下载文档原格式
目录目录 (1)Zimbra系统的安装过程 (2)前言、系统架构及DNS (2)一、安装环境 (4)1.1操作系统 (4)2.1 Zimbra版本 (5)3.1需要安装的软件包 (5)4.1修改文件 (5)二、安装Zimbra LDAP,实现主从复制 (5)1.1安装一个主的LDAP,两个从的LDAP (5)2.1安装第一个从的LDAP (11)3.1安装第二个从的LDAP (16)三、安装Zimbra MailStore (21)1.1安装 (21)2.1安装 (32)3.1安装其他邮箱服务器 (42)四、安装zimbra MTA (43)1.1安装mta01 (43)2.1安装mta02 (48)五、安装proxy (48)1.1安装 (48)六、归档组件及服务器的安装 (54)1.1安装zimbra-archiving组件 (54)2.1在其他服务器上安装zimbra-archiving组件 (58)3.1在上执行以下命令 (59)4.1在上执行以下命令 (59)5.1安装archive01服务器 (59)七、安装LVS (68)1.1安装ipvsadm (68)2.1负载服务器 (69)3.1 mta服务器 (70)4.1测试 (70)Zimbra系统的安装过程前言、系统架构及DNS1、系统架构vCPU vRAM vDISK OS IP1:DNS 1 512M 20G Centos 5.6 192.168.13.20 2:LVS 1 512M 20G Centos 5.6 192.168.13.21 3:ldap-master 2 1G 50G Centos 6.3 192.168.13.32 4:ldap-replica 2 1G 50G Centos 6.3 192.168.13.33 5:mail (jetty, mysql) 2 1G 50G Centos 6.3 192.168.13.30 6:mail-archive 2 1G 50G Centos 6.3 192.168.13.31 7:proxy (nginx),mta 2 1G 50G Centos 6.3 192.168.13.34 8:proxy (nginx),mta 2 1G 50G Centos 6.3 192.168.13.35 9:Zimbra-VIP 192.168.13.242、安装DNS# yum install bind3、配置DNS# vi /etc/named.conf输入以下内容:options {directory "/var/named";pid-file "/var/named/named.pid";forwarders { 202.101.224.67; 202.101.224.68; };allow-query { any; };};zone "." IN {type hint;file "named.root";};zone "0.0.127.in-addr-arpa" IN {type master;file "named.local";allow-update { none; };};zone "" IN {type master;file "";allow-update { none; };};zone "13.168.192.in-addr-arpa" IN {type master;file "named.13.168.192";allow-update { none; };};# cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/ # vi /var/named/named.local输入以下内容:$TTL 3h0.0.127.in-addr.arpa. IN SOA . admin@. (1 ; Serial3h ; Refresh after 3 hours1h ; Retry after 1 hours1w ; Expire after 1 week1h ) ; Negative caching TTL of 1 hour1.0.0.127.in-addr.arpa. IN PTR localhost.# vi /var/named/输入以下内容:$TTL 3h. IN SOA . admin@. (1 ; Serial3h ; Refresh after 3 hours1h ; Retry after 1 hours1w ; Expire after 1 week1h ) ; Negative caching TTL of 1 hour . IN NS .. IN MX 10 mail. IN A 192.168.13.20www IN A 192.168.13.24mail IN A 192.168.13.24zldapmaster IN A 192.168.13.32zldapreplica IN A 192.168.13.33zproxymta01 IN A 192.168.13.34zproxymta02 IN A 192.168.13.35zmailstore IN A 192.168.13.30zmailstore-archive IN A 192.168.13.31# vi /var/named/named.13.168.192输入以下内容:$TTL 3h13.168.192.in-addr.arpa. IN SOA . admin@. (1 ; Serial3h ; Refresh after 3 hours1h ; Retry after 1 hours1w ; Expire after 1 week1h ) ; Negative caching TTL of 1 hour 13.168.192.in-addr.arpa. IN NS .226.1.168.192.in-addr.arpa. IN PTR .4、启动DNS# /usr/sbin/named -g &注:-g显示启动时的日志,一边分析启动过程出现错误的原因。
IBM TDS V6.3安装过程(个人实测安装,仅用作学习交流)一、安装准备VMWare虚拟环境安装1.准备Windows Server 2003 R2 Datacenter X64 Edition Service Pack 2系统2.资源配置:内存4G,硬盘:40G,CPU:2.0GHz(2颗)3.主机名:lss01; IP地址:172.1.1.109;255.255.0.0;172.1.1.11;DNS:172.1.1.11;添加DNS后缀:;工作组:workgroup;域控制器:;本机未加入域。
