Installing IBM Tivoli Directory Server for

WebSphere version 8
Pleases read this article in it's entirety before you use the instructions, as I did it in a single pass and
there are some forks in the process that might be different depending on your requirement.
When using a WebSphere Application Server federated LDAP repository for user and group management
there are many LDAP providers. This article is a quick run though of how to install and use the Tivoli
Directory Server Web Administration Tool with WAS 8.
Our goal is to set up some users for use ion testing federated LDAP repositories.

Download ITDS trial v6.3 from IBM at the following location: http://www01.ibm.com/software/tivoli/products/directory-server/

I could used the ISO (Tivoli Directory Server 6.3 (ISO File) for Linux x86-64
tds63-linux-x86-64.iso (1.89 GB) bu I just wanted ITDS and DB/2

======================
Note: We are Installing DB2 first then ITDS
Locate the DB2 installer and run the installer by looking for the install script in the DB2 install folder
./db2_install
for example <CDROM or mount point>:/db2/

./db2setup

On next screen accept license

Backup and turn this option off

password = db2admin

review settings and click Finish, the installation wizard will now, begin the installation.

Required steps:
In order to start using DB2 you need to logon using a valid user ID such as the DB2 instance owner's ID

"db2inst1".
You can connect to the DB2 instance "db2inst1" using the port number "50000". Record it for future
reference.
Optional steps:
To validate your installation files, instance, and database functionality, run the Validation Tool,
/opt/ibm/db2/V9.7/bin/db2val. For more information, see "db2val" in the DB2 Information Center.
Open First Steps by running "db2fs" using a valid user ID such as the DB2 instance owner's ID. You will
need to have DISPLAY set and a supported web browser in the path of this user ID.
You should ensure that you have the correct license entitlements for DB2 products and features installed
on this machine. Each DB2 product or feature comes with a license certificate file (also referred to as a
license key) that is distributed on an Activation CD, which also includes instructions for applying the
license file. If you purchased a base DB2 product, as well as, separately priced features, you might need
to install more than one license certificate. The Activation CD for your product or feature can be
downloaded from Passport Advantage if it is not part of the physical media pack you received from IBM.
For more information on licensing, search the Information Center
(http://publib.boulder.ibm.com/infocenter/db2luw/v9r7) using terms such as "licensing" or "db2licm".
Refer to "What's New"
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.wn.doc/doc/c0052035.html in
the DB2 Information Center to learn about the new functions for DB2 9.7.
Verify that you have access to the DB2 Information Center based on the choices you made during this
installation. If you performed a typical or a compact installation, verify that you can access the IBM Web
site using the internet. If you performed a custom installation, verify that you can access the DB2
Information Center location specified during the installation.
Review the response file created at /root/db2ese.rsp. Additional information about response file
installation is available in the DB2 documentation under "Installing DB2 using a response file".

===========================
Installing Tivoli Directory Server
cd tdsV6.3/tds
run the installer in X11 session
./install_tds.bin

Accept License screen

Next you can choose a WAS 7 instance or use the embedded server a provided by ITDS.

We will do this step later below

One installed a Java Administration tool will be loaded.

Click on the Create an Instance button as shown above

=========================
If you get this error then DB2 was not installed first! GO back and install it using the instructions covering
DB2 install above.

===========================
I used the following values:

instance Owner
User password: ldapadmin
Encryption seed: QWERTY123456
Administratoin DN password: ldapadmin

One the instance has been created, click Manage

Click Start Administration Server

If the directory server has not started click start/stop

You can view setting by clicking on View, the following screen is presented.

Click finish
Installation root in my case is /opt/ibm/ldap/V6.3
=============================
DB/2 comes with an embedded WebSphere Application Server instance, we can administer DB/2 using
the WAS server. I don't like this option and I could not get it to work and there is no clear manual. IBM has
let us down on this one. the text below is just for reference, you may have the patience to get it working. I
have done this manually using an existing WAS instance.
Copy the appsrv folder from the DVD to your Linux server. This is an installation template for WebSphere
Express.

