlAccessPort: The port used by the XMLAccess configuration task to connect the XMLAccess server
# Note: This property may not be used to reconfigure the XmlAccessPort port.
# The value is set by the basic configuration task of WebSphere Portal .
XmlAccessPort=10038
# XmlAccessProtocol: The protocol used to connect to the XMLAccess server
# Can be set to 'http' or 'https' depending on security configuration
XmlAccessProtocol=http
# WpsAppName: The WebSphere Portal application name
WpsAppName=wps
# WpsContextRoot: The WebSphere Portal context root
# For example: http://
# For example "wps" in the URL: http://localhost:80/wps/portal
WpsContextRoot=wps
# WsrpContextRoot: The context root for Web Services for Remote Portlets
WsrpContextRoot=wsrp
# WpsDefaultHome: The WebSphere Portal default home
# For example: http://
# For example "portal" in the URL: http://localhost:80/wps/portal
WpsDefaultHome=portal
# WpsPersonalizedHome: The WebSphere Portal personalized home
# For example: http://
# For example "myportal" in the URL: http://localhost:80/wps/myportal
WpsPersonalizedHome=myportal
# ContentAccessServiceProxyHost: The HTTP proxy host used by the Content Access Service
ContentAccessServiceProxyHost=
# ContentAccessServiceProxyPort: The HTTP proxy port used by the Content Access Service
ContentAccessServiceProxyPort=
# **Required for z/OS only**
# SMFLibrary: The library where the ibmzos.jar file resides
SMFLibrary=
# **Required for z/OS only**
# SMFNativeLibrary: The library where the SMF DLLs reside
SMFNativeLibrary=
# **Required for z/OS only**
# WpsSMPEHomeDirectory: WebSphere Portal for z/OS SMP/E home directory
WpsSMPEHomeDirectory=
###############################################################################
# WebSphere Application Server Properties - END
###############################################################################
###############################################################################
# Java Properties - BEGIN
###############################################################################
# JavaHome: The directory where the WebSphere Application Server Java is installed
# On z/OS, WebSphere Application Server does not ship its own Java. Therefore,
# set JavaHome to the system Java home, e.g., /usr/lpp/java/J1.3.
JavaHome=d:/W/A/java
# DbtJavaMaxMemory: This is the max memory setting used by ANT in the transfer of
# domain data during the database transfer task.
# Recommended Value: 512M
DbtJavaMaxMemory=512M
###############################################################################
# Java Properties - END
###############################################################################
###############################################################################
# Portal Config Properties - BEGIN
###############################################################################
# PortalAdminId: The user ID for the WebSphere Portal Administrator
# DEV (No security): PortalAdminId=
# WMMUR DB: PortalAdminId=
# See LDAP examples below:
# IBM Directory Server: { uid=
# Domino: { cn=
# Active Directory: { cn=
# Active Directory AM: { cn=
# SunOne: { uid=
# Novell eDirectory { uid=
PortalAdminId=cn=wpsdevbind,ou=ServiceAccounts,o=**Organization**
# PortalAdminPwd: The password for the WebSphere Portal Administrator
PortalAdminPwd=de32wsxc
# PortalAdminGroupId: The group ID for the WebSphere Portal Administrator group
# DEV (No security): PortalAdminGroupId=
# WMMUR DB: PortalAdminGroupId=
# See LDAP examples below:
# IBM Directory Server: { cn=
# Domino: { cn=
# Active Directory: { cn=
# Active Directory AM: { cn=
# SunOne: { cn=
# Novell eDirectory { cn=
#PortalAdminGroupId=cn=wpsadmins,O=**Organization**
#PortalAdminGroupId=
PortalAdminGroupId=cn=wpsdevadmins,ou=ServiceAccounts,o=**Organization**
# PortalUniqueID: The 12 hex digits unique to this WebSphere Portal instance.
# Usually a MAC address from a communications adapter on this node.
# It is used for the object ID creation mechanism and has to be different for each node.
# Only nodes running on one machine may have the same PortalUniqeID.
PortalUniqueID=0050563580BE
# CmConfigured: Indicates whether content management functions are configured.
CmConfigured=true
# WtpConfigured: Indicates whether transcoding functions are configured.
WtpConfigured=false
# WpsContentAdministrators: The group ID for the WebSphere Content Administrator group
# DEV (No security): WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization
# WMMUR DB: WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization
# See LDAP examples below:
# IBM Directory Server: { cn=wpsContentAdministrators,cn=groups,dc=yourco,dc=com }
# Domino: { cn=wpsContentAdministrators }
# Active Directory: { cn=wpsContentAdministrators,cn=groups,dc=yourco,dc=com }
# Active Directory AM: { cn=wpsContentAdministrators,cn=groups,dc=yourco,dc=com }
# SunOne: { cn=wpsContentAdministrators,ou=groups,o=yourco.com }
# Novell eDirectory { cn=wpsContentAdministrators,ou=groups,o=yourco.com }
#WpsContentAdministrators=cn=wpsContentAdministrators,o=default organization
#WpsContentAdministrators=cn=wpsadmins,O=**Organization**
WpsContentAdministrators=cn=wpsdevContentAdministrators,ou=ServiceAccounts,o=**Organization**