配置完成,重启虚拟机。
跳过portal安装,安装DB2。
二、安装1.安装解压缩软件2.安装DB2 V9.7(1)DB2 企业服务器版本9.7(安装新产品)(2)准备安装(下一步)(3)使用DB2 Enterprise Server Edition V9.7 5765-F41(下一步)(4)接受许可条款(下一步)(5)典型安装(下一步)(6)选择“在此计算机上安装DB2 Enterprise Server Edition并将设置保存在相应文件中”,响应文件名:c:\Documents and settings\Administrator\My Documents\PROD_ESE.rsp(下一步)(7)选择安装文件夹,安装目录:D:\Program Files\IBM\SQLLIB\(下一步)(8)为“DB2管理服务器”设置用户信息。
用户信息(域:无-使用本地账户;用户名:db2admin;密码:********),勾选”对其余DB2服务使用同一个账户“(下一步)(9)配置DB2实例。
DB2实例:DB2 默认配置(10)准备DB2工具目录勾选默认下一步(11)设置DB2服务器以发送通知取消勾选下一步(12)启用操作系统安全性勾选默认下一步(13)核对安装配置信息并创建响应文件完成(14)开始安装过程(15)完成(16)启动DB2(17)创建DB2数据库打开DB2命令编辑器,输入创建数据库的命令后点执行:Create database timdb alias timdb using codeset UTF-8 territory US;(18)打开DB2控制中心,在建立的TIMDB数据库上右键点击,选择”权限“选项,打开TIMDB数据库权限面板,添加用户,将DB2ADMIN用户添加到TIMDB数据库的用户中,点击”全部授予“,授予DB2ADMIN用户在TIMDB数据库的操作及管理权限。
ldap第⼀天编译安装LDAP+ldapadmin⼀.环境Server:基于CentOS-7-x86_64-1511Server IP: 172.18.12.203⼆.软件获取OpenLDAPOpenLDAP 2.4.44:BDBberkeley-db-5.1.29 (OpenLDAP当前与6.x版本不兼容,READEME中明确写出兼容4.4~4.8或5.0~5.1):LDAP Administrtorldapadmin 2015.2:三.准备1. 关闭selinux;2. 打开防⽕墙tcp 389 / 636端⼝。
# tcp 389 是openldap 明⽂传输端⼝,tcp 636是ssl加密传输的端⼝。
# centos7默认⾃带firewalld服务,可以停⽤之后安装iptables。
四.安装OpenLDAP1.依赖包[root@localhost ~]# yum install *ltdl* -y# 涉及libtool-ltdl与libtool-ltdl-devel,如不安装,在编译时报错:configure: error: could not locate libtool ltdl.h2.安装BDB[root@localhost ~]# cd /usr/local/src/[root@localhost src]# tar -zxvf db-5.1.29.tar.gz[root@localhost src]# cd db-5.1.29/build_unix/[root@localhost build_unix]# ../dist/configure --prefix=/usr/local/berkeleydb-5.1.29[root@localhost build_unix]# make[root@localhost build_unix]# make install#必须在解压包的build_unix⽬录中编译安装,否则会报错。
PXE网启安装法这一次我采用了WEB BIOS来配置阵列,用光盘引导盘配置阵列虽然简单,但是如果想随心所欲的配置的,这一种方法比较好,可以配置成复合型阵列.一.启动WebBIOS启动WebBIOS有两种方法1。
配置有ServeRaid MR 5000阵列卡的服务器,在开机自检的过程中会有CTRL+H的提示。
按下CTRL+H组合键后会出现阵列卡配置界面2.开机按F1进入UEFI配置界面选择System Settings—〉Adapters and UEFI Drivers,可以看到配置的阵列卡,按回车选中后,按1进入WebBIOS二.配置RAID0,RAID1,RAID5 1。
在WebBIOS中选择配置向导Configuration Wizard2.选择New Configuration,选择后会清除现有阵列卡上的所有阵列信息;如果此时阵列卡上已经配置了其他阵列,此处请选择Add Configuration。
选择Yes确定3.选择手动配置Manual Configuration4.选择要配置在阵列中的硬盘,按Add to Array从左边的Drivers中选到右边的Driver Groups中,配置RAID1需要2块硬盘,配置RAID5至少需要3块硬盘.5.选好硬盘后,选择Accept DG后点击Next7.在左侧的ArrayWithFreeSpace中选中刚刚做好的Disk Groups按Add to SPAN添加到右侧的span中,然后选择Next8。
Virtual Disk配置界面,选好Virtual Disk参数后,点选Accept接受配置,最后选择Next。
·RAID Level中可以选择要配置的RAID级别;·右侧的Possible RAID Level中显示可能的RAID级别的磁盘容量,比如示例中三个73G 的硬盘配置raid0容量约为200G,而如果配置RAID5容量约为134G;·Select size选项中可以修改Virtual Disk的容量,通常这个值设定为该磁盘组RAID级别的最大容量。