Installing Embedded WebSphere Application Server

To manually install Embedded WebSphere Application Server, use the following procedure:
After you download and unzip (or untar) the Tivoli Directory Server zip or tar files, go to the directory
where you extracted the files, and then change to the appsrv subdirectory.
Type the following command at a command prompt:
On Windows systems:
install.bat -installRoot EWAS_installpath
On AIX, Linux, and Solaris systems:
install.sh -installRoot EWAS_installpath
where EWAS_installpath is the directory where you are installing Embedded WebSphere Application
Server. By convention, this directory is the appsrv subdirectory of the directory where Tivoli Directory
Server is installed, but you can use any directory. (This directory is /opt/IBM/ldap/V6.3/appsrv on AIX and
Solaris systems, /opt/ibm/ldap/V6.3/appsrv on Linux systems, and C:\Program
Files\IBM\LDAP\V6.3\appsrv on Windows systems, by convention.)
Install the Web Administration Tool, using either the InstallShield GUI or an operating system utility for
your operating system.

In my example, I used the following path as the installation root where I wanted the script to install the
Embedded WebSphere Application Server 7.0
./install.sh -installRoot /opt/IBM/ldap/V6.3/appsrv
+---------------------------------------+
+ EWAS Version 7.0 Install +
+---------------------------------------+
Validating target directory ...
Copying files ...
Setting permissions ...
Installation complete.

============================
Use the following instructions to install and deploy IBM Web Administration Tool into WebSphere.
Install the Web Administration Tool using either the InstallShield GUI or the installation utility for your
operating system. The file containing the Web Administration Tool is named IDSWebApp.war, and it is in
the idstools subdirectory of the installation directory you specified during installation of Tivoli Directory
Server.

==============================
CONTINUE HERE for MANUAL install to exiting WAS server
I elected to use a manual approach to deploy the IDSWebApp.war
If you WAS server does not already have a profile you could use this script
/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName TDSWebAdminProfile profilePath /opt/ibm/ldap/V6.3/appsrv/profiles/TDSWebAdminProfile -templatePath
/opt/IBM/WebSphere/AppServer/profileTemplates/default -nodeName DefaultNode -hostName localhost cellName DefaultNode -isDefault -portsFile /opt/ibm/ldap/V6.3/idstools/TDSWEBPortDef.props
These will be the ports it uses:
WC_defaulthost=12100
WC_adminhost=12104
WC_defaulthost_secure=12101
WC_adminhost_secure=12105
BOOTSTRAP_ADDRESS=12102
SOAP_CONNECTOR_ADDRESS=12103
SAS_SSL_SERVERAUTH_LISTENER_ADDRESS=9405
CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS=9406
CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS=9407
ORB_LISTENER_ADDRESS=9105
DCS_UNICAST_ADDRESS=9375
IPC_CONNECTOR_ADDRESS=5563
SIB_ENDPOINT_ADDRESS=7276
SIB_ENDPOINT_SECURE_ADDRESS=7286
SIB_MQ_ENDPOINT_ADDRESS=5558

SIB_MQ_ENDPOINT_SECURE_ADDRESS=5577
SIP_DEFAULTHOST=5075
SIP_DEFAULTHOST_SECURE=5076

===============================
Steps showing deploying IDSWebApp.war, to WebSphere version 8
Install WAR file located in : /opt/ibm/ldap/V6.3/idstools/IDSWebApp.war
tLogin to the WebSphere Admin console, the default URL is:

http://<hostnameOfWASsystem>:9060/ibm/console
Enter the user ID and password of the user. This user should have sufficient permission to perform
operations on WebSphere Application Server.
On the left navigational pane, expand Application and then click New Application.
From the New Application panel, click New Enterprise Application.

On the Path to the new application panel, do one of the following depending from where the WebSphere
Admin console is launched:
If from the local system, select Local file system and then enter the path of the IDSWebApp.war file in the
Full path field. You can also click Browse to specify the path.
If from a remote system, select Remote file system and then enter the path of the IDSWebApp.war file in
the Full path field. You can also click Browse to specify the path.

Click Next
On the How do you want to install the application panel, select the option you want and click Next. In this
example, the Fast Path option is selected.

On the Select installation options panel, the default options are selected. Click Next.

On the Map modules to server panel, user can map modules to the servers specified in the Clusters and
servers field. Select the check box for the required module and then click Apply. After the mapping is
done, click Next.

Ensure we have a WAS virtual host mapped.