# WpsContentAdministratorsShort: The WebSphere Content Administrators group ID
#WpsContentAdministratorsShort=wpsadmins
WpsContentAdministratorsShort=wpsdevContentAdministrators
# WpsDocReviewer: The group ID for the WebSphere Document Reviewer group
# DEV (No security): WpsDocReviewer=cn=wpsDocReviewer,o=default organization
# WMMUR DB: WpsDocReviewer=cn=wpsDocReviewer,o=default organization
# See LDAP examples below:
# IBM Directory Server: { cn=wpsDocReviewer,cn=groups,dc=yourco,dc=com }
# Domino: { cn=wpsDocReviewer }
# Active Directory: { cn=wpsDocReviewer,cn=groups,dc=yourco,dc=com }
# Active Directory AM: { cn=wpsDocReviewer,cn=groups,dc=yourco,dc=com }
# SunOne: { cn=wpsDocReviewer,ou=groups,o=yourco.com }
# Novell eDirectory { cn=wpsDocReviewer,ou=groups,o=yourco.com }
#WpsDocReviewer=cn=wpsDocReviewer,o=default organization
#WpsDocReviewer=cn=wpsadmins,O=**Organization**
WpsDocReviewer=cn=wpsdevDocReviewer,ou=ServiceAccounts,o=**Organization**
# WpsDocReviewerShort: The WebSphere Document Reviewer group ID
#WpsDocReviewerShort=wpsDocReviewer
#WpsDocReviewerShort=wpsadmins
WpsDocReviewerShort=wpsdevDocReviewer
###############################################################################
# Portal Config Properties - END
###############################################################################
###############################################################################
# Dependency Checking Properties - BEGIN
###############################################################################
# CheckVersions: This value should be false is used to disable dependency rules based validation.
# A false value should only be used in order to bypass validation when a valid configuration
# is indicated as invalid. Most of the dependency rules based validation deals with
# checking versions of installed components (for example WebSphere Application Server)
# { true | false }
# On z/OS, must be set to false.
CheckVersions=true
# DependencyRulesDirectory: This is used to specify a location of a unique set of
# rules to use for dependency rules based validation tasks during configuration.
# This should very rarely be necessary. However, if you used special rules
# during the installation process and some of the rules need to be used during
# configuration-time validation as well, you would use this property.
#DependencyRulesDirectory=path_to_rules_directory
###############################################################################
# Dependency Checking Properties - END
###############################################################################
###########################################
# PORTAL INFO SEQUENCE
###########################################
# DcsRemoteHost: URL of remost host that provides Document Conversion Services
# eg: DcsRmoteHost=http://myremotehost1:9080/dcs/dcs
DcsRemoteHost=http://remotehostname:9080/dcs/dcs
# SpellCheckHost: Hostname of remote system that provides spell checking function
# Use this property in conjunction with SpellCheckPort to delegate spell checking to a remote host
SpellCheckHost=remotehostname
# SpellCheckPort: Port number on remote host where Spell Checker will listen
# Use this property in conjunction with SpellCheckHost to delegate spell checking to a remote host
SpellCheckPort=9080
##################################################################
# DB2 Content Manager Runtime Edition Database Properties - BEGIN
##################################################################
# Directory for DB2 Content Manager Runtime Edition's dynamic DDL files
JcrGeneratedDDLPath=${WpsInstallLocation}/jcr/config/dynamic
# Directory for DB2 Content Manager Runtime Edition's binary value files
JcrBinaryValueFileDir=${WpsInstallLocation}/jcr/binaryValues
# Debug level for DB2 Content Manager Runtime Edition database utilities
JcrDebugLevel=2
# JcrDbUnicode: Indicates whether or not the DB2 Content Manager Runtime Edition database is unicode.
# Y: is unicode
# N: is NOT unicode
JcrDbUnicode=Y
# JcrBPCServerName: The name of application server with a configured
# Business Process Container
JcrBPCServerName=server1
# JcrJMSJAASUser: The user for the Promote J2C alias
JcrJMSJAASUser=ReplaceWithYourJMSUserId
# JcrJMSJAASPassword: The password for the Promote J2C alias
JcrJMSJAASPassword=
#JcrJMSType: Type of JMS Provider
# mq: {WebSphere MQ JMS Provider}
# embedded: {WebSphere JMS Provider}
JcrJMSType=embedded
#JcrMQQueueManager: name of the WebSphere MQ Queue Manager
#Note: This value is not needed for WebSphere Embedded Messaging
JcrMQQueueManager=
##################################################################
# DB2 Content Manager Runtime Edition Database Properties - END
##################################################################