IBM服务器系统安装教程步步图解 IBM服务器系统安装傻瓜教程用IBM引导盘装系统前请备份你服务器硬盘上的所有资料,因为整个安装过程相当于把硬盘重新分区~~一定要记住,备份所有资料~~在给服务器安装操作系统的时候会用到两张光盘,第一张是引导盘,第二张是我们的操作系统光盘,要先把引导盘放进去,进行一些安装过程的设置和驱动的安装,如果直接把操作系统光盘放进去安装的话,之后还要再装驱动,很麻烦的。
找出IBM安装光盘服务器的安装与PC的安装基本相同,但也有不同。
我们就把这台服务器当成是新机来安装。
也就是说不管硬盘中的数据了,如果您的硬盘中有别的数据,请自行备份。
首先,找出IBM随机安装光盘,诺,就是这张:放大一些看看对,就是这张,因为我们这次准备安装的是WINDOWS 2003系统,所以就是它了 from oil conservator rated. 4.1.12.10.3 oil is finished, should beset aside for 24 hours. 4.1.12.10.4 can be replaced after the transformer, cooling unit, gas relays and pressure release valve devices, exhaust gas related sites multiple times. 4.1.13 electric overall construction process chart, see next page. Turn off the security system, access to the site had to wear a helmet, aerial work have to fasten your seat belt. Using power tools, the shell shall be reliable grounding to prevent electric shock, do the construction site security, preventing mounted electrical components and material damage, such as lost,electrical simulation test and operation of the transmission, and carry out the operation and the tone system; ongoing safety and quality education, improving safety awareness to ensure smooth and safe, high quality finish. 4.3 projects 4.3.1 quality assurance measurespreparation of construction organization design and construction program. Careful review of the drawings, in-depth understanding of site, construction workers doing construction gives the low-down, prior to construction as far as possible the problems right. 4.3.2 compliancewith specifications, in accordance with the drawings, encountered in the process of unclear are not free to change, must inform the unilateral changes by the design department to modify. 4.3.3 site full-time quality inspector and team part-time Inspector on construction quality of electrical installation check, nonconforming areas for correctiveactions in a timely manner until it reaches the required. 4.3.4installed in well construction record, done self-inspection, mutual,total work quality appraisal work, improve the quality of workers and ensure the project progress in order将那张光盘插入服务器的DVDROM中,启动服务器。
LDAP概念和原理介绍相信对于许多的朋友来说,可能听说过LDAP,但是实际中对LDAP的了解和具体的原理可能还⽐较模糊,今天就从“什么是LDAP”、“LDAP的主要产品”、“LDAP的基本模型”、“LDAP的使⽤案例”四个⽅⾯来做⼀个介绍。
我们在开始介绍之前先来看⼏个问题:1. 我们⽇常的办公系统是不是有多个?2. 每个系统之间是不是都有独⽴的账号密码?3. 密码多了,有时候半天想不起来哪个密码对应哪个系统?4. 每次新项⽬的开发,都需要重新开发和维护⼀套⽤户密码?5. 维护多套系统的⽤户是不是⾮常头疼?So,如今⼤家再也不⽤为上⾯的的问题头疼了,因为“LDAP统⼀认证服务”已经帮助⼤家解决这些问题了。
那么相信⼤家对“LDAP统⼀认证服务”是⼲嘛的已经有⼀个⼤概的了解了吧?那我们开始今天要讲解的内容吧!⼀、什么是LDAP?(⼀)在介绍什么是LDAP之前,我们先来复习⼀个东西:“什么是⽬录服务?” 1. ⽬录服务是⼀个特殊的数据库,⽤来保存描述性的、基于属性的详细信息,⽀持过滤功能。
2. 是动态的,灵活的,易扩展的。
如:⼈员组织管理,电话簿,地址簿。
(⼆)了解完⽬录服务后,我们再来看看LDAP的介绍:LDAP(Light Directory Access Portocol),它是基于X.500标准的轻量级⽬录访问协议。
⽬录是⼀个为查询、浏览和搜索⽽优化的数据库,它成树状结构组织数据,类似⽂件⽬录⼀样。
⽬录数据库和关系数据库不同,它有优异的读性能,但写性能差,并且没有事务处理、回滚等复杂功能,不适于存储修改频繁的数据。
所以⽬录天⽣是⽤来查询的,就好象它的名字⼀样。
LDAP⽬录服务是由⽬录数据库和⼀套访问协议组成的系统。
(三)为什么要使⽤LDAP是开放的Internet标准,⽀持跨平台的Internet协议,在业界中得到⼴泛认可的,并且市场上或者开源社区上的⼤多产品都加⼊了对LDAP的⽀持,因此对于这类系统,不需单独定制,只需要通过LDAP做简单的配置就可以与服务器做认证交互。
1版本信息Tivoli Access Manager V6.1.1 2安装was安装Was不能启用安全性;安装HTTPserver安装Web服务插件3安装TDSIBM DB2 = 未安装目录名= C:\IBM\SQLLIBIBM Global Security Kit = 正在更新目录名= C:\Program Files\ibm\gsk7IBM Tivoli Directory Server = 未安装目录名= C:\IBM\LDAP\V6.1DB2 管理员标识(也用作实例名)= db2admin DB2 管理员密码= db2admin创建DB2 管理员(如果不存在)= 否Directory server 数据库主目录= C:DB2 数据库名称= amdb加密种子值= 0123456789012管理员标识= cn=root管理员密码=root用户定义的后缀= dc=scal,dc=com本地主机名= kissme非SSL 端口= 389SSL 端口= 636带有完整路径的SSL 密钥文件= C:\IBM\LDAP\V6.1\lib\am_key.kdb 创建SSL 密钥文件= 是SSL 密钥文件密码= admin证书标签= PDLDAP支持Federal Information Processing Standards(FIPS)= 否4安装AMMRIBM Global Security Kit = 正在更新目录名= D:\ibm\gsk7\IBM Tivoli Directory Client = 已配置目录名= C:\IBM\LDAP\V6.1IBM Tivoli Security Utilities = 未安装目录名= C:\Tivoli\TivSecUtlIBM Tivoli Access Manager runtime = 未安装目录名= C:\Tivoli\Policy Director启用Tivoli Common Directory 进行日志记录= 否LDAP 服务器主机名= kissmeLDAP 服务器端口= 389启用与注册表服务器的SSL = 是带有完整路径的SSL 密钥文件= C:\IBM\LDAP\V6.1\lib\am_key.kdb SSL 密钥文件密码= admin证书标签= PDLDAPSSL 端口= 636IBM Tivoli Access Manager Policy Server = 未安装目录名= C:\Tivoli\Policy DirectorTivoli Access Manager 管理员密码=adminPolicy Server SSL 端口= 7135SSL 证书的生命周期(天)= 1460SSL 连接超时(秒)= 7200LDAP 管理员DN = cn=rootLDAP 管理员密码= root管理域名= DefaultLDAP 管理域位置DN = dc=scal,dc=com用户和组跟踪信息格式= 最小启用Federal Information Processing Standards(FIPS)= 否5安装AMMACLD6安装AMADK7安装amjrte8安装amproxy9安装amrte 此安装可省略10安装amwpmIBM WebSphere Application Server = 已配置目录名= C:\IBM\WebSphere\AppServer节点名= kissmeNode01本地主机名= kissme本地管理员标识= AdministratorIBM Tivoli Access Manager Runtime for Java = 已安装目录名= C:\Tivoli\Policy DirectorPolicy Server 主机名= kissmePolicy Server SSL 端口= 7135JRE 目录= C:\IBM\WebSphere\AppServer\java\jre IBM Tivoli Access Manager Web Portal Manager = 未安装目录名= C:\Tivoli\Policy DirectorPolicy Server 主机名= kissmePolicy Server SSL 端口= 7135Policy Server 管理员标识= sec_masterPolicy Server 管理员密码= adminTivoli Access Manager 域= Default该Access Manager 域包含Authorization Server = 否对IBM WebSphere Application Server 启用SSL = 否主机名= kissme端口= 888011安装amwebarsthe Access Manager Attribute Retrieval Service12安装amwpi(失败)Tivoli Access Manager plug-in for Web servers (install_amwpi)正在初始化InstallShield Wizard...正在搜索Java(tm) 虚拟机....正在搜索(TAM EZ) Java 1.5X by IBM Corporation正在验证(TAM EZ) Java 1.5X by IBM Corporation.......IBM Tivoli Directory Server Instance V6.1 - db2admin 服务正在启动 .......IBM Tivoli Directory Server Instance V6.1 - db2admin 服务已经启动成功。
LDAP使用手册1.LDAP介绍LDAP就是一种目录,或称为目录服务。
LDAP的英文全称是Lightweight Directory Access Protocol,即轻量级目录访问协议,是一个标准化的目录访问协议,它的核心规范在RFC中都有定义[16][17]。