On the Map virtual hosts for Web modules panel, user can map the Web application to the specific virtual
servers. If there are more virtual hosts, it requires knowledge of the WebSphere environment to select the
right module. In this example, there is only one default_host option is available for selection. Click Next.

On the Map context roots for Web modules, enter a context root in the field. For example, /IDSWebApp. It
is recommended that you use this context root as the application at this stage has hard coded image
resources! Maybe get's fixed in a fix pack?

Click Next. A summary of options you selected is displayed. Click Finish.

This initiates the installation of your application. A summary of installation is displayed.
To start the application, you must first save the changes to the master configuration. Click Save.

================================
On the left navigational pane, expand Applications and then click WebSphere enterprise applications
under Application Types.
To start the application, from the Enterprise Applications panel select the check box adjacent to
IDSWebApp_war and click Start.
Start the Web Administration Tool (for example, through the Administrative Console).
Now to launch the Web Administration Tool from a Web browser, type the following address:
For HTTP, type:
http://<localhost>:WAS_http_port/IDSWebApp
For HTTPS, type:
https://<localhost>:WAS_https_port/IDSWebApp
By default, the HTTP port is 9080, and the HTTPS port is 9443.
The Tivoli Directory Server Web Administration login page window is displayed.
Note:
This address works only if you are running the browser on the computer on which the Web Administration
Tool is installed. If the Web Administration Tool is installed on a different computer, replace localhost with
the hostname or IP address of the computer where the Web Administration Tool is installed.

If Global or Administrative security is turned on for Websphere Application Server and SSL must be
enabled for the Web Administration Tool when deploying the Web Administration Tool into Websphere
Application Server, user can use one of the following approaches:
- Deploy the Web Administration Tool into a new profile.
- If it is not possible to deploy the Web Administration Tool into a new profile, user must add the directory
server's certificate to the profile's trust store. Additionally, for server-client authentication user must add
the Websphere Application Server profile certificate to the directory server's trust store.

Launch Tivoli Directory Server Web Administration Tool

http://192.168.0.175:9080/IDSWebApp/

=============================
We can now login

superadmin/secret

You can now log out and re-login as the root DN.
User DN=cn=root
password=ldapadmin

Once you have logged in you can manage the directory.

However for this to be of any use in your WebSphere Federated WebSphere testing you need to
configure the LDAP directory. We will import an LDIF file.
==========================================================
Still logged onto the machine hosting the directory server as any user in the default Administrators group
(Windows) or as root (UNIX), type the following command at a command prompt:
./sbin/idsxcfg
to start the IBM Tivoli Directory Server Configuration Tool. In my case it is still running for the previous
steps form when we installed TDS.
Click on Manage Suffixes:
o=mycompany.org

create an ldif file for importing

dn: o=mycompany.org
objectclass: top
objectclass: organization
o: mycompany.org
dn: cn=users,o=mycompany.org
objectclass: container
objectclass: top
cn: users
dn: cn=groups,o=mycompany.org
objectclass: top
objectclass: container
cn: groups
dn: uid=wasadmin,cn=users,o=mycompany.org
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: inetOrgPerson
uid: wasadmin
sn: admin
givenname: was
preferredlanguage: en
userpassword: wasadmin

cn: was admin

dn: CN=ldapbind,cn=users,o=mycompany.org
cn: ldapbind
uid: ldapbind
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
userpassword: ldapbind
sn: ldapbind
givenname: ldapbind
title: ldapbind
description: ldapbind
dn: CN=Steve Robinson,cn=users,o=mycompany.org
cn: Steve Robinson
uid: stever
mail: steve.robinson@mycompany.ord
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
userpassword: password
sn: Robinson
givenname: Steve
telephonenumber: 123456789
title: WebSphere Consultant
description: LDAP test user

What we can is import the ldif file

Please make sure you restart the LDAP server as it would have been stopped during the import.

What has been created?

The following entries have been made in the LDAP repository:
wasadmin(with a password=password)
Websphere Application Server administrator user.
ldapbind is used by WAS to access the LDAP repository (password=ldap user)
The user Steve is an end user (password=password)

Re using the Directory Server Web Administration Tool, select the Directory Management > Manage
entries command for browsing your directory hierarchy, expand the hierarchy mycompany.org, then
expand Users to check that the users imported are visible:

Expand until you see the users you have created

You are now ready to use these users for WebSphere Federated repository testing