##################################################################
# Personalization Database Properties - BEGIN
##################################################################
# InitializeFeedbackDB: Determines how to handle the Personalization Feedback
# database during database transfer from Cloudscape to another DB type.
# Set true to transfer data from Cloudscape; set false to merely redirect the
# Feedback DataSource to a preexisting database.
InitializeFeedbackDB=true
# PznSchedulerUser: Username for RunAs access to Personalization Scheduler
PznSchedulerUser=ReplaceWithYourId
# PznSchedulerUserPassword: Password of user to be given RunAs access to
# Personalization Scheduler
PznSchedulerUserPassword=
##################################################################
# Personalization Database Properties - END
##################################################################
##################################################################
# Web Content Management (WCM) Properties - BEGIN
##################################################################
# WcmConfigured: Indicates whether WCM application is configured.
WcmConfigured=true
# WcmAuthoringConfigured: Indicates whether WCM authoring portlet is configured.
WcmAuthoringConfigured=true
# WcmAdminGroupId: The group ID for the WCM Administrator group
# DEV (No security): WcmAdminGroupId=cn=wcmadmins,o=default organization
# WMMUR DB: WcmAdminGroupId=cn=wcmadmins,o=default organization
# See LDAP examples below:
# IBM Directory Server: { cn=wcmadmins,cn=groups,dc=yourco,dc=com }
# Domino: { cn=wcmadmins}
# Active Directory: { cn=wcmadmins,cn=groups,dc=yourco,dc=com }
# Active Directory AM: { cn=wcmadmins,cn=groups,dc=yourco,dc=com }
# SunOne: { cn=wcmadmins,ou=groups,o=yourco.com }
# Novell eDirectory { cn=wcmadmins,ou=groups,o=yourco.com }
#WcmAdminGroupId=cn=wcmadmins,o=default organization
#WcmAdminGroupId=cn=wpsadmins,O=**Organization**
WcmAdminGroupId=cn=wcmdevadmins,ou=ServiceAccounts,o=**Organization**
# WcmAdminGroupIdShort: The WCM admin group ID
#WcmAdminGroupIdShort=wcmadmins
#WcmAdminGroupIdShort=wpsadmins
WcmAdminGroupIdShort=wcmdevadmins
##################################################################
# WCM Properties - END
##################################################################
##################################################################
#
# Lotus Collaborative Components Properties - BEGIN
#
##################################################################
##################################################################
# Lotus QuickPlace Properties - BEGIN
##################################################################
# Description: Lotus Collaborative Components required properties
# to enable Lotus QuickPlace
# LCC.QuickPlace.Enabled: Is Lotus QuickPlace enabled in the environment?
# { true | false }
LCC.QuickPlace.Enabled=false
# LCC.QuickPlace.Server: The Lotus QuickPlace server name.
# { hostname | ip address }
LCC.QuickPlace.Server=my.server.com
# LCC.QuickPlace.Protocol: The protocol used to connect to the Lotus QuickPlace server.
# { http | https }
LCC.QuickPlace.Protocol=http
# LCC.QuickPlace.Port: The port number for the Lotus QuickPlace server.
# { port number }
LCC.QuickPlace.Port=80
##################################################################
# Lotus QuickPlace Properties - END
##################################################################
##################################################################
# Lotus Sametime Properties - BEGIN
##################################################################
# Description: Lotus Collaborative Components required properties
# to enable Lotus Sametime
# LCC.Sametime.Enabled: Is Lotus Sametime enabled in the environment?
# { true | false }
LCC.Sametime.Enabled=false
# LCC.Sametime.Server: The Lotus Sametime server name.
# { hostname | ip address }
LCC.Sametime.Server=my.server.com
# LCC.Sametime.Protocol: The protocol used to connect to the Lotus Sametime server.
# { http | https }
LCC.Sametime.Protocol=http
# LCC.Sametime.Port: The port number for the Lotus Sametime server.
# { port number }
LCC.Sametime.Port=80
##################################################################
# Lotus Sametime Properties - END
##################################################################
##################################################################
# Lotus Discovery Server Properties - BEGIN
##################################################################
# Description: Lotus Collaborative Components required properties
# to enable Lotus Discovery Server
# LCC.DiscoveryServer.Enabled: Is Lotus Discovery Server enabled in the environment?
# { true | false }
LCC.DiscoveryServer.Enabled=false
