Wednesday, October 31, 2012

WebSphere Portal 8 - NOT Installing as non-root

In this post, I outline an issue that I've seen most recently with WebSphere Portal v8 whilst attempting to install as a non-root user. Thankfully, I also outline the solution - and how I found it through the power of the internet :-)

Despite having got into the (bad) habit of installing IBM software on Linux using the root account, I'm trying ( now that I'm in the WebSphere Services team and should really know better ) to always install as a non-root user, wherever possible.

DB2 UDB appears to one product that prefers to be installed as root, although DB2 operations are always carried out by non-root users such as db2inst1 and db2iadm1.

However, for WebSphere, the easiest solution is to create a non-root user e.g. wasadmin, and then install AND operate as that user.

This is, of course, immensely preferable to customers of all shapes and sizes - as SuSE Linux reminds us, when signing in as root, "With great power comes great responsibility". If you've ever typed rm -Rf * in the WRONG directory, you know PRECISELY what I mean.

So here's the setup - I have a newly minted Red Hat Enterprise Linux 6.3 server, and have prepared for the WebSphere Portal 8 installation as follows: -

Prepare the OS - create group/user, requisite directories, set permissions, increase file handles etc.

$ sh prepare_remote_target.sh

#!/bin/sh
# Create the group and user
groupadd wasadmins
useradd -g wasadmins -d /home/wasadmin wasadmin
passwd wasadmin

# Create the top-level IBM directory
mkdir /opt/IBM

# Set permissions for the wasadmins group etc.
chmod -R g+wr /opt/IBM/
chgrp -R wasadmins /opt/IBM/

# Increase the number of available open files - ulimit -n
echo "* hard nofile 8800" >> /etc/security/limits.conf
echo "* soft nofile 8800" >> /etc/security/limits.conf

# Set the default umask
umask 022

<CAVEAT>

 This is MY basic preparation script - your mileage may vary - please refer to the formal IBM documentation, including: -


</CAVEAT>

Unpack WebSphere Portal Server v8

Note that I'm using Server rather than Enable/Express/Extend

$ sh unpackWP8Server.sh
unzip IBM_WSA_SV_NW_DEP_V8.0.0.3_1OF3MPML.zip -d /tmp/WP8
unzip IBM_WSA_SV_NW_DEP_V8.0.0.3_2OF3MPML.zip -d /tmp/WP8
unzip IBM_WSA_SV_NW_DEP_V8.0.0.3_3OF3MPML.zip -d /tmp/WP8
unzip IBM_WS_PORTAL_SV_SETUP_V8.0_MPML.zip -d /tmp/WP8
unzip IBM_WS_P_AND_WCM_INSV8.0_1OF_7_MPML.zip -d /tmp/WP8
unzip IBM_WS_P_AND_WCM_INSV8.0_2OF_7_MPML.zip -d /tmp/WP8
unzip IBM_WS_P_AND_WCM_INSV8.0_3OF7_MPML.zip -d /tmp/WP8
unzip IBM_WS_P_AND_WCM_INSV8.0_4OF7_MPML.zip -d /tmp/WP8
unzip IBM_WS_P_AND_WCM_INSV8.0_5OF7_MPML.zip -d /tmp/WP8


Install IBM Installation Manager

$ /mnt/hgfs/WP8/Setup/IIM/linux_x86/userinstc -input ~/install_IIM.rsp -acceptLicense

using this response file: -

install_IIM.rsp

<?xml version="1.0" encoding="UTF-8"?>
<agent-input>
<server>
<repository location='/mnt/hgfs/WP8/Setup/IIM/linux_x86'/>
</server>
<profile id='IBM Installation Manager' installLocation='/opt/IBM/InstallationManager/eclipse' kind='self'>
<data key='eclipseLocation' value='/opt/IBM/InstallationManager/eclipse'/>

<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.arch' value='x86'/>
</profile>
<install modify='false'>
<offering id='com.ibm.cic.agent' version='1.5.2000.20120223_0907' profile='IBM Installation Manager' features='agent_core,agent_jre' installFixes='none'/>
</install>
<preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.readTimeout' value='45'/>
<preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
<preference name='offering.service.repositories.areUsed' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
<preference name='http.ntlm.auth.kind' value='NTLM'/>
<preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
<preference name='PassportAdvantageIsEnabled' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
<preference name='com.ibm.cic.agent.ui.displayInternalVersion' value='false'/>
<preference name='com.ibm.cic.common.sharedUI.showErrorLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showWarningLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showNoteLog' value='true'/>
</agent-input>


Note that I've highlighted: -

(a) the repository location ( this is the shared folder into which I've unpacked WebSphere Portal )
(b) the directory into which I'm installing IIM

Install WebSphere Portal

/opt/IBM/InstallationManager/eclipse/IBMIM -input ~/install_WP8.rsp -acceptLicense -silent -nosplash

using this response file: -

install_WP8.rsp

<?xml version="1.0" encoding="UTF-8"?>
<!--The "acceptLicense" attribute has been deprecated. Use "-acceptLicense" command line option to accept license agreements.-->
<agent-input acceptLicense='true'>
<server>
<repository location='/mnt/hgfs/WP8/WAS'/>
<repository location='/mnt/hgfs/WP8/Setup/eimage'/>
<repository location='/mnt/hgfs/WP8/Portal'/>
</server>
<profile id='IBM WebSphere Application Server Network Deployment V8.0' installLocation='/opt/IBM/WebSphere/AppServer'>
<data key='eclipseLocation' value='/opt/IBM/WebSphere/AppServer'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.arch' value='x86'/>
<data key='cic.selector.nl' value='en'/>
</profile>
<install modify='false'>
<offering id='8.0.0.3-WS-WAS-TFPM59935' version='8.0.3.20120309_1201' profile='IBM WebSphere Application Server Network Deployment V8.0' features='-'/>
<offering id='8.0.0.3-WS-WAS-TFPM60670' version='8.0.3.20120319_1949' profile='IBM WebSphere Application Server Network Deployment V8.0' features='-'/>
<offering id='8.0.0.3-WS-WAS-TFPM61934' version='8.0.3.20120409_1230' profile='IBM WebSphere Application Server Network Deployment V8.0' features='-'/>
<offering id='8.0.0.3-WS-WASProd-TFPM60134' version='8.0.3.20120312_1656' profile='IBM WebSphere Application Server Network Deployment V8.0' features='-'/>
<offering id='com.ibm.websphere.ND.v80' version='8.0.3.20120320_0536' profile='IBM WebSphere Application Server Network Deployment V8.0' features='core.feature,ejbdeploy,thinclient,embeddablecontainer,com.ibm.sdk.6_64bit,samples' installFixes='none'/>
<offering id='com.ibm.websphere.PORTAL.SERVER.v80' version='8.0.0.20120421_0828' profile='IBM WebSphere Portal Server V8' features='ce.install,portal.binary,portal.profile,dmgr.profile' installFixes='none'/>
</install>
<profile id='IBM WebSphere Portal Server V8' installLocation='/opt/IBM/WebSphere/PortalServer'>
<data key='eclipseLocation' value='/opt/IBM/WebSphere/PortalServer'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.arch' value='x86'/>
<data key='user.was.installLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/AppServer'/>
<data key='user.profile.config.mode,com.ibm.websphere.PORTAL.SERVER.v80' value='standard'/>
<data key='user.wp.install.type,com.ibm.websphere.PORTAL.SERVER.v80' value='full'/>
<data key='user.iim.currentlocale,com.ibm.websphere.PORTAL.SERVER.v80' value='en'/>
<data key='user.wp.hostname,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8.uk.ibm.com'/>
<data key='user.wp.cellname,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8Cell'/>
<data key='user.wp.nodename,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8Node'/>
<data key='user.wp.userid,com.ibm.websphere.PORTAL.SERVER.v80' value='wasadmin'/>
<data key='user.wp.password,com.ibm.websphere.PORTAL.SERVER.v80' value='rbN1IaMAWYYtQxLf6KdNyA=='/>
<data key='user.wp.admin.port,com.ibm.websphere.PORTAL.SERVER.v80' value='10000'/>
<data key='user.wp.portal.port,com.ibm.websphere.PORTAL.SERVER.v80' value='10025'/>
<data key='user.was.forward.installLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/AppServer'/>
<data key='user.wp.profilename,com.ibm.websphere.PORTAL.SERVER.v80' value='wp_profile'/>
<data key='user.common.installPath,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere'/>
<data key='user.configengine.profileLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/wp_profile/ConfigEngine'/>
<data key='user.configengine.binaryLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/ConfigEngine'/>
<data key='user.configengine.forward.binaryLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/ConfigEngine'/>
<data key='user.wp.profilepath,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/wp_profile'/>
<data key='user.wp.forward.profilepath,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/wp_profile'/>
<data key='user.was.uninstall.selected,com.ibm.websphere.PORTAL.SERVER.v80' value='false'/>
<data key='user.wp.uri.values.changed,com.ibm.websphere.PORTAL.SERVER.v80' value='false'/>
<data key='user.wp.dmgr.hostname,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8.uk.ibm.com'/>
<data key='user.wp.dmgr.cellname,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8Cell01'/>
<data key='user.wp.dmgr.nodename,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8CellManager01'/>
<data key='user.wp.dmgr.profilename,com.ibm.websphere.PORTAL.SERVER.v80' value='Dmgr01'/>
<data key='user.wp.dmgr.profilepath,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/AppServer/profiles/Dmgr01'/>
<data key='user.wp.dmgr.userid,com.ibm.websphere.PORTAL.SERVER.v80' value='wasadmin'/>
<data key='user.wp.dmgr.password,com.ibm.websphere.PORTAL.SERVER.v80' value='rbN1IaMAWYYtQxLf6KdNyA=='/>
<data key='cic.selector.nl' value='en'/>
</profile>
<preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/opt/IBM/IMShared'/>
<preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.readTimeout' value='45'/>
<preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
<preference name='offering.service.repositories.areUsed' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
<preference name='http.ntlm.auth.kind' value='NTLM'/>
<preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
<preference name='PassportAdvantageIsEnabled' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
<preference name='com.ibm.cic.agent.ui.displayInternalVersion' value='false'/>
<preference name='com.ibm.cic.common.sharedUI.showErrorLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showWarningLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showNoteLog' value='true'/>
</agent-input>



