Change the Default Port for the ITPM console

IBM Tivoli Provisioning Manager’s web console, by default, uses port 9080. There was an environment I was working in that required the port to be changed to meet security guidelines.

Here are the steps I took to change the port the Websphere application used.

1. Login to the Websphere admin console:

https://localhost:9080/admin

2. Navigate to Servers -> Application Servers, choose "server1", then "Web Container", then HTTP Transport

Choose the entry with port 9080. A configuration page will display, change the port here and save.

3. Then navigate to Environment -> Virtual Hosts, choose “default_host”, then host aliases.

Choose the entry with port 9080. A configuration page will display, change the port here (same as above) and save.

Now, restart ITPM (tio stop, tio start) and now you can login using the new port number.

http://localhost:<new port number>/tcWebUI/

Gathering Access Control Lists (ACL) Information in ITDS

There may be cases when you’re trying to write data, delete entries, or read entries on your IBM Tivoli Directory Server (ITDS) and you encounter a “Insufficient Access” error message. It many cases this is due to the access control lists (ACL) limiting the users ability to perform these actions. You can check how your ACLs are setup with the following information.

ITDS 5.2 & 6.0

ldapsearch -D cn=root -w <password> -b "BaseDN" -s base "objectclass=*" aclentry aclpropagate aclsource entryowner ownerpropagate ownersource ibm-filterAclEntry ibm-filterAclInherit ibm-effectiveAcl

default output:

o=robscomputergarage,c=us
ownersource=default
ownerpropagate=TRUE
aclsource=default
aclpropagate=TRUE
entryowner=access-id:CN=ROOT
ibm-effectiveACL=group:CN=ANYBODY:restricted:rsc:normal:rsc:system:rsc
aclentry=group:CN=ANYBODY:system:rsc:normal:rsc:restricted:rsc

ITDS 6.1 & 6.2

idsldapsearch -D cn=root -w <password> -b "BaseDN" -s base "objectclass=*" +ibmaci

default output:

o=robscomputergarage,c=us
ownerpropagate=TRUE
ownersource=default
aclpropagate=TRUE
aclsource=default
entryowner=access-id:CN=ROOT
ibm-effectiveAcl=group:CN=ANYBODY:restricted:rsc:system:rsc:normal:rsc
aclentry=group:CN=ANYBODY:normal:rsc:system:rsc:restricted:rsc

Troubleshooting DB2 in a TPM 3.1 Environment

I want to share some general troubleshooting information for DB2 in regards to IBM Tivoli Provisioning Manager 3.1 environments. 90% of the problems I’ve encountered can be solved by these steps and having a general understanding of how ITPM’s handles it’s data.

Starting DB2

When you start ITPM it will fail if DB2 isn’t already running. For whatever reasons, they didn’t include an autostart of DB2 that exists in other products, like ITDS.

Unix
$db2start
You should see the following output if successfully started

11/28/2008 08:32:56     0   0   SQL1063N  DB2START processing was successful.
SQL1063N  DB2START processing was successful.

Windows
From the services window, start the service “DB2 – <instance_name>”
Default service name in ITIO / ITPM 3.1 is “DB2 – DB2-0”

Read more

Configuring a Proxy Server in a ITDS Environment

IBM Tivoli Directory Server (ITDS) is IBM’s LDAP server. If you have any IBM applications (Websphere, Lotus, Tivoli, Rational, etc) in your environment there is a good chance you’re running this. It’s part of IBM’s middleware stack (Websphere Application Server, ITDS, and DB2) and they leave very little room for compatibility with other brands.

In 6.0 of ITDS, they introduced a proxy server. The main feature of the proxy server is scalability. It does this by distributing directory entries over a set of directory servers, instead of a single server.

I get a lot of requests for setting up proxy servers. I’m finding many of these are due to people having a hard time figuring out IBM’s documentation. To help simplify the process I’m going to show how I configured a proxy server with a back end server in a AIX environment.

In my example, I’m going to have two instances (proxy and back end) on a single AIX 5.3 system and I’ll be using ITDS 6.0 FP7. I start off by creating a instance for the back end, load it with sample data, and then I will configure the proxy.

Read more

Setup Apache, PHP, and Mysql in Mac OSX Leopard

I don’t consider myself a web developer by any means. But I do have multiple web sites and I like to play around with the latest web applications (Wordpress, Concrete5, Drupal, etc) that come out. I have learned over the years not to use my live servers for testing or playing around. So I have setup a test environment on my local Mac OSX system. I want to show you how I setup Apache, PHP, and Mysql on my Mac (Some refer to it as MOXAMP or MAMP) for handling the development of my websites.

One of my favorite features in Mac OSX Leopard is the inclusion of Apache and PHP. It helps in getting a environment set up pretty quickly. The only thing that is not included but very important is Mysql. By default Apache and PHP are inactive and need to be enabled by you.

Read more