# LCC.DiscoveryServer.Server: The Lotus Discovery Server name.
# { hostname | ip address }
LCC.DiscoveryServer.Server=my.server.com
# LCC.DiscoveryServer.Protocol: The protocol used to connect to the Lotus Discovery Server.
# { http | https }
LCC.DiscoveryServer.Protocol=http
# LCC.DiscoveryServer.Port: The port number for the Lotus Discovery Server.
# { port number }
LCC.DiscoveryServer.Port=80
##################################################################
# Lotus Discovery Server Properties - END
##################################################################
##################################################################
# Lotus Domino Directory Properties - BEGIN
##################################################################
# Description: Lotus Collaborative Components required properties
# to enable Lotus Domino Directory
# LCC.DominoDirectory.Enabled: Is Lotus Domino Directory enabled in the environment?
# { true | false }
LCC.DominoDirectory.Enabled=false
# LCC.DominoDirectory.Server: The Lotus Domino Directory server name.
# { hostname | ip address }
LCC.DominoDirectory.Server=my.server.com
# LCC.DominoDirectory.Port: The port number for the Lotus Domino Directory server.
# { port number }
LCC.DominoDirectory.Port=389
# LCC.DominoDirectory.SSL: Is SSL used to connect to the Lotus Domino Directory Server?
# { true | false }
LCC.DominoDirectory.SSL=false
##################################################################
# Lotus Domino Directory Properties - END
##################################################################
##################################################################
#
# Lotus Collaborative Components Properties - END
#
##################################################################
##################################################################
#
# WebSphere Portal Security Configuration - BEGIN
#
##################################################################
##################################################################
# WebSphere Portal Security LTPA and SSO configuration
##################################################################
# LTPAPassword: Specifies the password to encrypt and decrypt the LTPA keys.
LTPAPassword=de32wsxc
# LTPATimeout: Specifies the time period in minutes at which an LTPA token will expire.
LTPATimeout=600
# SSORequiresSSL: Specifies that Single Sign-On function is enabled
# only when requests are over HTTPS Secure Socket Layer (SSL) connections.
SSORequiresSSL=false
# SSODomainName: Specifies the domain name (ibm.com, for example) for all Single Sign-on hosts.
SSODomainName=**Organization**.com
##################################################################
# General Global Security Settings
##################################################################
# Description: The values in this section should only be adapted by advanced users
# useDomainQualifiedUserNames: Specifies the user names to qualify with the security domain within which they reside.
useDomainQualifiedUserNames=false
# cacheTimeout: Specifies the timeout value in seconds for security cache.
cacheTimeout=600
# issuePermissionWarning: Specifies that when the Issue permission warning is enabled, during application deployment
# and application start, the security run time emits a warning if applications are granted any custom permissions.
issuePermissionWarning=true
# activeProtocol: Specifies the active authentication protocol for RMI/IIOP requests when security is enabled.
activeProtocol=BOTH
# activeAuthMechanism: Specifies the active authentication mechanism, when security is enabled.
activeAuthMechanism=LTPA
##################################################################
# Custom User Registry Configuration - BEGIN
##################################################################
# CUClassName: Specifies a dot-separated class name that implements the com.ibm.websphere.security.UserRegistry
# interface (should be in the classpath).
CUClassName=com.ibm.websphere.wmm.registry.WMMCustomRegistry
##################################################################
# Custom User Registry Configuration - END
##################################################################
##################################################################
# LDAP Properties Configuration - BEGIN
##################################################################
# LookAside: To configure LDAP with an additional LookAside Database
# true - LDAP + Lookaside database
# false - only LDAP
LookAside=true
# WmmDefaultRealm
WmmDefaultRealm=portal
# LDAPHostName: The LDAP server hostname
LDAPHostName=devitds.intranet.**Organization**.com