After about 5 minutes, this failed with a HUGE slew of error messages, including: -

...
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/Calendar/Calendar.css
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/Calendar/Calendar.html
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/Calendar/CalendarDay.html
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/Calendar/CalendarMonth.html
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/Calendar/CalendarMonthYear.html
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/Calendar/CalendarYear.html
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/CalendarFx.js
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/CalendarViews.js
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker.js
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker/ColorPicker.css
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker/ColorPicker.html
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker/images/hue.png
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker/images/hueHandle.png
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker/images/pickerPointer.png
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker/images/underlay.png
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/DataPresentation.js
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/Dialog.js
    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/Dialog/Dialog.css

...

and: -

...
 ERROR:   Could not create tempfile in /opt/IBM/WebSphere/PortalServer/bin
  /opt/IBM/WebSphere/PortalServer/installer/wp.iim/wp.im_cfg.xml:57: Could not create tempfile in /opt/IBM/WebSphere/PortalServer/bin
  org.apache.tools.ant.util.FileUtils.createTempFile(FileUtils.java:841)
  org.apache.tools.ant.taskdefs.Replace.processFile(Replace.java:602)
  org.apache.tools.ant.taskdefs.Replace.execute(Replace.java:487)
  org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)

...

When I look at the newly populated /opt/IBM/WebSphere directory structure, I can see: -

$ ls -al /opt/IBM/WebSphere/

total 20
drwxr-xr-x.  5 wasadmin wasadmins 4096 Oct 31 15:27 .
drwxrwxr-x.  5 root     wasadmins 4096 Oct 31 15:25 ..
drwxr-xr-x. 36 wasadmin wasadmins 4096 Oct 31 15:28 AppServer
dr-xr-xr-x.  8 wasadmin wasadmins 4096 Oct 31 15:28 ConfigEngine
drwxr-xr-x. 29 wasadmin wasadmins 4096 Oct 31 15:28 PortalServer


which, at first glance, looks OK .... until you note that the ConfigEngine directory is missing the Write flag - which goes to explain errors such as this: -

    ERROR:     Failed to delete /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker/images/hue.png

My user - wasadmin - only has Read and eXecute permissions: -

$ ls -al /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker/images/hue.png

-r-xr-xr-x. 1 wasadmin wasadmins 1991 Apr 20  2012 /opt/IBM/WebSphere/ConfigEngine/installableApps/wizard.war/dojo/portal_dojo/v1.4.3/dojox/widget/ColorPicker/images/hue.png

Thankfully, there IS a solution - there's an iFix, PM64484, available from IBM Fix Central that resolves the problem.

I found reference to the iFix here: -


...
• For installing as non-root, apply PM64484
..

Once downloaded ( as an 827 MB ZIP file 8.0.0.0-WP-IFPM64484.zip ), it's a simple matter to place the file in the same IIM repository as Portal itself, amend the response file to reflect it, and c'est voila, the installation proceeds apace.

This is what I now have in my repository: -

$ ls -alh /mnt/hgfs/WP8/

total 414M
drwxr-xr-x. 1  501 root  238 Oct 31 11:34 .
dr-xr-xr-x. 1 root root 4.1K Oct 31 16:04 ..
-rw-r--r--. 1  501 root 827M Oct 30 18:48 8.0.0.0-WP-IFPM64484.zip
drwxr-xr-x. 1  501 root  204 Oct 30 11:27 Portal
drwxr-xr-x. 1  501 root  578 Oct 30 11:26 Setup
drwxr-xr-x. 1  501 root  204 Oct 30 11:26 WAS


