WebSphere Application Server & Liberty

 View Only
  • 1.  Primary Admin User Name Permissions

    Posted Tue May 07, 2013 10:52 AM
    Good morning GWC,

    Quick question for you....

    I've been trying to find out what exactly the primary administrative user name does in WebSphere besides connect to the LDAP respository (global security).  What special permissions does it have?

    Does the userID I use for my jython scripts have to be the primary admin user name or can it be different?

    What is the difference between the primary administrative user name and the bind distinguished name?

    Thanks in advance!

  • 2.  Primary Admin User Name Permissions

    Posted Tue May 07, 2013 11:36 AM
    Primary administrative user
    This ID is a member of the chosen repository, but also has special privileges in WebSphere Application Server. The privileges for this ID and the privileges that are associated with the administrative role ID are the same. The Primary administrative user name can access all of the protected administrative methods.

    Bind dis name
    This is the user who connects (bind) to LDAP. Should have enough permissions to read/write/search LDAP.

    1. Both these users can be same
    2. If you have multiple LDAPs connected then bind user name might be different on different LDPAs.

  • 3.  Primary Admin User Name Permissions

    Posted Tue May 07, 2013 04:23 PM
    Thanks for your response Joseph!

    A few more questions:

    1. what are the protected administrative methods (is there a list somewhere)?
    2. my userID has been assigned the administrative role, yet I can't run my scripts as myself.  Why is that?
    3. what configuration changes do I need to make so that I (and the other admins) can run my scripts with our own userIDs and passwords


  • 4.  Primary Admin User Name Permissions

    Posted Thu May 09, 2013 07:32 PM
    as per my knowledge when you try to execute the scripts either jacl or jython, it will execute through wsadmin only. but wsadmin uses the soap port connect to dmgr and it will get the id/pwd from soap.client.prop or security.xml to get wsadmin prompt or execute scripts/modify configuration.

    so generally we will mention LDAP primary administrative id/pwd in soap.client.props or in security.xml.  you may have not permissions to execute scripts with your ldap id/pwd until you have to make change primary adminstrative id as ur name.

    Correct me If am wrong.


  • 5.  Primary Admin User Name Permissions

    Posted Fri May 10, 2013 05:07 PM
    Hey Venkata,

    Thanks for the reply!

    You are right, I'm just in the process of trying to find another way to run my scripts.  Apparently our security dept. doesn't like the fact that we have access to a system userID and password.