LDAP基于一种叫做X.500的标准,X.500是由ITU-T和ISO定义的目录访问协议,专门提供一种关于组织成员的电子目录使得世界各地因特网访问权限内的任何人都可以访问该目录。
在X.500目录结构中,需要通过目录访问协议DAP,客户机通过DAP查询并接收来自服务器目录服务中的一台或多台服务器上的响应,从而实现对服务器和客户机之间的通信控制。
然而DAP需要大量的系统资源和支持机制来处理复杂的协议。
LDAP仅采纳了原始X.500目录存取协议DAP的功能子集而减少了所需的系统资源消耗,而且可以根据需要进行定制。
在实际的应用中,LDAP比X.500更为简单更为实用,所以LDAP技术发展得非常迅速。
目前在企业范围内实现的支持LDAP的系统可以让运行在几乎所有计算机平台上的所有应用程序从LDAP目录中获取信息,LDAP目录中也可以存储各种类型的数据,如:电子邮件地址、人力资源数据、公共密匙、联系人列表,系统配置信息、策略信息等。
此外,与X.500不同,LDAP支持TCP,这对当今Internet来讲是必须的。
目前己有包括微软、IBM在内的几十家大型软件公司支持LDAP技术。
1997年发布了第三个版本LDAPV3[17],它的出现是LDAP协议发展的一个重要转折,它使LDAP协议不仅仅作为X.500的简化版,同时提供了LDAP协议许多自有的特性,使LDAP协议功能更为完备,安全性更高,生命力更为强大。
1.1组成LDAP的四个模型组成LDAP的四个模型是:信息模型,命名模型,功能模型,安全模型。
1.1.1信息模型LDAP信息模型定义能够在目录中存储的数据类型和基本的信息单位。
IBM Portal V6.0安装指南1、Portal V6介质包一览2、安装步骤运行W-SETUP 目录中的install.bat ,按以下步骤执行初学者可以点击“启动信息中心”按钮获取帮助目录产品压缩包名称W-SetupWebSphere Portal V6.0and Workplace Web Content Management V6.0-Portal Install V6.0Multilingual C93LQML W-1WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-WebSphere Application Server Network Deployment for Windows,V6.0.2.9MultilingualC93LWML W-2WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-WebSphere Process Server for WIndows,V6.0.1.1MultilingualC93LRML W-3WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-Portal Server (Disc 1of 2),V6.0MultillingualC93LSML W-4WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-Portal Server (Disc 2of 2),V6.0MultillingualC93M4ML W-5WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-Personalization,V6.0MultillingualC93LUML W-6WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-IBM Tivoli Directory Server for WIndows V6.0MultilingualC93LXML W-7WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-IBM Tivoli Directory Server Fixpack for Windows V6.0.0.1MultilingualC93LYML W-8WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-DB2UDB Enterprise Server Edition for Windows,V8.2.5MultilingualC93LVML W-9WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-Edge Components for WebSphere Application Server Network Deployment for Windows,V6.0MultilingualC93LZML W-10WebSphere Portal V6.0and Workplace Web Content Mgmt V6.0-WebSphere Application Server Toolkit for Windows,V6.0Multilingual C93M0ML接受许可证协议选择标准安装或客户化安装指定WebSphere Application Server(WAS)的安转路径指定节点名和主机名指定WAS的管理员表示符和口令,例如:wasadmin或者wpsadmin选择是否安装WebSphere Process Server,若要使用Portal6中新的工作流功能请选择“是”指定Portal的安装路径指定Portal的管理员表示符和口令,例如:wpsadmin选择是否将WAS和Portal作为Windows的服务来启动安装确认提示如果没有将安装文件放在第一章所指定的目录中,将会出现目录选择提示开始安装整个安装过程将持续1-1.5个小时,安装完成验证Portal,通过浏览器打开http://portal:10038/wps/portal输入用户名和口令3、配置Web Content Management停止Portal Server编辑/PortalServer/config目录下的wpconfig.properties文件,设置管理员口令PortalAdminPwd=passw0rdOpen a command prompt.Go to the/PortalServer/configRun the following command:Windows:WPSconfig.bat configure-wcm-authoring确认已成功执行登陆Portal,在启动菜单中可见“Web内容”,点击启动—Web内容在Web Content Management页面包含了管理和创作在配置中,可以对库选择,预览选项,用户界面选项,富文本格式选项进行设置在内容预览页面中可以查看创作的结果Note:关于WCM使用及开发请参阅Portal开发文档4、配置数据库以DB2为例,配置步骤如下:如果你使用DB2Fix Pack10或者DB2Fix Pack11或者DB2Fix Pack12,你必须在迁移数据库之前完成以下步骤:1.