and this is my new response file: -

install_WP8.rsp

<?xml version="1.0" encoding="UTF-8"?>
<!--The "acceptLicense" attribute has been deprecated. Use "-acceptLicense" command line option to accept license agreements.-->
<agent-input acceptLicense='true'>
<server>
<repository location='/mnt/hgfs/WP8/WAS'/>
<repository location='/mnt/hgfs/WP8/Setup/eimage'/>
<repository location='/mnt/hgfs/WP8/Portal'/>
<repository location='/mnt/hgfs/WP8/8.0.0.0-WP-IFPM64484.zip'/>
</server>
<profile id='IBM WebSphere Application Server Network Deployment V8.0' installLocation='/opt/IBM/WebSphere/AppServer'>
<data key='eclipseLocation' value='/opt/IBM/WebSphere/AppServer'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.arch' value='x86'/>
<data key='cic.selector.nl' value='en'/>
</profile>
<install modify='false'>
<offering id='8.0.0.3-WS-WAS-TFPM59935' version='8.0.3.20120309_1201' profile='IBM WebSphere Application Server Network Deployment V8.0' features='-'/>
<offering id='8.0.0.3-WS-WAS-TFPM60670' version='8.0.3.20120319_1949' profile='IBM WebSphere Application Server Network Deployment V8.0' features='-'/>
<offering id='8.0.0.3-WS-WAS-TFPM61934' version='8.0.3.20120409_1230' profile='IBM WebSphere Application Server Network Deployment V8.0' features='-'/>
<offering id='8.0.0.3-WS-WASProd-TFPM60134' version='8.0.3.20120312_1656' profile='IBM WebSphere Application Server Network Deployment V8.0' features='-'/>
<offering id='com.ibm.websphere.ND.v80' version='8.0.3.20120320_0536' profile='IBM WebSphere Application Server Network Deployment V8.0' features='core.feature,ejbdeploy,thinclient,embeddablecontainer,com.ibm.sdk.6_64bit,samples' installFixes='none'/>
<offering id='8.0.0.0-WP-IFPM64484' version='8.0.0.20120821_0925' profile='IBM WebSphere Portal Server V8' features='-'/>
<offering id='com.ibm.websphere.PORTAL.SERVER.v80' version='8.0.0.20120421_0828' profile='IBM WebSphere Portal Server V8' features='ce.install,portal.binary,portal.profile,dmgr.profile' installFixes='none'/>
</install>
<profile id='IBM WebSphere Portal Server V8' installLocation='/opt/IBM/WebSphere/PortalServer'>
<data key='eclipseLocation' value='/opt/IBM/WebSphere/PortalServer'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.arch' value='x86'/>
<data key='user.was.installLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/AppServer'/>
<data key='user.profile.config.mode,com.ibm.websphere.PORTAL.SERVER.v80' value='standard'/>
<data key='user.wp.install.type,com.ibm.websphere.PORTAL.SERVER.v80' value='full'/>
<data key='user.iim.currentlocale,com.ibm.websphere.PORTAL.SERVER.v80' value='en'/>
<data key='user.wp.hostname,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8.uk.ibm.com'/>
<data key='user.wp.cellname,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8Cell'/>
<data key='user.wp.nodename,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8Node'/>
<data key='user.wp.userid,com.ibm.websphere.PORTAL.SERVER.v80' value='wasadmin'/>
<data key='user.wp.password,com.ibm.websphere.PORTAL.SERVER.v80' value='rbN1IaMAWYYtQxLf6KdNyA=='/>
<data key='user.wp.admin.port,com.ibm.websphere.PORTAL.SERVER.v80' value='10000'/>
<data key='user.wp.portal.port,com.ibm.websphere.PORTAL.SERVER.v80' value='10025'/>
<data key='user.was.forward.installLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/AppServer'/>
<data key='user.wp.profilename,com.ibm.websphere.PORTAL.SERVER.v80' value='wp_profile'/>
<data key='user.common.installPath,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere'/>
<data key='user.configengine.profileLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/wp_profile/ConfigEngine'/>
<data key='user.configengine.binaryLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/ConfigEngine'/>
<data key='user.configengine.forward.binaryLocation,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/ConfigEngine'/>
<data key='user.wp.profilepath,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/wp_profile'/>
<data key='user.wp.forward.profilepath,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/wp_profile'/>
<data key='user.was.uninstall.selected,com.ibm.websphere.PORTAL.SERVER.v80' value='false'/>
<data key='user.wp.uri.values.changed,com.ibm.websphere.PORTAL.SERVER.v80' value='false'/>
<data key='user.wp.dmgr.hostname,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8.uk.ibm.com'/>
<data key='user.wp.dmgr.cellname,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8Cell01'/>
<data key='user.wp.dmgr.nodename,com.ibm.websphere.PORTAL.SERVER.v80' value='bpmv8CellManager01'/>
<data key='user.wp.dmgr.profilename,com.ibm.websphere.PORTAL.SERVER.v80' value='Dmgr01'/>
<data key='user.wp.dmgr.profilepath,com.ibm.websphere.PORTAL.SERVER.v80' value='/opt/IBM/WebSphere/AppServer/profiles/Dmgr01'/>
<data key='user.wp.dmgr.userid,com.ibm.websphere.PORTAL.SERVER.v80' value='wasadmin'/>
<data key='user.wp.dmgr.password,com.ibm.websphere.PORTAL.SERVER.v80' value='rbN1IaMAWYYtQxLf6KdNyA=='/>
<data key='cic.selector.nl' value='en'/>
</profile>
<preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/opt/IBM/IMShared'/>
<preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.readTimeout' value='45'/>
<preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
<preference name='offering.service.repositories.areUsed' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
<preference name='http.ntlm.auth.kind' value='NTLM'/>
<preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
<preference name='PassportAdvantageIsEnabled' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
<preference name='com.ibm.cic.agent.ui.displayInternalVersion' value='false'/>
<preference name='com.ibm.cic.common.sharedUI.showErrorLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showWarningLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showNoteLog' value='true'/>
</agent-input>


Note the two highlighted lines that reflect the new iFix.

With this in place, the installation: -

$ /opt/IBM/InstallationManager/eclipse/IBMIM -input ~/install_WP8.rsp -acceptLicense -silent -nosplash

which completes with: -

Installed 8.0.0.3-WS-WAS-TFPM59935_8.0.3.20120309_1201 to the /usr/IBM/WebSphere/AppServer directory.
Installed 8.0.0.3-WS-WAS-TFPM60670_8.0.3.20120319_1949 to the /usr/IBM/WebSphere/AppServer directory.
Installed 8.0.0.3-WS-WAS-TFPM61934_8.0.3.20120409_1230 to the /usr/IBM/WebSphere/AppServer directory.
Installed 8.0.0.3-WS-WASProd-TFPM60134_8.0.3.20120312_1656 to the /usr/IBM/WebSphere/AppServer directory.
Installed com.ibm.websphere.ND.v80_8.0.3.20120320_0536 to the /usr/IBM/WebSphere/AppServer directory.
Installed 8.0.0.0-WP-IFPM64484_8.0.0.20120821_0925 to the /usr/IBM/WebSphere/PortalServer directory.
Installed com.ibm.websphere.PORTAL.SERVER.v80_8.0.0.20120421_0828 to the /usr/IBM/WebSphere/PortalServer directory.




VMware Workstation 9 and Ubuntu 12.10

I have blogged about VMware and Linux in the past, most recently ( in 2010 !! ) here.

Well, things have moved on since then, and I'm now running the shiny new Ubuntu 12.10 ( aka Quantal Quetzel ) and the equally shiny new-ish VMware Workstation 9.0.

Having downloaded and installed the product, I was somewhat annoyed to find that, despite the passing of many years, it's still necessary to "hack" around in order to get the two products to play nicely.

The symptom was that, having installed Workstation, I saw: -

Unable to change virtual machine power state: Cannot find a valid peer process to connect to

when I attempted to start a VM.

As before, there's a patch required - this gets updated by various helpful members of the community each time the Linux kernel gets updated.

Thankfully, this blog post completely nailed it for me, in very short order: -


For the record, it's necessary to ensure that VMware is completely stopped before applying the patch. I achieved this by changing to runlevel 1: -

$ init 1

which means that Linux is running in Single-User mode.

Having applied the patch, I simply rebooted, and VMware Workstation now runs away merrily ....

For the record, I'm running this kernel: -

$ uname -a

Linux dmhw500 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686 GNU/Linux

and this version of VMware: -

$ sudo vmware-installer -list

Product Name         Product Version     
==================== ====================
vmware-workstation   9.0.0.812388       

Monday, October 29, 2012

WebSphere Application Server and Red Hat Enterprise Linux

In this post, I briefly mention how I was able, with assistance from an IBM Technote, overcome an issue with the installation of IBM WebSphere Application Server v7 on Red Hat Enterprise Linux 6.3.

In order to help a  colleague, I went through the process of installing WAS Network Deployment v7 on RHEL 6.3 ( x86-64 ) earlier today. From this, I created a set of slides that showed each step of the installation, and also made reference to the pre-requisites that I put in place beforehand.

I did see an issue with the installation, relating to the Launchpad application that one can use to commence the installation ( assuming that one doesn't go down the silent/response-file driven installation ).

When I attempted to start the Launchpad, I was presented with this message: -

Unable to find supported browser.
The launchpad cannot start. This error typically occurs when a supported browser cannot be found.