# LDAPPort: The LDAP server port number
# For example, 389 for non-SSL or 636 for SSL
LDAPPort=389
# LDAPAdminUId: The LDAP administrator ID
LDAPAdminUId=cn=wpsdevbind,ou=ServiceAccounts,o=**Organization**
# LDAPAdminPwd: The LDAP administrator password
LDAPAdminPwd=de32wsxc
# LDAPServerType: The type of LDAP server to be used for WebSphere Portal
# IBM Directory Server: { IBM_DIRECTORY_SERVER }
# Domino: { DOMINO502 }
# Active Directory: { ACTIVE_DIRECTORY }
# Active Directory AM: { ACTIVE_DIRECTORY }
# SunOne: { IPLANET }
# Novell eDirectory: { NDS }
# Note: use IPLANET for SunONE
LDAPServerType=IBM_DIRECTORY_SERVER
#LDAPBindID: The user ID for LDAP Bind authentication
# See LDAP examples below:
# IBM Directory Server: { uid=
# Domino: { cn=
# Active Directory: { cn=
# Active Directory AM: { cn=
# SunOne: { uid=
# Novell eDirectory { uid=
LDAPBindID=cn=wpsdevbind,ou=ServiceAccounts,o=**Organization**
#LDAPBindPassword: The password for LDAP Bind authentication
LDAPBindPassword=de32wsxc
##################################################################
# LDAP Properties Configuration - END
##################################################################
################################################################
# Advanced LDAP Configuration - BEGIN
################################################################
# LDAPSuffix: The LDAP suffix appropriate for your LDAP server
# IBM Directory Server: { dc=yourco,dc=com }
# Domino value is null
# Domino: { }
# Active Directory: { dc=yourco,dc=com }
# Active Directory AM: { dc=yourco,dc=com }
# SunOne: { o=yourco.com }
# Novell eDirectory { o=yourco.com }
LDAPSuffix=
# LdapUserPrefix: The LDAP user prefix appropriate for your LDAP server
# IBM Directory Server: { uid }
# Domino: { cn }
# Active Directory: { cn )
# Active Directory AM: { cn )
# SunOne: { uid }
# Novell eDirectory { uid }
LdapUserPrefix=cn
# LDAPUserSuffix: The LDAP user suffix appropriate for your LDAP server
# IBM Directory Server: { cn=users }
# Domino: { o=yourco.com }
# Active Directory: { cn=users }
# Active Directory AM: { cn=users }
# SunOne: { ou=people}
# Novell eDirectory { ou=people }
LDAPUserSuffix=
# LdapGroupPrefix: The LDAP group prefix appropriate for your LDAP server
# IBM Directory Server: { cn }
# Domino: { cn }
# Active Directory: { cn }
# Active Directory AM: { cn }
# SunOne: { cn }
# Novell eDirectory { cn }
LdapGroupPrefix=cn
# LDAPGroupSuffix: The LDAP group suffix appropriate for your LDAP server
# IBM Directory Server: { cn=groups }
# Domino value is null
# Domino: { }
# Active Directory: { cn=groups }
# Active Directory AM: { cn=groups }
# SunOne: { ou=groups }
# Novell eDirectory { ou=groups }
LDAPGroupSuffix=
# LDAPUserObjectClass: The LDAP user object class appropriate for your LDAP server
# IBM Directory Server: { inetOrgPerson }
# Domino: { dominoPerson }
# Active Directory: { user }
# Active Directory AM: { user }
# SunOne: { inetOrgPerson }
# Novell eDirectory { inetOrgPerson }
LDAPUserObjectClass=inetOrgPerson
# LDAPGroupObjectClass: The LDAP group object class appropriate for your LDAP server
# IBM Directory Server: { groupOfUniqueNames }
# Domino: { dominoGroup }
# Active Directory: { group }
# Active Directory AM: { group }
# SunOne: { groupOfUniqueNames }
# Novell eDirectory { groupOfNames }
# Shared UserRegistry with WebSeal/TAM: { accessGroup }
LDAPGroupObjectClass=groupOfNames
# LDAPGroupMember: The LDAP group member attribute name appropriate for your LDAP server
# IBM Directory Server: { uniqueMember }
# Domino: { member }
# Active Directory: { member }
# Active Directory AM: { member }
# SunOne: { uniqueMember }
# Novell eDirectory { uniqueMember }
# Shared UserRegistry with WebSeal/TAM: { member }
LDAPGroupMember=member
# LDAPUserFilter: The LDAP user filter appropriate for your LDAP server (to work with default values in WMM)
#IBM Directory Server: { (&(uid=%v)(objectclass=inetOrgPerson)) }
#Domino: { (&(|(cn=%v)(uid=%v))(|(objectclass=dominoPerson)(objectclass=inetOrgPerson))) }
#Active Directory: { (&(|(cn=%v)(samAccountName=%v))(objectclass=user)) }
#Active Directory AM: { (&(cn=%v)(objectclass=user)) }
#SunOne: { (&(uid=%v)(objectclass=inetOrgPerson)) }
#Novell eDirectory { (&(uid=%v)(objectclass=inetOrgPerson)) }
LDAPUserFilter=(&(cn=%v)(objectclass=inetOrgPerson))
# LDAPGroupFilter: The LDAP group filter appropriate for your LDAP server (to work with default values in WMM)
#IBM Directory Server: { (&(cn=%v)(objectclass=groupOfUniqueNames)) }
#Domino: { (&(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))) }
#Active Directory: { (&(cn=%v)(objectclass=group)) }
#Active Directory AM: { (&(cn=%v)(objectclass=group)) }
#SunOne { (&(cn=%v)(objectclass=groupOfUniqueNames)) }
#Novell eDirectory { (&(cn=%v)(objectclass=groupOfUniqueNames)) }