找到文件:*UNIX:/home/db2inst1/sqllib/cfg/db2cli.ini*Windows:db2home/sqllib/db2cli.ini2.编辑文件,在文件的最后添加下列参数:DB2Fix Pack10或者DB2Fix Pack11:[COMMON]DYNAMIC=1DB2Fix Pack12:[COMMON]ReturnAliases=0注意:在文件的最后必须添加一个空行.我们会创建下列7个表实例●release●community●customization●wmmdb●jcrdb●fdbkdb●lkmddb找到下列文件,并在修改参数之前创建一个备份拷贝●portal_server_root/config/wpconfig.properties●portal_server_root/config/wpconfig_dbdomain.properties●portal_server_root/config/wpconfig_dbtype.properties编辑修改以下参数:Properties File Property Valuewpconfig-dbtype.properties Db2.DbLibrary<DB2_HOME>/java/db2java.zip wpconfig-dbdomain.properties release.DbType db2release.DbName wpsreldbrelease.DataSourceName wpreldbDSrelease.DbUrl jdbc:db2:wpsreldbrelease.DbUser db2adminrelease.DbPassword passw0rdcustomization.DbType db2customization.DbName wpscusdbcustomization.DataSourceName wpcusdbDScustomization.DbUrl jdbc:db2:wpscusdbcustomization.DbUser db2usercustomization.DbPassword passw0rdcommunity.DbType db2community.DbName wpscomdbcommunity.DataSourceName wpcomdbDScommunity.DbUrl jdbc:db2:wpscomdbcommunity.DbUser db2admincommunity.DbPassword passw0rdjcr.DbType db2jcr.DbName wpsjcrdbjcr.DataSourceName wpjcrdbDSjcr.DbUrl jdbc:db2:wpsjcrdbjcr.DbUser db2adminjcr.DbPassword passw0rdwmm.DbType db2wmm.DbName wpswmmdbwmm.DataSourceName wpwmmdbDSwmm.DbUrl jdbc:db2:wpswmmdbwmm.DbUser db2adminwmm.DbPassword passw0rdfeedback.DbType db2feedback.DbName wpsfbkdbfeedback.DataSourceName wpfdbkdbDSfeedback.DbUrl jdbc:db2:wpsfbkdbfeedback.DbUser db2adminfeedback.DbPassword passw0rdlikeminds.DbType db2likeminds.DbName wpslmdblikeminds.DbDataSourceName lmdbDSlikeminds.DbUrl jdbc:db2:wpslmdblikeminds.DbUser db2adminlikeminds.DbPassword passw0rd打开命令窗口,转到路径<WP_ROOT>\config执行:WPSconfig create-local-database-db2确认成功执行后,接着执行:WPSconfig database-transfer 整个过程持续1个小时左右启动Portal Server,即可访问5、启用LDAP(支持realm)"realm"的概念是指特定的用户访问特定的门户配置。
IBM Content Manager OnDemandLDAP Sync10/18/2018Rob RussellSoftware Engineer - Content Manager OnDemandThis article walks through the basics of how to setup, configure and run the Content Manager OnDemand LDAP Sync command.What is IBM Content Manager OnDemand LDAP Sync?Content Manager OnDemand LDAP Sync (ARSLSYNC) is a new Content Manager OnDemand command that allows for the synchronization of users and groups between LDAP-compliant directory servers and Content Manager