As ever, I Google'd this, and immediately found this IBM Technote: -


which said, in part: -

...
To get the Launchpad working in older versions, you need to edit the <install_root>/launchpad/browser.sh command so that it contains the following string in the supportedFirefoxVersion case statement:

*Firefox\ [1-9][0-9].*) return 0;;

The function should then look like this:

supportedFirefoxVersion()
{
       case "$*" in
               *Firefox\ [1-9].*) return 0;;
               *Firefox/[1-9].*) return 0;;
               *Firefox\ [1-9][0-9].*) return 0;;

 ...

As one might imagine, this worked a treat.

So, as a favour (!), here's the WHOLE script, with the amendment in place: -

#!/bin/sh
# Licensed Materials - Property of IBM
# 5648-F10 (C) Copyright International Business Machines Corp. 2005, 2007
# All Rights Reserved
# US Government Users Restricted Rights - Use, duplication or disclosure
# restricted by GSA ADP Schedule Contract with IBM Corp.

supportedMozillaVersion()
{
case "$*" in
*rv:1.[7-9]*) return 0;;
*rv:[2-9].[0-9]*) return 0;;
*rv:*) return 1;;
Mozilla\ 1.[7-9]*) return 0;;
Mozilla\ [2-9].[0-9]*) return 0;;
SeaMonkey\ 1.[0-9]*) return 0;;
SeaMonkey\ [2-9].[0-9]*) return 0;;
*) return 1;;
esac
}

supportedFirefoxVersion()
{
case "$*" in
*Firefox\ [1-9][0-9].*) return 0;;
*Firefox/[1-9].*) return 0;;
*Firefox*) return 1;;
*rv:1.[7-9]*) return 0;;
*rv:[2-9].*) return 0;;
*rv:*) return 1;;
Mozilla*\ 1.[7-9]*) return 0;;
Mozilla*\ [2-9].[0-9]*) return 0;;
*) return 1;;
esac
}

supportedSeaMonkeyVersion()
{
case "$*" in
SeaMonkey\ 1.[0-9]*) return 0;;
SeaMonkey\ [2-9].[0-9]*) return 0;;
*) return 1;;
esac
}

whichBrowser=NoBrowser

#If BROWSER isn't set, check LaunchPadDefaultBrowser
if [ -z "$BROWSER" -o "$LaunchPadTest" ]; then
if [ "$LaunchPadDefaultBrowser" ]; then
#First see if LaunchPadDefaultBrowser needs to be translated from one of the supported values
if [ $LaunchPadDefaultBrowser = "MozillaHTML" ]; then
LaunchPadDefaultBrowser=mozilla;
fi
if [ $LaunchPadDefaultBrowser = "Mozilla" ]; then
LaunchPadDefaultBrowser=mozilla;
fi
if [ $LaunchPadDefaultBrowser = "FirefoxHTML" ]; then
LaunchPadDefaultBrowser=firefox;
fi
if [ $LaunchPadDefaultBrowser = "Firefox" ]; then
LaunchPadDefaultBrowser=firefox;
fi
if [ $LaunchPadDefaultBrowser = "SeaMonkeyHTML" ]; then
LaunchPadDefaultBrowser=seamonkey;
fi
if [ $LaunchPadDefaultBrowser = "SeaMonkey" ]; then
LaunchPadDefaultBrowser=seamonkey;
fi
#Finally, set the browser
BROWSER=$LaunchPadDefaultBrowser; export BROWSER;
fi
fi

# Some versions of Eclipse are setting MOZILLA_FIVE_HOME to a location that does not have the scripts required to run mozilla -version, so we clear this variable when running from the tooling on Linux
if [ "$LaunchPadTest" ]; then
MOZILLA_FIVE_HOME=
export MOZILLA_FIVE_HOME
fi

if [ "$BROWSER" ]; then
if versionString=`("$BROWSER" -version) 2>/dev/null`; then
case "$versionString" in
*Firefox*) if supportedFirefoxVersion "$versionString"; then
whichBrowser=Firefox
fi ;;
*Mozilla*) if supportedMozillaVersion "$versionString"; then
whichBrowser=Mozilla
fi ;;
*SeaMonkey*)if supportedSeaMonkeyVersion "$versionString"; then
whichBrowser=SeaMonkey
fi ;;
esac
fi
fi

if [ $whichBrowser = NoBrowser ]; then
PATH="$PATH:/usr/X11R6/bin:/usr/local/bin:/usr/bin:/opt/seamonkey:/usr/seamonkey:/usr/sfw/lib/mozilla:/usr/local/seamonkey/";export PATH
if versionString=`(seamonkey -version) 2>/dev/null`; then
BROWSER=seamonkey; export BROWSER
if supportedSeaMonkeyVersion "$versionString"; then
whichBrowser=SeaMonkey
fi
fi
fi

if [ $whichBrowser = NoBrowser ]; then
PATH="$PATH:/usr/X11R6/bin:/usr/local/bin:/usr/bin:/opt/firefox:/usr/firefox:/usr/firefox/sfw/lib/firefox";export PATH
if versionString=`(firefox -version) 2>/dev/null`; then
BROWSER=firefox; export BROWSER
if supportedFirefoxVersion "$versionString"; then
whichBrowser=Firefox
fi
fi
fi

if [ $whichBrowser = NoBrowser ]; then
PATH="$PATH:/usr/X11R6/bin:/usr/local/bin:/usr/bin:/opt/mozilla:/usr/mozilla:/usr/sfw/lib/mozilla";export PATH
if versionString=`(mozilla -version) 2>/dev/null`; then
BROWSER=mozilla; export BROWSER
if supportedMozillaVersion "$versionString"; then
whichBrowser=Mozilla
fi
fi
fi

LaunchPadBrowserPath=$PATH; export LaunchPadBrowserPath
LaunchPadDefaultBrowser=$BROWSER; export LaunchPadDefaultBrowser
export whichBrowser
if [ "$LaunchPadTest" ]; then
    echo $LaunchPadBrowserPath
    echo $BROWSER
fi

I also saw the same issue after the installation, from the First Steps application. Again, this was a simple amendment ( identical to the above ) to a different script - fbrowser.sh - which is, again, referenced in another IBM Technote here: -


Hope this helps.

Saving Bletchley Park by Doctor Sue Black

Recently, I've been reading about Bletchley Park and the role that it played during World War II, especially in terms of the team of  cryptanalysis ( including crossword puzzle solvers, mathematicians, academics and other gurus ) who conceived of, designed and realised the solutions to the encryption problems of the time, including the Enigma and Lorenz cyphers.

Bletchley was home to the leading lights of the day, including Alan TuringJohn Tiltman, Bill Tutte and Tommy Flowers. They were the geeks of their day, long before the word "geek" was coined.

I'd heard of, but not looked into, an upcoming book ( more later ) by Doctor Sue Black

This is a story about saving Bletchley Park, one of the UK's most important sites of historical significance. It begins with Alan Turing and the team of codebreakers who worked there during World War II, and it ends with plans to transform it into the world class heritage and education centre it deserves to be. In between is the story of the hundreds of people who have dedicated years of hard work and determination to save it.

This is also a story about technology, and how it can be employed to extraordinary effect. Bletchley Park was the birthplace of the modern computer – 70 years later, this technology enabled a social media campaign that helped to secure Bletchley Park's long term future. That same technology will also help to fund this book – a fitting testament to the achievements of this remarkable team of computing pioneers.

In this book, you'll learn about some of the mysterious work that took place at Bletchley Park, and the significance this had to the outcome of World War II. You'll also find out about Alan Turing – technology pioneer, mathematical genius and one of the most remarkable Britons who ever lived. It's also the story of the thousands of women who worked at Bletchley Park – an inspiration for the growing number of women working in the field of computing and technology.

But what this book is mostly about is the 20 years of campaigning to save Bletchley Park by hundreds of extraordinary people, and how casually it seems that some of our most significant historical sites can be swept away to make room for housing estates or supermarkets. It's a book about campaigners, veterans, enthusiasts and computer geeks, as well as Twitter, trees, and Stephen Fry stuck in a lift.