LDAPGroupFilter=(&(cn=%v)(objectclass=groupOfNames))
# LDAPGroupMinimumAttributes: This attribute is loaded for group search (performance issues)
LDAPGroupMinimumAttributes=
# LDAPUserBaseAttributes: These attributes are loaded for user login (performance issues)
LDAPUserBaseAttributes=givenName,sn,person_id,MAIL,FMNO,location_office_code,staffing_office_code,region_code,country_code,person_access_role
# LDAPUserMinimumAttributes: These attributes are loaded for user search (performance issues)
LDAPUserMinimumAttributes=
#LDAPsearchTimeout: Specifies the timeout value in seconds for an LDAP server to respond before aborting a request.
LDAPsearchTimeout=120
#LDAPreuseConnection: Should set to true by default to reuse the LDAP connection.
# { false | true }
LDAPreuseConnection=true
#LDAPIgnoreCase: Specifies that a case insensitive authorization check is performed.
# { false | true }
LDAPIgnoreCase=true
################################################################
# Advanced LDAP Configuration - END
################################################################
##################################################################
# LDAP Properties - END
##################################################################
##################################################################
#
# WebSphere Portal Security Configuration - END
#
##################################################################
##################################################
# iSeries CCSID value
#
# If the CCSID on an iSeries is set to 65535,
# some configuration commands will not work
# correctly. Configuration run under a job with
# CCSID of 65535 will be changed by default
# to CCSID 37. The CCSIDvalue property can
# be used to change the default CCSID to something
# other than 37. This property is only used
# when the configuration job CCSID is 65535.
#
##################################################
# CCSIDvalue=37
###############################################################################
#List of old ports to be replaced (iSeries Only)
WpsHostOldPort1=9080
WpsHostOldPort2=9090
WpsHostSSLOldPort1=9043
WpsHostSSLOldPort2=9443
######################################################################
# Advanced Security Configuration using External Security Managers
######################################################################
##################################################
#
# Namespace management parameers common to TAM and SiteMinder
#
##################################################
# (Optional) You can set different "contexts" to further distinguish externalized Portal
# role names from other role names in the Tivoli Access Manager namespace. This context
# information will be added to the namespace entry created upon role externalization.
# If any of the 3 context values are null, none will be used.
EACserverName=WebSphere_Portal
EACcellName=vmwtest
EACappName=wps
# Description: this field will allow you to either have your externalized Portal
# rolenames displayed with the resource type first, or the role types first.
# For example, if you make this variable "true", your TAM namespace or SiteMinder protected resource
# would look similair to
# /WPv6/wps.CONTENT_NODE/Welcome_Page/10_2E@Aministrator/app/server/cell
# /WPv6/wps.CONTENT_NODE/Welcome_Page/10_2E@Editor/app/server/cell
# /WPv6/wps.CONTENT_NODE/Administration/15_AF@Aministrator/app/server/cell
# /WPv6/wps.PORTLET_APPLICATION/Welcome_Portlet/09_2Q@Aministrator/app/server/cell
# /WPv6/wps.PORTLET_APPLICATION/Welcome_Portlet/09_2Q@User/app/server/cell
#
# and if you make the variable "false", your TAM namespace or SiteMinder protected resource
# would look similair to:
# /WPv6/Aministrator@wps.CONTENT_NODE/Welcome_Page/10_2E/app/server/cell
# /WPv6/Administrator@wps.CONTENT_NODE/Administration/15_AF/app/server/cell
# /WPv6/Administrator@wps.PORTLET_APPLICATION/Welcome_Portlet/09_2Q/app/server/cell
# /WPv6/Editor@wps.CONTENT_NODE/Welcome_Page/10_2E/app/server/cell
# /WPv6/User@wps.PORTLET_APPLICATION/Welcome_Portlet/09_2Q/app/server/cell
reorderRoles=false
#################################################
#
# Tivoli Access Manager
#
#################################################
#######################################
# AMJRTE connection parameteres
#######################################
#An administratitive user ID for TAM. This user should have the access to create new TAM servers,
#new Tivoli protected objectspaces, and new Tivoli protected objects
PDAdminId=sec_master
#The password for the administrative TAM user
PDAdminPwd=
#The location of the TAM AMJRTE properties file. This properties file is created by the TAM SvrSslCfg
#command and contains information such as:
