Tuesday, June 20, 2017

Solaris Update/Patch

Get Keys and Certificate
https://pkg-register.oracle.com/register/certificate/

Instructions to set up publisher
https://pkg-register.oracle.com/register/product_info/1/

11.3 Updates
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=294144479859886&id=2045311.1&_afrWindowMode=0&_adf.ctrl-state=ybap7kpk0_690#aref_section31



Monday, June 19, 2017

Enable Solaris 11 Authentication with OpenLDAP

https://blogs.oracle.com/paulie/configuring-a-basic-ldap-server-client-in-solaris-11



https://blog.teodeh.com/2012/11/30/configuring_solaris_11_to_use_active_directory_accounts_as_unix_accounts/

$ ldapclient manual \
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a defaultSearchBase=dc=web,dc=goweekend,dc=ca \
-a domainName=web.goweekend.ca \
-a defaultServerList=122.15.10.138 \
-a proxyDN=cn=admin,dc=web,dc=goweekend,dc=ca \
-a proxyPassword=xxxxxxxx \
-a attributeMap=group:gidnumber=gidNumber \
-a attributeMap=passwd:gidnumber=gidNumber \
-a attributeMap=passwd:uidnumber=uidNumber \
-a attributeMap=passwd:homedirectory=homeDirectory \
-a attributeMap=passwd:loginshell=loginShell \
-a attributeMap=shadow:userpassword=userPassword \
-a objectClassMap=group:posixGroup=posixgroup \
-a objectClassMap=passwd:posixAccount=posixaccount \
-a objectClassMap=shadow:shadowAccount=posixaccount \
-a serviceSearchDescriptor=passwd:dc=web,dc=goweekend,dc=ca \
-a serviceSearchDescriptor=group:dc=web,dc=goweekend,dc=ca \
-a serviceSearchDescriptor=shadow:dc=web,dc=goweekend,dc=ca

Wednesday, June 14, 2017

Configure Single HTTPServer to Route to Multiple WebSphere Application Servers

Sometime you need configure Single HTTPServer to Route to Multiple WebSphere Application Server, here is a way you can make it:

Scenario:

WAS Server: A and B
HTTP Server: C

Give same HTTPServer Name on Both A and B
1. Create HTTPServer on A, and Generate plugin-cfg.xml and kdb/sth files and propagate them to HTTP Server.
2. Rename them with prefix a-, i.e. a-plugin-cfg.xml, a-plugin-key.kdb, a-plugin-key.sth

Repeat above steps on B, and rename the files with prefix b-

3. Merge the 2 plugin-cfg.xml with pluginCfgMerge.sh, if your HTTPServer and WebSphere Application Server are on different machines, you can merge them on WebSphere Application Server first, then copy to HTTPServer
/opt/IBM/WebSphere/AppServer/bin/pluginCfgMerge.sh a_plugin-cfg.xml b_plugin-cfg.xml plugin-cfg.xml 

4. Verify merged plugin-cfg.xml to ensure the kdb and sth files point correct files
                <Property Name="keyring" Value="/opt/IBM/HTTPServer/Plugins/config/HTTPServer/a-plugin-key.kdb"/>
                <Property Name="stashfile" Value="/opt/IBM/HTTPServer/Plugins/config/HTTPServer/a-plugin-key.sth"/>

5. append below lines to /opt/IBM/WebSphere/conf/httpd.conf
LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig  /opt/IBM/HTTPServer/Plugins/config/HTTPServer/plugin-cfg.xml

Apach 2.4
LoadModule was_ap24_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap24_http.so
WebSpherePluginConfig  /opt/IBM/WebSphere/Plugins/config/secure9Web/plugin-cfg.xml


Tuesday, June 6, 2017

HTTPServer 8.0 HTTP Rewrite Configuration

Edit /opt/IBM/HTTPServer/conf/httpd.conf, and add below lines into it:

LoadModule rewrite_module modules/mod_rewrite.so

NameVirtualHost *:80

<VirtualHost *:80>
ServerName server1.goweekend.ca
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*)$ https://server1.goweekend.ca/$1 [R]
RewriteLogLevel 0
RewriteLog logs/server1_rewrite.log
</VirtualHost>

<VirtualHost *:80>
ServerName suzhou.goweekend.ca
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*)$ https://server2.goweekend.ca/$1 [R]
RewriteLogLevel 0
RewriteLog logs/server2_rewrite.log
</VirtualHost>