On more than one occasion Bletchley Park has been in the shadow of bulldozers, but it still stands as a testament to those who worked there during World War II, and those who have tirelessly campaigned to save it. During the many years that Bletchley Park's future has hung in the balance, the campaign has been kept alive by the unerring belief that something so significant to our wartime victory in 1945 should be preserved for future generations.

The journey has been over 70 years in the making, and it makes for a really quite extraordinary story. In this book, I'm going to attempt to tell it.

Interestingly, the book will only come into existence if enough people choose to ( in the words of Captain Jean-Luc Picard ) make it so.

Want to know more ? Want to get involved ?


If you're interested in a (fictional) account of life at Bletchley Park, you may also like Cryptonomicon by Neal Stephenson.

Furthermore, if you are interested in seeing Alan Turing on the next £10.00 note, click here.

Friday, October 26, 2012

Everything you ever wanted to know about IBM's Cloud solutions …. but were afraid to ask

This post heartily recommends a series of articles about IBM's SmartCloud offerings and solutions, with particular focus on IBM PureApplication Systems and IBM Workload Deployer.

As part of my move into the WebSphere organisation, I'm getting up-to-speed with a lot of new solution areas, including IBM's offerings around the cloud, in terms of building and provisioning private cloud infrastructures. I need to learn more about two particular solutions - IBM PureApplication Systems and IBM Workload Deployer.

These three articles, by José De Jesús, have provided me with exactly what I needed.


Cloud computing is a model that provides web-based software, middleware, and computing resources on demand. By deploying technology as a service, users have access only to the resources they need for a particular task, which ultimately enables them to realize savings in investment cost, development and deployment time, and resource overhead. Enabling users to access to the latest software and technologies also fosters business innovation.

This article series will help you understand what cloud computing is and how it works, and how IBM products can help you succeed with a cloud strategy.

This first article begins by examining some of the technologies that make cloud computing possible, and then explains the basics of cloud computing.


IBM Workload Deployer is an appliance that can provision virtual images and patterns onto a virtualized environment. It provides a cloud management application as a Web 2.0 interface, pattern modeling technology, and an encrypted image catalog that comes preloaded with virtual images, patterns, and script packages. Workload Deployer does not include the virtualized environment itself — that is, the servers, the software, the hypervisors, and the networking resources. These resources are external to the appliance and must be defined as part of the Workload Deployer configuration.

Workload Deployer supports three types of hypervisors: PowerVM®, VMware ESX, and z/VM®. Workload Deployer also enables you to manage multiple hypervisors or cloud groups as isolated pools of hypervisors of the same type.

IBM PureApplication System embeds the capabilities of IBM Workload Deployer and offers the same Web 2.0 interface and pattern modeling technology, but it also integrates the hardware, the hypervisors, the software, and the networking resources needed to support the cloud environment.

IBM PureApplication System is called an Expert Integrated System (EIS) because it includes everything needed for the cloud in a single box. As Figure 1 illustrates, with Workload Deployer, you bring your own cloud into the picture, whereas, with IBM PureApplication System, you get a cloud-in-a box, which also incorporates Workload Deployer technology. Both Workload Deployer and IBM PureApplication System enable the rapid adoption and deployment of Infrastructure as a Service and Platform as a Service offerings.


If you have been following this series, you will have noticed that Part 1 introduced cloud computing concepts in general and briefly mentioned some of the IBM products that make IBM's cloud portfolio the most comprehensive in the industry. From that broad view, the next articles focus on providing a good introduction to how some of our core products actually work. Part 2, for example, introduced the concept of patterns and explains how to create virtual system patterns in IBM Workload Deployer and IBM Pure Application Systems. Following that discussion, this article illustrates how script packages work and shows you how they link virtual system patterns with the actual systems that get deployed with those patterns. This "Navigating" series will end with an extensive tour of the rest of the IBM portfolio so that you can easily navigate your way through the many options and offerings available. (A sister deep-dive series being developed will provide more in-depth coverage on specific topics.)

Thursday, October 25, 2012

Lotus Domino - For a change ….

This article outlines a couple of potentially useful tips for Lotus Domino administrators.

Whilst helping a friend debug a problems with the import of a WebSphere LTPA token into Domino, I "discovered" two useful (to me) things: -

Remote Console

Firstly, when running a remote Domino server, it's nice to be able to access the console at your desktop, rather than needing to walk across the floor to the server. In my case, the Domino server is running on a Red Hat Enterprise Linux 6.3 VMware image on my Lenovo Thinkpad ( which is running Ubuntu 12.04 ) on my desk in Hursley - which is about 25 miles from where I'm sitting.

Now there are various ways to get access to the Domino console ( especially when the server is running on Linux ), not least of which is to start the server within a terminal session: -

$ /local/notesdata/DomShrct.sh

or: -

$ cd /local/notesdata
/opt/ibm/lotus/bin/server

So, here's a third way to get the console working, in a GUI :-)

This requires an X11 tunnel to be created between the client PC ( on which the X11 server actually runs !! ) and the target server.

cd /local/notesdata
/opt/ibm/lotus/bin/server -jc

The -jc option is the thing that starts the Java Console, which is then tunnelled back from the server to the client, and the command returns: -

Domino Server Controller started at 25/10/12 12:18.
Host name is localhost/127.0.0.1
Listening for connect requests on TCP Port:2050

Domino Console started at 25/10/12 12:18.
localAdmin connected from localhost/127.0.0.1 at 25/10/12 12:19.


etc.

More importantly, an X11 window pops up with the console contained within


Along with the File menu shown above, there's also some useful functionality on the Edit menu: -


and the View menu: -


So you now have another choice for the Domino console, along with the terminal and the nice-but-limited Web Administrator ( http://wp7.uk.ibm.com/webadmin.nsf ).

LTPA Token Import Debugging

As per this IBM Technote: -


this message is rather annoying: -


So Domino 8.5.X has a solution - the Domino configuration parameter - debug_ltpa_key_import=1 - which SHOULD provide some rather useful debug output when importing an LTPA token - as per the Technote's examples: -

Successful import of WAS key:

01/14/2009 03:35:48.33 PM [1208:0002-1274] LtpaImportWSKeyFile> Importing WebSphere LTPA keys from file at path c:\lotus\waskeys
01/14/2009 03:35:48.34 PM [1208:0002-1274] LtpaImportWSKeyFile> Successfully read file to memory
01/14/2009 03:35:48.34 PM [1208:0002-1274] LtpaImportWSKeyFile> Successfully imported WebSphere LTPA keys from file


Bad Password given for WAS key:

01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaImportWSKeyFile> Importing WebSphere LTPA keys from file at path c:\lotus\waskeys
01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaImportWSKeyFile> Successfully read file to memory
01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaDecryptKey> Error as decrypted key has invalid padding
01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaEncodeData1> Error processing, phase 2
01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaImportWSKeyFile> Error processing key file contents, phase 3


Invalid or Nonexistent PATH specified:

01/14/2009 03:36:58.32 PM [1208:0002-1274] LtpaImportWSKeyFile> Importing WebSphere LTPA keys from file at path c:\waskeys
01/14/2009 03:36:58.32 PM [1208:0002-1274] LtpaImportWSKeyFile> Failed to open file at path c:\waskeys for reading

Sadly, at least for me, I couldn't work out precisely where this debug is supposed to appear - I'd assumed the Domino console ( see above ).

However, having set the parameter, and tested by importing a token using a Notes client against the server's names.nsf, whilst I did get "Error importing WebSphere LTPA keys. Check file path and password", I did NOT see anything else on the Domino console or in the log.nsf file.

I'm not the only person to have noticed this - I also see a forum posting here: -


I've raised a PMR with IBM Support, and will update this post when I find out more.