# Policy Server hostname, ports
# version of AMJRTE
# path to encryption keys.
PDPermPath=${JavaHome}/jre/PdPerm.properties
########################################
# SvrSslCfg command parameters
########################################
# Unique application name. This name will be used to create a new Tivoli server in the
# Access Manager Policy Server. This server will appears in the pdadmin server list
# after running the SvrSslCfg command. If a server with the same name appears in the
# server list command, the SvrSslCfg command will fail.
PDServerName=amwp6
# Configuration port for the application name. This paramter is currently ignored by the
# SvrSslCfg command
SvrSslCfgPort=7223
# Configuration mode of the SvrSslCfg command. Currently, the only valid value is remote
SvrSslCfgMode=remote
# Defines the TAM Policy Server used when running PDJrteCfg
TamHost=your.TAM.Policy.Server.hostname
# Defines a hostname, port, and priority combinations for your TAM Policy servers
# used when running SvrSslCfg.
# The format of this property is host:port:priority. For example, hosta.ibm.com:7135:1
# or host1.ibm.com:7135:1, hostb.7135:2
PDPolicyServerList=your.TAM.Policy.Server.hostname:7135:1
# Defines a hostname, port, and priority combination for your TAM authorization servers.
# The format of this property is host:port:priority. For example, hosta.ibm.com:7136:1
PDAuthzServerList=your.TAM.Authorization.Server.hostname:7136:1
# Stores encryption keys used for the SSL communication between AMJRTE and Tivoli
# Access manager. This file is generated as a result of the SvrSslCfg command.
PDKeyPath=${JavaHome}/jre/lib/security/pdperm.ks
#######################################
# WebSEAL junction parameters
#######################################
#The type of junction to be created in TAM. Accepted values are tcp and ssl
JunctionType=tcp
#The WebSEAL junction point to the WebSphere Portal instance
#Note: In order to create a valid TAM junction, this property must begin
#with a / character
JunctionPoint=/wpsv6
# Which WebSEAL instance to create the junction. You can view the different WebSEAL
# instances by issuing a server list from the pdadmin> command line
WebSealInstance=instance-webseald-yourhost.com
# The headers inserted by WebSEAL that the TAI uses to identify the request as originating from WebSEAL.
#
# Note #1: Inclusion of these headers is associated with the headers used by
# the WebSphere Application Server TAI to identify the request as one from WebSEAL.
#
# Note #2: If you are configuring Portal to use TAM as an external authorization engine,
# you must include at least the iv-user and iv-creds headers
TAICreds=iv-user,iv-creds
######################################
# WAS WebSEAL TAI parameters
######################################
# Optional parameter that sets the WebSEAL TAI's hostnames parameter. You should include
# the hostname you provided when configuring the WebSEAL instance. Please consider
# the following:
# * this value is case-sensitive
# * this value may be a comma delimited list if more than one hostname is provided
# * the default behavior when configuring a WebSEAL instance is to use the network
# short name. For example, hosta.yourcompany.com may be represented as hosta
# when the WebSEAL instance is configured
# * if any additional proxies are included, their hostnames must be added as well
# Presence of a this parameters will cause the TAI to evaluate the VIA header and only
# handle those requests that contain one of the provided hostname, and port combinations
WebSealHost=
# Optional parameter that sets the WebSEAL TAI's ports parameter. You should include
# the WebSEAL ports in this comma delimited list. The default WebSEAL port is 443
#
# Presence of a this parameters will #cause the TAI to evaluate the VIA header and only
# handle those requests that contain one of the provided hostname, and port combinations
WebSealPort=
# When you create a TCP junction, this is WebSEAL identity representing the reverse proxy
# on every request. WebSphere Application Server will use this identity to establish the
# "trust" that is required to validate the WebSEAL iv-* headers. The password for this user
# should be set in the WebSEAL instance's webseald.conf on the basicauth-dummy-passwd property.
WebSealUser=wpsadmin
# When you create an SSL junction, this is the WebSEAL identity representing the reverse proxy
# on every request. WebSphere Application Server will use this identity to establish the "trust"
# that is required to validate the WebSEAL iv-* headers
BaUserName=wpsadmin
# When you create an SSL junction, you can provide a password to the identity representing
# the reverse proxy on every request. WebSphere Application Server will use this identity to
# establish the "trust" that is required to validate the WebSEAL iv-* headers
BaPassword=
######################################
# Portal authorization paramters
######################################
# Root objectspace entry in the TAM namespace. All Portal roles will be installed under this objectspace entry.
PDRoot=/WPv6