OnDemand. Users, groups, and a user’s group membership can be pulled directly from an LDAP-compliant directory server and imported into Content Manager OnDemand. This alleviates the need for the manual creation of users/groups within Content Manager OnDemand. Prerequisites: This document addresses functionality that is only available in Content Manager OnDemand for Multiplatforms Versions 10.1.0.2 and later. For iSeries and zSeries this feature is available at Version 10.1.0.3 or later.OVERVIEWPrior to Version 10.1.0.2, Content Manager OnDemand only supported authentication to LDAP.Content Manager OnDemand V10.1.0.2 introduces a new command (ARSLSYNC) which can be configured to run as either a Windows scheduled task, a Unix cron job, or manually from a properly configured Content Manager OnDemand command prompt.LDAP Sync includes the following functionality:∙Sync users from LDAP to Content Manager OnDemand∙Sync groups from LDAP to Content Manager OnDemand∙Sync group membership from LDAP to Content Manager OnDemand∙Ignore lists for both users and groups∙Creation of a viewable success/failure System Log messages (including manifest file)∙Ability to run in preview mode only∙Option to run with verbose outputTo conform to Content Manager OnDemand user and group naming standards, any special characters from LDAP will be converted to the underscore (_) character. This includes the following characters: ∙asterisk ( *)∙percent ( %)∙plus ( +)∙left bracket ( [)∙right bracket ( ])∙double quote ( ")∙blankFor example, an LDAP user with a samAccountName of ‘cmod admin’ will be imported into Content Manager OnDemand as ‘cmod_admin’. Although this scenario is not common, you should confirm with your LDAP administrator that this conversion will not result in the attempted creation of duplicate IDs.Preparing your systemThe first step in configuring your system to run ARSLSYNC is to ensure LDAP Authentication and Password Case Sensitivity is enabled in the Content Manager OnDemand Administrator client. Refer to the Content Manager OnDemand Knowledge Center for detailed instructions on how to configure LDAP Authentication.IBM Content Manager OnDemand for Multiplatforms V10.1.0 documentationAdd new configuration parametersARSLSYNC introduces the following new parameters:ARS_LDAP_SERVER_TYPE(required) [AD, SUN, OPEN]: Specifies the type of LDAP repository being configured. Only a single server can be configured per Content Manager OnDemandinstance.ARS_LDAP_USER_FILTER (required): Used to query LDAP for users that will be imported into Content Manager OnDemand.For example: (&(objectclass=user)( objectclass=CMODUSER))ARS_LDAP_GROUP_FILTER (required): Used to query LDAP for groups that will