*UPDATE* My contact in IBM Support did point out my obvious mistake - the Technote requires that  debug_ltpa_key_import=1 be set in the CLIENT notes.ini rather than on the SERER. Doh!

Sadly, this didn't seem to make any difference, and I've fed this back to L2. Will see with what he comes back.

**UPDATE #2** So, I now have this working - three things to note: -

(a) As mentioned before, the  debug_ltpa_key_import=1 statement needs to be set in the notes.ini file on the Notes client - I was using Notes 8.5.3 FP1 Basic (nlnotes.exe) on Windows XP SP3
(b) There needs to be at least one Carriage Return/Line Feed character AFTER the parameter e.g.

...
NSF_HOOKS=NLNVP
SelectNamesDialogSize=189,828,155,518,
NameAddressingDlgLastViewName=0,List by name

debug_ltpa_key_import=1



...
(c) The output is written to the Notes client's console.log file - for me, this was located here: -

C:\lotus\notes\data\IBM_TECHNICAL_SUPPORT

( for the record,  notes.ini is in C:\lotus\notes 'cos I hate Windows path names that include space characters - C:\Program Files\ - I'm looking at you ... )

This is what the LTPA debug stuff looks like: -

Incorrect file name / path

[0408:0002-0D8C] 31/10/2012 10:13:15.84 LtpaImportWSKeyFile> Importing WebSphere LTPA keys from file at path c:\foobar.key
[0408:0002-0D8C] 31/10/2012 10:13:15.84 LtpaImportWSKeyFile> Failed to open file at path c:\foobar.key for reading


Incorrect password

[0408:0002-0D8C] 31/10/2012 10:16:30.76 LtpaImportWSKeyFile> Importing WebSphere LTPA keys from file at path c:\temp\bpm_ltpa.key
[0408:0002-0D8C] 31/10/2012 10:16:30.78 LtpaImportWSKeyFile> Successfully read file to memory
[0408:0002-0D8C] 31/10/2012 10:16:30.78 LtpaDecryptKey> Error as decrypted key has invalid padding
[0408:0002-0D8C] 31/10/2012 10:16:30.78 LtpaEncodeData1> Error processing, phase 2
[0408:0002-0D8C] 31/10/2012 10:16:30.78 LtpaImportWSKeyFile> Error processing key file contents, phase 3


Successful import

[0408:0002-0D8C] 31/10/2012 10:16:55.90 LtpaImportWSKeyFile> Importing WebSphere LTPA keys from file at path c:\temp\bpm_ltpa.key
[0408:0002-0D8C] 31/10/2012 10:16:55.90 LtpaImportWSKeyFile> Successfully read file to memory
[0408:0002-0D8C] 31/10/2012 10:16:55.90 LtpaImportWSKeyFile> Successfully imported WebSphere LTPA keys from file


As ever, shiny :-)

Monday, October 22, 2012

IBM Web Experience Factory Designer 8 on Red Hat Enterprise Linux 6.3

In this article, I go back to my Lotus IBM Collaboration Solutions roots by describing how I installed IBM Web Experience Factory Designer ( fka WebSphere Portlet Factory Designer ) version 8 on Red Hat Enterprise Linux 6.3 ( x86-64 ).

PS For simplicity, I'm going to refer to the product as WEF :-)

Having downloaded WEF 8 from the IBM internal Passport Advantage repository - this comes down as: -

-rw-rw-r--@  1 david_hay  staff  1196213521 22 Oct 14:15 WEB_EXP_FACTORY_V8.0_MP_ML.zip

I also downloaded the requisite version of Eclipse: -

-rw-r--r--@  1 david_hay  staff   215235232 22 Oct 14:38 eclipse-jee-helios-SR2-linux-gtk-x86_64.tar.gz

from here: -


Specifically, this is what I downloaded.

Installation was relatively straight forward :-)

Initially, I wasn't able to get the GUI ( Swing-based ) installer to work, but there is a useful console variant, which I've described below.

I did eventually get the Swing GUI working, by installing the libstdc++.so.5 RPM: -

yum install -y libstdc++.so.5

Anyway, back to the installation ....

Install Eclipse

$ cd root
$ tar xvzf ~/Downloads/eclipse-jee-helios-SR2-linux-gtk-x86_64.tar.gz

- This automatically creates a directory called Eclipse under my user's home directory i.e. /root/Eclipse.

IT GOES WITHOUT SAYING THAT ONE SHOULD NEVER RUN ANYTHING AS ROOT - THIS IS, HOWEVER, MY OWN DEMO VM SO THAT'S OK.

Install WEF

$ cd /tmp
$ mkdir WEF
$ cd WEF
unzip ~/Downloads/WEB_EXP_FACTORY_V8.0_MP_ML.zip

Archive:  /root/Desktop/WEB_EXP_FACTORY_V8.0_MP_ML.zip
   creating: config/
 extracting: config/eclipse.zip      
 extracting: config/EmployeeSampleDB.zip  
 extracting: config/factory.zip      
 extracting: config/ISALite.zip      
 extracting: config/jre.zip          
  inflating: config/linux-eclipse.tgz  
  inflating: config/linux_silent_install.properties  
 extracting: config/ProductDesignerTag.zip  
  inflating: config/wasce_setup-unix.bin  
  inflating: config/wasce_setup-win.exe  
  inflating: config/win_silent_install.properties  
  inflating: Factory.bin             
  inflating: Factory.exe             
  inflating: installer.properties    
....

chmod +x Factory.bin

$ ./Factory.bin

Preparing to install...
Extracting the JRE from the installer archive...
Unpacking the JRE...
Extracting the installation resources from the installer archive...
Configuring the installer for this system's environment...

Launching installer...

Preparing CONSOLE Mode Installation...

===============================================================================
Choose Locale...
----------------

    1- Deutsch
  ->2- English
    3- Español
    4- Français
    5- Italiano
    6- Português  (Brasil)

CHOOSE LOCALE BY NUMBER: 
===============================================================================
IBM Web Experience Factory                       (created with InstallAnywhere)
-------------------------------------------------------------------------------
===============================================================================
    International Program License Agreement
    
    Part 1 - General Terms
    
    BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, CLICKING ON AN
    "ACCEPT" BUTTON, OR OTHERWISE USING THE PROGRAM, LICENSEE AGREES TO
    THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON
    BEHALF OF LICENSEE, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL
    AUTHORITY TO BIND LICENSEE TO THESE TERMS. IF YOU DO NOT AGREE TO
    THESE TERMS,
    
    * DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, CLICK ON AN "ACCEPT" BUTTON,
    OR USE THE PROGRAM; AND
    
    * PROMPTLY RETURN THE UNUSED MEDIA, DOCUMENTATION, AND PROOF OF
    ENTITLEMENT TO THE PARTY FROM WHOM IT WAS OBTAINED FOR A REFUND OF THE
    AMOUNT PAID. IF THE PROGRAM WAS DOWNLOADED, DESTROY ALL COPIES OF THE
    PROGRAM.
 
Press Enter to continue viewing the license agreement, or enter "1" to 
   accept the agreement, "2" to decline it, "3" to print it, or "99" to go back
   to the previous screen.: 1

===============================================================================
Installing...
-------------
 [==================|==================|==================|==================]
 [------------------|------------------|------------------|------------------]


WEF installs to /root/IBM.

Configuring Eclipse to use WEF

This was more straightforward than I'd expected, but not obviously documented anywhere :-( I  guess that most people use the GUI installation, hence why it's not really written down :-)

$ cd /root/eclipse
$ mkdir links
$ cd links
$ cp /root/IBM/Designer/eclipse/com.bowstreet.designer.link .

