Saturday, April 6, 2013

Disabling and Re-Enabling LDAP features

Use these instructions as an addendum to IBM infocenter documentation for enabling / disabling and re-enabling LDAP feature in WCS

Toolkit Scenario #1

#1 You have enabled LDAP feature by using enablementscript "–DfeatureName=ldap"
#2 You would like to now disable LDAP feature

1. Modify WCDE_ENT70\workspace\WC\xml\config\wc-server.xml in the MemberSubSystem element :
Change to
AuthenticationMode="DB" ProfileDataStorage="DB" ... And then restart
here is a snippet of configuration for LDAP and Database, comment out the section accordingly and restart Toolkit instance

2.  You need to now modify the Database account UID formats if you previously used it to login against LDAP.

update USERREG.LOGONID values to short format where LOGONID like 'uid=%'

Toolkit Scenario #2

#1 You have gone through Toolkit Scenatio #1 and would like to re-enable LDAP now.
#2 There is a known issue that if you re-run enablementscript "–DfeatureName=ldap" again it will complain that LDAP feature is already enabled, the reason is WCS stores LDAP configuration information in database as well and in the previous step we only rolled back the WC instance configuration for LDAP and unfortunately there is no clean way to rollback Database LDAP configuration, follow these tweaks to workaround this issue.

(a) Find the following two lines in                                  
components/common/xml/enableFeatureForToolkit.xml and markup (comment
out) the unless attributes. comment out is like <!-- AAAA -->        
    <target name="enableFeatureFDG" depends="getWASAdminUserPassword,
CheckPrereqInDBEAR" unless="isFullyEnabledInDBEAR${featureName}">    
    <target name="featureEnablementInToolkitWorkspace"                
depends="CheckPrereqInEAR" unless="isFeatureEnabledInEAR${featureName}">
(b) Find the following section and mark up the if-then check          
    <target name="featureEnablementInServer" >                        
                <equals arg1="${enablementStatusInAppServer}"        
         <then>     Here is a snippet of modified section of components/common/xml/enableFeatureForToolkit.xml                                                  

3. rerun the enable feature command.

Server Scenario #1

#1 You have enabled LDAP feature by using enablementscript "–DfeatureName=ldap"
#2 You would like to now disable LDAP feature
Follow this infocenter link, essentially this step modifies wc-server.xml to switch to DB Authentication mode and re-publishes the WC EAR file

Server Scenario #2

#1 You have gone through Server Scenatio #1 and would like to re-enable LDAP now.
#2. If LDAP is enabled in database, it registers a entry in SITE table   
with primary key as LDAP: SELECT COUNT(*) FROM SITE WHERE               
#3. If it is enabled in EAR, there will be a file called                 
LDAP.Server.70.component in the following directory:                    
    Toolkit: <Toolkit>/properties/version/ldap.toolkit.appserver.enabled
    Server: <wcUserInstallDir>/instances/<instanceName>properties/version/ldap.server.70.component                                                          
#4. If enablementScript detects that security is enabled in WAS and one of the          
repositories is WC_<instanceName>_Rep , it will not rerun the config in 

(a) Delete from site where compname = 'ldap'                                
update USERREG.LOGONID values to short format where LOGONID like 'uid=%'
(b)  Remove the following file:                                          
    Toolkit: <Toolkit>/properties/version/ldap.toolkit.appserver.enabled
(c) disable security by updating security.xml, set enabled=false
Refer his technote for more details
(d) restart server1
(e) You should be able to run LDAP enablement script now.      

If you continue to see any configuration issues with LDAP, trace following components and work with your IBM support team

*=info: enable.trace.log.*=all :                                                        :*=all   


  1. LDAP Online Training, ONLINE TRAINING – IT SUPPORT – CORPORATE TRAINING The 21st Century Software Solutions of India offers one of the Largest conglomerations of Software Training, IT Support, Corporate Training institute in India - +919000444287 - +917386622889 - Visakhapatnam,Hyderabad LDAP Online Training, LDAP Training, LDAP, LDAP Online Training| LDAP Training| LDAP| "Courses at 21st Century Software Solutions
    Talend Online Training -Hyperion Online Training - IBM Unica Online Training - Siteminder Online Training - SharePoint Online Training - Informatica Online Training - SalesForce Online Training - Many more… | Call Us +917386622889 - +919000444287 -

  2. It was very nice blog to learn about Selenium.Thanks for sharing new things.selenium training in chennai

  3. i am running a website for plumbing works in dubai and i want to know that are there any tools on your blog which i can use to optimize my sites speed or can check that.?

  4. Hello admin,
    I read your blog about the Disabling and Re-Enabling LDAP features. It is full of value as like your other blogs. Thanks for this information. Games

  5. It is a nice blog. I like the information you share with us.
    I was searching for this coding detail which you provide here and glad i find in.
    Thanks for that information