be importedinto Content Manager OnDemand.For example: (objectclass=group)ARS_LDAP_GROUP_MAPPED_ATTRIBUTE (required): Used to create the Content ManagerOnDemand group name.ARS_LDAP_IGN_GROUPS: This parameter specifies the user IDs that Content ManagerOnDemand ignores when syncing.You can specify up to 10 group IDs, delimited by a comma.ARS_LDAP_IGN_USERIDS: This parameter specifies the user IDs that Content ManagerOnDemand ignores when syncing. If the parameter does not exist or you do not specify avalue, Content Manager OnDemand defaults to ADMIN.You can specify up to 10 user IDs, delimited by a comma. If you specify a list of user IDs and you want to include ADMIN, you must specify it on the list.To ease with the configuration, these parameters can be added directly to the ARS.CFG file on UNIX platforms. Windows customers can use the OnDemand Configurator to add these new parameters. Simply select the Parameters button from the instance Properties tab and add any entries needed. This alleviates the need from modifying the Windows registry directly.Once the parameters have been entered, you must restart the ARSSOCKD process in order for the changes to take effect.Sample LDAP configuration with LDAP Sync parameters (Active Directory)ARS_LDAP_SERVER= ARS_LDAP_PORT= 3268ARS_LDAP_USE_SSL= FALSEARS_LDAP_BASE_DN= dc=ondemand,dc=yourdomain,dc=localARS_LDAP_BIND_ATTRIBUTE= sAMAccountNameARS_LDAP_MAPPED_ATTRIBUTE= sAMAccountNameARS_LDAP_ALLOW_ANONYMOUS= FALSEARS_LDAP_BIND_MESSAGES_FILE=ARS_LDAP_IGN_USERIDS=ADMINARS_LDAP_SERVER_TYPE=ADARS_LDAP_USER_FILTER=(objectclass=user)ARS_LDAP_GROUP_FILTER=(objectclass=group)ARS_LDAP_GROUP_MAPPED_ATTRIBUTE=CNARS_LDAP_IGN_GROUPS=CMOD_ADMINS,CMOD_USERADMINSUsageThe ARSLSYNC command must be run as the instance owner. The command usage requires either Sync (-s) or Preview (-t). In preview mode, no changes are made to the server. This should be used during the configuration of ARSLSYNC. Once you are satisfied that your filters are set correctly, you can proceed to run the command in Sync mode.Usage: arslsync [-I <od_inst>] [-s | -t] [-v]Version: 10.1.0.2-h <od_inst> OnDemand Instance Name (same as -I)-I <od_inst> OnDemand Instance Name (same as -h)-s Sync-t Preview-v Verbose-1 <trace_file> Trace file-2 <trace_level> Trace levelARSLSYNC introduces the following two new System Log messages:ARS0460I – LDAP Synchronization SuccessARS0461I – LDAP Synchronization FailedBoth message are viewable from within the System Log. The messages will contain a manifest of any changes made to the system.ARSLSYNC also includes a verbose option (-v) which will output any objects that already exist in Content Manager OnDemand and will remain unchanged.。