This little file merely tells Eclipse where to look to find WEF: -

$ cat com.bowstreet.designer.link

path=/root/IBM/Designer

Validate Setup

$ locate com.bowstreet.designer.link

/root/IBM/Designer/eclipse/com.bowstreet.designer.link
/root/eclipse/links/com.bowstreet.designer.link


$ ls -al /root/IBM/Designer/eclipse/com.bowstreet.designer.link

-rw-rw-r-- 1 root root 24 Oct 22 21:22 /root/IBM/Designer/eclipse/com.bowstreet.designer.link

$ ls -al /root/eclipse/links/com.bowstreet.designer.link

-rw-r--r-- 1 root users 24 Oct 22 15:25 /root/eclipse/links/com.bowstreet.designer.link

Apart from this, I did hit one other problem when I created my first WEF project, when attempting to "bind" via SOAP to my WebSphere Portal v7 server.

In the Linux terminal session, I could see: -

Oct 22, 2012 3:30:15 PM com.ibm.ws.ssl.config.SSLConfigManager
INFO: ssl.disable.url.hostname.verification.CWPKI0027I
Oct 22, 2012 3:30:16 PM com.ibm.ws.security.config.SecurityObjectLocator
INFO: Client code attempting to load security configuration
[2012-10-22 15:34:00:944] Creating session: anonymous1350916440945
com.bowstreet.designer.deploy.DeploymentException: Check your Server Host and SOAP Connector Port inputs, and make sure your server is running.  To verify your SOAP Connector port, go to the WebSphere Admin Console, select Application Servers > YOUR_SERVER > Ports and use the SOAP_CONNECTOR_ADDRESS.
at com.bowstreet.designer.deploy.jmx.JMXConnection.connectAdminClient(JMXConnection.java:242)
at com.bowstreet.designer.deploy.jmx.JMXConnection.<init>(JMXConnection.java:141)
at com.bowstreet.designer.webapp.deployment.RemoteWAS61$6.run(RemoteWAS61.java:439)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
Caused by: com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host wp7.uk.ibm.com at port 10025.
at com.ibm.websphere.management.AdminClientFactory.createAdminClientPrivileged(AdminClientFactory.java:632)
at com.ibm.websphere.management.AdminClientFactory.access$000(AdminClientFactory.java:123)
at com.ibm.websphere.management.AdminClientFactory$1.run(AdminClientFactory.java:206)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:63)
at com.ibm.websphere.management.AdminClientFactory.createAdminClient(AdminClientFactory.java:202)
at com.bowstreet.designer.deploy.jmx.JMXConnection.connectAdminClient(JMXConnection.java:232)
... 3 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedConstructorAccessor5.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at com.ibm.websphere.management.AdminClientFactory.createAdminClientPrivileged(AdminClientFactory.java:454)
... 8 more
Caused by: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException: java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl; targetException=java.lang.IllegalArgumentException: Error opening socket: java.net.SocketException: java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl]
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:422)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.<init>(SOAPConnectorClient.java:222)
... 12 more
Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException: java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl; targetException=java.lang.IllegalArgumentException: Error opening socket: java.net.SocketException: java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl]
at org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.java:475)
at org.apache.soap.rpc.Call.WASinvoke(Call.java:451)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient$4.run(SOAPConnectorClient.java:380)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:365)
... 13 more


I've seen - and blogged about this before - WebSphere Portlet Factory 6.1.5 - My First Failure .... and success.

The problem is with the stock OpenJDK JRE: -

$ java -version

java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.5) (rhel-1.50.1.11.5.el6_3-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)


which is easily fixed by "switching" to the IBM JRE ( that I happen to have installed on this, my IBM BPM v8 server ): -

$ source /opt/ibm/BPM/v8.0/profiles/ProcCtr01/bin/setupCmdLine.sh

java -version

java version "1.6.0"
Java(TM) SE Runtime Environment (build pxa6460_26sr1fp1-20120309_01(SR1 FP1))
IBM J9 VM (build 2.6, JRE 1.6.0 Linux amd64-64 20120308_104898 (JIT enabled, AOT enabled)
J9VM - R26_Java626_SR1_FP1_20120308_1511_B104898
JIT  - r11_20111028_21230ifx5
GC   - R26_Java626_SR1_FP1_20120308_1511_B104898
J9CL - 20120308_104898)
JCL  - 20120214_01

Now when I start Eclipse, I see normal "errors" : -

$ ./eclipse 

Oct 22, 2012 3:39:14 PM null null
WARNING: ssl.default.password.in.use.CWPKI0041W
Oct 22, 2012 3:39:15 PM null null
INFO: ssl.disable.url.hostname.verification.CWPKI0027I
Oct 22, 2012 3:39:15 PM null null
INFO: Client code attempting to load security configuration
CWPKI0308I: Adding signer alias "CN=wp7.uk.ibm.com, OU=Root Cert" to local
           keystore "JMXClientTrustStore" with the following SHA digest:
           93:F1:0D:2C:B2:C0:AC:2D:26:AB:35:22:76:7B:B4:8C:0B:95:9C:CA
Oct 22, 2012 3:39:16 PM null null
INFO: Client code attempting to load security configuration
[2012-10-22 15:39:23:233] Creating session: anonymous1350916763232
[2012-10-22 15:39:26:703] Discarding session: anonymous1350916763232
[Mon Oct 22 15:40:39 BST 2012] The following properties from "/root/workspace/BPM101/WebContent/WEB-INF/config/override.properties" will over-ride their counterparts in the standard IBM property files:
bowstreet.FullyParseAllPages=true
bowstreet.themeFile=/WEB-INF/factory/themes/blue_WEF8.0.uitheme
bowstreet.baseRddFile=/WEB-INF/factory/data_definitions/dojo_base_datadef.xml;/WEB-INF/factory/data_definitions/base_datadef.xml
bowstreet.pageautomation.uniqueIdGenerationLevel=1



The solution is to create a startup script that sources the WAS profile before starting Eclipse - something like this: -

#!/bin/sh
source /opt/ibm/BPM/v8.0/profiles/ProcCtr01/bin/setupCmdLine.sh 
/root/eclipse/eclipse




Thursday, October 18, 2012

Looking back to the past .... reminiscing for nostalgia

A colleague and I were talking about the good old days when we had BBC Microcomputer home computers, and reminiscing about the games that we used to play, including Elite, Repton, Frak, Zalaga, Lords of Time etc.

Well, I popped over to the BeebEm site, downloaded the Apple Mac version, and turned this: -


 into this: -

File:BBC Micro Front Restored.jpg

Going from an i7 with 16 GB to a 6502 with 32 KB is a bit of wrench .....

but it's worth it






and so on ........

In the words of me, #LifeIsGood

Webcast: IBM Business Process Manager (BPM) Security

This session covers configuring Single Sign On/Lightweight Directory Access Protocol to access BPM. It also talks about the user/group references in various components of BPM like PD, Process Admin, WAS, etc. At the end of the presentation there will be discussion on troubleshooting in this area.

Presenter(s): Sridhar Edam , Dhamu Veluswamy

Date Tuesday 20 November 2012
Time 1600 GMT

Saturday, October 13, 2012

WebSphere Application Server 7 and Lotus Domino 8 - LDAP Not Playing Ball

In this article, I explain how LDAP search filters can make ALL the difference to a successful integration of WebSphere Application Server and Lotus Domino.

Following on from my earlier post: -

Unable to configure Federated Repositories in Integrated Solutions Console with Domino LDAP

having completed the integration between WebSphere Application Server 7.0.0.21 and Lotus Domino 8.5.3, I was struggling to retrieve users from the Domino Directory via LDAP.