# When the Tivoli Access Manager external authorization plugin is started, it will detect and, if necessary,
# create a custom action in Tivoli Access Manager. The combination of the action group and the action determines
# the TAM permission string required to assign membership to externalized Portal roles.
PDAction=m
# When the Tivoli Access Manager external authorization plugin is started, it will detect and, if necessary,
# create a custom action group in Tivoli Access Manager. The combination of the action group and the action
# determines the TAM permission string required to assign membership to externalized Portal roles.
PDActionGroup=[WP6]
# When Portal externalizes a role, it can automatically create and attach a TAM ACL granting membership
# to the user doing the role. If you select No,the TAM administrator will be responsible for creating TAM
# ACLs to allow access to Portal roles
PDCreateAcl=true
######################################
# Portal vault paramters
#####################################
#New vault type identifier representing the Tivoli GSO lockbox vault. The value can be any string
vaultType=AccessManager
# Defines a properties file to be used to configure the vault with TAM specific user and SSL connection
# information. This file will automatically be created in the
# and populated by the ant task based on previous task execution.
vaultProperties=accessmanagervault.properties
# Determines if the portal credential vault or any custom portlet is allowed to create new
# resource objects in TAM. If you select false, your Tivoli administrator must define the accessible \
# resources to associate users with using the Tivoli command line or GUI
manageResources=true
# Determines if the portal credential vault or any custom portlet is allowed to modify the
# secrets stored in TAM. If you select "Read Only", the Tivoli administrator must change
# the credentials associated with resources using the Tivoli command line or GUI.
readOnly=false
######################################
# Tivoli Access Manager - End
######################################
###############################################
#
# Netegrity SiteMinder
#
###########################################
####################################
# SiteMinder TAI parameters
####################################
# Location of the SiteMinder TAI WebAgent.conf file
SMConfigFile=e:/netegrity6/smwastai/conf/WebAgent.conf
####################################
# Portal/SiteMinder authorization paramteres
#####################################
#SiteMinder Domain containing all externalized portal resources
SMDomain=WebSphere Portal v6
# SiteMinder Authentication scheme object name to use when creating realms
SMScheme=Basic
# The SiteMinder custom or 4.x web agent created to allow communication between
# WebSphere Portal and SiteMinder
SMAgent=ReplaceWithYourSiteMinderAgentName
# Password for SiteMinder agent
SMAgentPwd=
# SiteMinder administrator. This administrator must have a scope of System, as new
# SiteMinder domains and realms will be created. In addition, creation of the realms
# representing Portal roles, reference to the webagent, which also requires System scope
SMAdminId=siteminder
#Password for SiteMinder administrative user
SMAdminPwd=
# SiteMinder User Directory object referencing the LDAP server used for Portal users and groups
SMUserDir=ReplaceWithYourSiteMinderUserDirectoryObject
# Failover mode of Siteminder Policy Server. SMFailover must be set to true if more
# than 1 policy server is listed in the SMServers property below
SMFailover=false
# Comma delimited list of server for SiteMinder agent
# Important: If your Policy Servers are listening on non default ports (ie. not 44441,44442,44443),
# you must add the port property for each policy server manually in the ExternalAccessControlService.properties
SMServers=your.Policy.Server.ipaddress
##############################################
# Netegrity SiteMinder - End
##############################################
##############################################
# Advanced Security Configuration - End
##############################################
##############################################
# Virtual Portal Configuration - Begin
##############################################
# VirtualPortalTitle: Title of the Virtual Portal
VirtualPortalTitle=
# VirtualPortalRealm: Realm of the Virtual Portal
VirtualPortalRealm=
# VirtualPortalContext: Context of the Virtual Portal
VirtualPortalContext=
# VirtualPortalNlsFile: File which contains language specific information for the Virtual Portal
VirtualPortalNlsFile=
# VirtualPortalObjectId: ObjectId of the Virtual Portal
# The ObjectId is needed to modify, delete Virtual Portals and
# can be obtained by running task list-all-virtual-portals
# Note: Do not delete the default Virtual Portal (ObjectId ends with _0)
VirtualPortalObjectId=
##############################################
# Virtual Portal Configuration - End
LikemindsSourceDbUser=db2admin
##############################################
LDAPsslEnabled=false
