Technical Blog Post
Abstract
Recovering administrator user 'smadmin' when duplicated in LDAP or ObjectServer user repository
Body
These are the steps to perform when JazzSM DASH and WebSphere admin console are not accessible by all users including smadmin.
1. Backup <JazzSM_HOME>/profile/config/cells/JazzSMNode01Cell/security.xml
2. Stop server1
[root@dash151 JazzSMNode01Cell]# cd /opt/IBM/JazzSM/profile/bin/ [root@dash151 bin]# ./stopServer.sh server1 -username smadmin -password <password>
3. Modify <JazzSM_HOME>/profile/config/cells/JazzSMNode01Cell/security.xml to disable security by setting enabled="false", like so:
<?xml version="1.0" encoding="UTF-8"?> <security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi" xmi:id="Security_1" useLocalSecurityServer="true" useDomainQualifiedUserNames="true" enabled="false"
4. Start server1
[root@dash151 JazzSMNode01Cell]# cd /opt/IBM/JazzSM/profile/bin/ [root@dash151 bin]# ./startServer.sh server1 -username smadmin -password <password>
5. Login to Websphere admin console, no need to enter password since the security is disabled.
6. Reconfigure or removed the user repositories in WebSphere admin console > User Account Repository, select Federated repositories and click Configure. . From the
7. Remove or Add or Edit Repository Identifier.
To remove the user repository, follow the steps from this link:
To Add or Edit user repository, refer to this link:
NOTE: The user smadmin gets duplicated when adding external user repository (i.e. LDAP, ObjectServer). Ensure that smadmin is not duplicated. To verify or delete the duplicate smadmin, go to WebSphere admin console > Users and Groups uid=smadmin,o=defaultWIMFileBasedRealm :
8. Modify <JazzSM_HOME>/profile/config/cells/JazzSMNode01Cell/security.xml to enable security back by setting enabled="true", like so:
<?xml version="1.0" encoding="UTF-8"?> <security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi" xmi:id="Security_1" useLocalSecurityServer="true" useDomainQualifiedUserNames="true" enabled="true"
9. Stop and Start server1
[root@dash151 JazzSMNode01Cell]# cd /opt/IBM/JazzSM/profile/bin/ [root@dash151 bin]# ./stopServer.sh server1 -username smadmin -password <password> [root@dash151 bin]# ./startServer.sh server1 -username smadmin -password <password>
10. Login back to DASH and launch WAS, smadmin can now login and the password is asked this time.
Thank you for reading.
For questions or clarifications, please comment in the comments section below.
Author:
Sharon Orillaneda
Software Engineer, ITSM - JazzSM DASH TIP
Client Technical Engagement
IBM Cloud
UID
ibm11080225