Using the Users and Groups -> Manage Users functionality within WAS' Integrated Solutions Console, I was surprised NOT to see any users returned from the Domino directory: -



After a lot of trial and even more error, I decided ( belatedly ) to enable debug tracing, using this IBM Technote as source: -

MustGather: Security problems for WebSphere Application Server

and enabled the following trace strings: -

 *=info:com.ibm.ws.security.*=all:com.ibm.websphere.security.*=all:com.ibm.websphere.wim.*=all:com.ibm.wsspi.wim.*=all:com.ibm.ws.wim.*=all

which, amongst many many other fine messages showed me this: -

[10/13/12 21:03:33:947 BST] 00000011 LdapConnectio > com.ibm.ws.wim.adapter.ldap.LdapConnection searchEntities ENTRY o=ibm (&(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson)))(uid=*)) null 2 [PersonAccount] [uid, cn, sn, mail] false false
[10/13/12 21:03:33:949 BST] 00000011 LdapConnectio 3 com.ibm.ws.wim.adapter.ldap.LdapConnection checkSearchCache Hit cache: o=ibm|(&(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson)))(uid=*))|2|101|600000|uid|mail|objectClass|sn|cn|dominounid
[10/13/12 21:05:17:340 BST] 00000018 LdapConnectio > com.ibm.ws.wim.adapter.ldap.LdapConnection searchEntities ENTRY o=ibm (&(|(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson)))(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson))))(|(uid=wpadmin)(cn=wpadmin))) null 2 [LoginAccount, PersonAccount] [principalName] false false
[10/13/12 21:05:17:341 BST] 00000018 LdapConnectio 3 com.ibm.ws.wim.adapter.ldap.LdapConnection checkSearchCache Hit cache: o=ibm|(&(|(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson)))(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson))))(|(uid=wpadmin)(cn=wpadmin)))|2|0|0|uid|objectClass|dominounid
[10/13/12 21:05:17:389 BST] 00000018 LdapConnectio > com.ibm.ws.wim.adapter.ldap.LdapConnection searchEntities ENTRY o=ibm (&(|(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson)))(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson))))(|(uid=wpadmin)(cn=wpadmin))) null 2 [LoginAccount, PersonAccount] [] false false
[10/13/12 21:05:17:391 BST] 00000018 LdapConnectio 3 com.ibm.ws.wim.adapter.ldap.LdapConnection checkSearchCache Hit cache: o=ibm|(&(|(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson)))(&(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson))))(|(uid=wpadmin)(cn=wpadmin)))|2|4501|600000|objectClass|dominounid


When I checked my LDAP search filters in: -

/opt/IBM/WebSphere/wp_profile/config/cells/wp7/wim/config/wimconfig.xml

I saw: -

...
      <config:ldapEntityTypes name="PersonAccount" searchFilter="(&amp;(|(cn=%v)(uid=%v))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson)))">
        <config:objectClasses>dominoPerson</config:objectClasses>
      </config:ldapEntityTypes>
      <config:ldapEntityTypes name="Group" searchFilter="(&amp;(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))">
        <config:objectClasses>dominoGroup</config:objectClasses>
      </config:ldapEntityTypes>

...

I read the PersonAccount search filter as: -

( ( cn=v% ) OR (uid=v%) ) AND ( (objectclasss=dominoPerson) OR (objectclass=inetOrgPerson) )

which is perfectly OK.

I'd previously validated the search filters ( as the notes user ): -

$ cd /local/notesdata
$ /opt/ibm/lotus/bin/ldapsearch -h wp7.uk.ibm.com -p 389 -D cn=notes -w passw0rd "(&(|(cn=padmin)(uid=padmin))(|(objectlass=dominoPerson)(objectclass=inetOrgPerson)))"

CN=padmin,O=ibm
cn=padmin
displayname=padmin/ibm
mailsystem=100
objectclass=dominoPerson
objectclass=inetOrgPerson
objectclass=organizationalPerson
objectclass=person
objectclass=top
messagestorage=1
encryptincomingmail=0
roamcleansetting=0
roamcleanper=1
availablefordirsync=1
checkpassword=0
passwordchangeinterval=0
passwordgraceperiod=0
givenname=portal
sn=admin
uid=padmin
roaminguser=0
userpassword=(GIMrxir7cW6bC/nzWSgO)


so I knew that the search filter was OK.

However, in the interests of expediency, I stripped the search filters out, leaving me with: -

...
      <config:ldapEntityTypes name="PersonAccount" searchFilter="">
        <config:objectClasses>dominoPerson</config:objectClasses>
      </config:ldapEntityTypes>
      <config:ldapEntityTypes name="Group" searchFilter="">
        <config:objectClasses>dominoGroup</config:objectClasses>
      </config:ldapEntityTypes>

...

and all is now well.



I know that I've seen and cracked the problem of search filters before but ..... that'll do for now.

WebSphere Portal 8 - Community articleCommand-line interface to update Portal v8 response files

This article references an article from the WebSphere Portal 8 Wiki showing how to augment the response files used to install the product silently, via IBM Installation Manager.

I've excerpted some of the text from the Wiki article below: -

 To install WebSphere Portal v8 silently, you are required to provide an xml response file. This can be obtained by using the IBM Installation Manager GUI to record a response file. However if you do not have a GUI environment, this is not a valid option for you and you must manually edit a response file provided on the WebSphere Portal v8 Setup media. Manually editing this xml file can be tedious and confusing.

The attached script (updateWP8ResponseFile.sh) is designed to make this process easier on the user by providing a command-line interface with easy to understand prompts that update the response file for you.

Please refer to the Wiki article: -

Command-line interface to update Portal v8 response files

for the script, and for more information.

Unable to configure Federated Repositories in Integrated Solutions Console with Domino LDAP

In this post, I describe how I used an IBM Technote to find a solution to a problem that was preventing me from successfully securing WebSphere Application Server 7 against Lotus Domino 8.5.3.

Having installed WebSphere Portal 7 onto my 64-bit Red Hat Enterprise Linux 6.3 server, I was startled to see this exception: -

java.lang.NullPointerException     
 at   
com.ibm.ws.console.security.IdMgrRealm.VirtualRealmDetailActionGen.populateCollectionTableRow (VirtualRealmDetailActionGen.java:213)


whilst navigating to Security -> Global Security -> Federated Repositories -> Configure within the WAS Integrated Solutions Console.

My LDAP server is Lotus Domino 8.5.3, and the underlying WAS version was 7.0.0.11, which comes as default with WP 7.0.0.

I'd seen this before, but had forgotten the problem / solution.

Thankfully, I found this IBM Technote: -

Unable to configure Federated Repositories in Integrated Solutions Console with Domino LDAP

which says, in part: -

...
The WebSphere Application Server (WAS) Integrated Solutions Console (ISC) is unable to parse federated repositories configurations that contain a blank base entry. Many LDAPs do not require a blank base entry; however, due to Domino's LDAP default flat non-hierarchical design, a blank base entry for Domino LDAP is required for the configuration to function properly (Domino stores groups in "" by default though can be configured otherwise).
...
 Note: It is valid and indeed possible for an LDAP server other than Domino LDAP to have a blank base entry. However, it is very rare to observe this outside of Domino LDAP.
...

As I'd previously observed: -

WebSphere Portal 8 and Lotus Domino 8.5.1 Together - Can you say Doh! ?

it's acceptable to have a blank Base Distinguished Name ( Base DN ), so there was no need to change Domino.

Thankfully, the Technote had the answer: -

...
APAR PM47114 contains a fix for this issue. Please check the APAR link for more details of which versions of WebSphere Application Server the fix is available in. If you are unable to upgrade your WebSphere Application Server to a newer version, contact IBM Support to request a copy of iFix PM47114 for your current WebSphere Application Server version.
...

and the APAR: -

PM47114: VMM DOES NOT HANDLE ROOT BASE ENTRIES FROM LDAP PROPERLY.

confirmed that my solution was to upgrade WAS to 7.0.0.21 or above: -

7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
8.0.0.2: WebSphere Application Server V8.0 Fix Pack 2
8.0.0.3: WebSphere Application Server V8.0 Fix Pack 3
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
8.0.0.4: WebSphere Application Server V8.0 Fix Pack 4
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25

Thankfully, I had the 7.0.0.21 fix pack downloaded, so I popped this on, and all is now well.

#LifeIsGood