From IBM WebSphere Traditional V9.x Security Technical Implementation Guide
Part of SRG-APP-000148-AS-000101
Associated with: CCI-000764
WebSphere does not provide direct audit of changes to the built-in file registry. The built-in file registry must not be used to support user logon accounts. Use an LDAP/AD server and manage user accounts centrally.
Navigate to Security >> Global Security. Under "User Account Repository" if the "Federated Repositories" is chosen, click on "Configure". Under "Repositories in the realm", if "o=defaultWIMFileBasedRealm" appears in the "Base Entry" column, this is a finding.
Navigate to Security >> Global Security. Under "User Account Repository", select "Stand alone LDAP" from the "Available realm definitions" drop-down. Click on "Configure". Select an existing user from the LDAP directory to be the primary WebSphere admin user. Identify the type of LDAP server; specify an IP or DNS name for the LDAP Server, and the port used to connect to the LDAP server. Specify BASE DN. Specify the BIND DN. Specify the BIND Password. Select the "SSL enabled" check box to use secure LDAP. Click "Apply". Click "Save". Go to Global Security. Select "Standalone LDAP registry" from the "Available realm definitions" drop-down. Click "Set as current". Click "Apply". Click "Save". Restart the dmgr and synchronize the JVMs.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer