Recovering administrator user 'smadmin' when duplicated in LDAP or ObjectServer user repository

Body

These are the steps to perform when JazzSM DASH and WebSphere admin console are not accessible by all users including smadmin.

1. Backup <JazzSM_HOME>/profile/config/cells/JazzSMNode01Cell/security.xml

2. Stop server1

  [root@dash151 JazzSMNode01Cell]# cd /opt/IBM/JazzSM/profile/bin/  [root@dash151 bin]# ./stopServer.sh server1 -username smadmin -password <password>

3. Modify <JazzSM_HOME>/profile/config/cells/JazzSMNode01Cell/security.xml to disable security by setting enabled="false", like so:

  <?xml version="1.0" encoding="UTF-8"?>  <security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi" xmi:id="Security_1" useLocalSecurityServer="true" useDomainQualifiedUserNames="true" enabled="false" 

4. Start server1

  [root@dash151 JazzSMNode01Cell]# cd /opt/IBM/JazzSM/profile/bin/  [root@dash151 bin]# ./startServer.sh server1 -username smadmin -password <password>

5. Login to  Websphere admin console, no need to enter password since the security is disabled.

6. Reconfigure or removed the user repositories in WebSphere admin console > Security > Global security. From the User Account Repository, select Federated repositories and click Configure.

7. Remove or Add or Edit Repository Identifier.

To remove the user repository, follow the steps from this link:

https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/webtop/wip/task/web_con_rmuseregistry.html

To Add or Edit user repository, refer to this link:

https://www.ibm.com/support/knowledgecenter/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/webtop/wip/task/web_con_userregistry.html

NOTE: The user smadmin gets duplicated when adding external user repository (i.e. LDAP, ObjectServer). Ensure that smadmin is not duplicated. To verify or delete the duplicate smadmin, go to  WebSphere admin console > Users and Groups > Manage Users. Do not delete the  smadmin user that has Unique Name uid=smadmin,o=defaultWIMFileBasedRealm :

8. Modify <JazzSM_HOME>/profile/config/cells/JazzSMNode01Cell/security.xml to enable security back by setting enabled="true", like so:

  <?xml version="1.0" encoding="UTF-8"?>  <security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi" xmi:id="Security_1" useLocalSecurityServer="true" useDomainQualifiedUserNames="true" enabled="true" 

9. Stop and Start server1

  [root@dash151 JazzSMNode01Cell]# cd /opt/IBM/JazzSM/profile/bin/   [root@dash151 bin]# ./stopServer.sh server1 -username smadmin -password <password> [root@dash151 bin]# ./startServer.sh server1 -username smadmin -password <password> 

10. Login back to DASH and launch WAS, smadmin can now login and the password is asked this time.

Thank you for reading.

For questions or clarifications, please comment in the comments section below.

Author:

Sharon Orillaneda
Software Engineer, ITSM - JazzSM DASH TIP
Client Technical Engagement
IBM Cloud