Netcool OMNIbus WebGUI users do not synchronize to the Objectserver

by Nick Lansdowne

Introduction

Following a default installation of the the Netcool/OMNIbus v7.3.1 WebGUI component with a File Base repository, users are not automatically replicated to the ObjectServer. This prevents many of the WebGUI tools from working.

The synchronization process replicates user names and groups from file based or LDAP repositories to the ObjectServer. The synchronization is limited to users and groups that are assigned WebGUI roles.

The “Netcool/OMNIbus Installation and Deployment Guide” does document that a property in the file server.init must be updated to enable synchronization. However, further steps were required following my test installation, the full set of steps required was:

  • Delete the ObjectServer entry from the Federated Repository
  • Remove the ObjectServer entries from the Virtual Member Manager XML file
  • Update the server.init file
  • Restart the ObjectServer

These steps are detailed below.

Delete the ObjectServer Entry in the Federated Repository

Despite selecting for a file based repository the ObjectServer was still defined in the Federated repository. To remove this:

  • Login with the administrator credentials
  • Navigate to the page Settings->WebSphere Administrative Console
  • Click the button Launch WebSphere administrative console (this will open a new window/tab titled Integrated Solutions Console – ISC)
  • In the new ISC window, navigate to Settings->Global Security
  • Next to Federated Repositories click Configure…
  • In the table, check the NetcoolObjectServer repository and click Remove
  • Click Save and OK

 

Remove the ObjectServer from the VMM configuration

The Virtual Member Manager configuration file wimconfig.xml also includes a section for the ObjectServer that needs to be removed. Care must be taken when editing this file.

  • Back-up the file wimconfig.xml before opening in the ‘vi’ text editor:
cd /opt/IBM/tivoli/tipv2/profiles/TIPProfile/config/cells/TIPCell/wim/config
cp wimconfig.xml wimconfig.xml.original
vi wimconfig.xml

 

  • Remove the element for the ObjectServerAdapter, locate and delete the following lines:
 <config:repositories adapterClassName=”com.ibm.tivoli.tip.vmm4ncos.ObjectServerAdapter”
        id=”NetcoolObjectServer” supportPaging=”false”>
      <config:baseEntries name=”o=netcoolObjectServerRepository”/>
      <config:CustomProperties name=”password” value=”<password>”/>
      <config:CustomProperties name=”username” value=”<username>”/>
      <config:CustomProperties name=”host1″ value=”<hostname>”/> 
      <config:CustomProperties name=”port1″ value=”<port>”/>
    </config:repositories>


  • Save the update

 

Update the server.init file

As per the standard IBM documentation, the property “user.credentials.sync”  must be set to true. From a terminal session:

  • Open the server.init file in the ‘vi’ text editor:
cd /opt/IBM/tivoli/netcool/omnibus_webgui/etc
vi server.init

 

  • Edit the property “users.credentials.sync” and set to “true”:

users.credentials.sync:true
 

  • Save the update

 

Restart the WebGUI and Tivoli Integrated Portal

Finally for the changes to apply, restart the TIP Server.

  • Stop the TIP:
$TIPHOME/bin/stopServer.sh server1 -username tipadmin -password XXXX

 

  • Start the TIP:
$TIPHOME/bin/startServer.sh server1

Conclusion

For most enterprise environments WebGUI authentication will be against an LDAP server. User synchronization between the federated repository and the ObjectServer process is a vital function for enabling WebGUI users to interact with the ObjectServer and minimise administration tasks.

Interestingly, a similar test installation using the “Advanced” options and selecting the “File Based Repository” resulted in the user synchronization working without any changes. In this instance there were no ObjectServer references in the federated repository or VMM configuration file.