IBM Operational Decision Manager and WebSphere Liberty Profile and OpenLDAP

This is a very brief run-through without much context, apart from these two posts: -

Deploying IBM Operational Decision Manager 8.9.2.1 to WebSphere Liberty Profile 17.0.0.4 - Walkthrough

WebSphere Liberty and OpenLDAP - CWIML4520E: The LDAP operation could not be completed.

as I wanted to get something written up to provide some insight to a colleague working in this arena.

Start with clean Ubuntu 18.04.1 LTS

Login

ssh hayd@ubuntu

Install and configure openLDAP

sudo apt-get update && sudo apt-get -y install slapd ldap-utils
sudo dpkg-reconfigure slapd

Create an LDIF to create organisation, group, user etc.

vi ~/davehay.ldif

version: 1

dn: ou=people,dc=uk,dc=ibm,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=uk,dc=ibm,dc=com
objectclass: organizationalunit
ou: groups

dn: cn=resadmins,ou=groups,dc=uk,dc=ibm,dc=com
objectclass: groupOfNames
cn: resadmins
member: cn=davehay,ou=people,dc=uk,dc=ibm,dc=com

dn: cn=davehay,ou=people,dc=uk,dc=ibm,dc=com
objectClass: inetOrgPerson
cn: davehay
sn: Hay
givenname: Dave
uid: hayd
userPassword: passw0rd
mail: david_hay@uk.ibm.com
description: Dave Hay

Feed LDAP

ldapadd -x -h ubuntu -p389 -D cn=admin,dc=uk,dc=ibm,dc=com -w Qp455w0rd -f ~/davehay.ldif

...
adding new entry "ou=people,dc=uk,dc=ibm,dc=com"

adding new entry "ou=groups,dc=uk,dc=ibm,dc=com"

adding new entry "cn=resadmins,ou=groups,dc=uk,dc=ibm,dc=com"

adding new entry "cn=davehay,ou=people,dc=uk,dc=ibm,dc=com"
...

Validate the additions

ldapsearch -x -h ubuntu -p389 -b dc=uk,dc=ibm,dc=com -D cn=admin,dc=uk,dc=ibm,dc=com -w Qp455w0rd cn=resadmins

...
# extended LDIF
#
# LDAPv3
# base <dc=uk,dc=ibm,dc=com> with scope subtree
# filter: cn=resadmins
# requesting: ALL
#

# resadmins, groups, uk.ibm.com
dn: cn=resadmins,ou=groups,dc=uk,dc=ibm,dc=com
objectClass: groupOfNames
cn: resadmins
member: cn=davehay,ou=people,dc=uk,dc=ibm,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
...

ldapsearch -x -h ubuntu -p389 -b dc=uk,dc=ibm,dc=com -D cn=admin,dc=uk,dc=ibm,dc=com -w Qp455w0rd cn=davehay

...
ldapsearch -x -h ubuntu -p389 -b dc=uk,dc=ibm,dc=com -D cn=admin,dc=uk,dc=ibm,dc=com -w Qp455w0rd cn=davehay
# extended LDIF
#
# LDAPv3
# base <dc=uk,dc=ibm,dc=com> with scope subtree
# filter: cn=davehay
# requesting: ALL
#

# davehay, people, uk.ibm.com
dn: cn=davehay,ou=people,dc=uk,dc=ibm,dc=com
objectClass: inetOrgPerson
cn: davehay
sn: Hay
givenName: Dave
uid: hayd
userPassword:: cGFzc3cwcmQ=
mail: david_hay@uk.ibm.com
description: Dave Hay

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
...

Install Java 8

sudo add-apt-repository -y ppa:webupd8team/java
sudo apt-get update && sudo apt-get -y install oracle-java8-installer

Update server.xml

vi ~/wlp/usr/servers/odm/server.xml

Insert: -

<featureManager>
  <feature>ldapRegistry-3.0</feature>
</featureManager>

<ldapRegistry baseDN="dc=uk,dc=ibm,dc=com"
              bindDN="cn=admin,dc=uk,dc=ibm,dc=com"
              bindPassword="Qp455w0rd"
              host="ubuntu"
              id="OpenLDAPRealm"
              ignoreCase="true"
              ldapType="Custom"
              port="389"
              realm="OpenLDAPRealm"
              recursiveSearch="true">
              <customFilters
                  userFilter="&amp;(uid=%v)(objectClass=inetOrgPerson)"
                  groupFilter="&amp;(cn=%v)(objectClass=groupOfNames)"
                  groupIdMap="*:cn"
                  userIdMap="*:uid"
                  groupMemberIdMap="groupOfNames:member"/>
</ldapRegistry>

Start Liberty

/home/hayd/wlp/bin/server start odm

Check logs

cat /home/hayd/wlp/usr/servers/odm/logs/console.log

...
Launching odm (WebSphere Application Server 17.0.0.4/wlp-1.0.19.201712061531) on Java HotSpot(TM) 64-Bit Server VM, version 1.8.0_181-b13 (en_US)
[AUDIT   ] CWWKE0001I: The server odm has been launched.
[AUDIT   ] CWWKZ0058I: Monitoring dropins for applications.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://ubuntu:10080/DecisionService/
[AUDIT   ] CWWKZ0001I: Application DecisionService started in 4.080 seconds.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://ubuntu:10080/res/
[AUDIT   ] CWWKZ0001I: Application res started in 8.739 seconds.
[AUDIT   ] CWWKF0012I: The server installed the following features: [jsp-2.3, concurrent-1.0, servlet-3.1, ssl-1.0, jndi-1.0, ldapRegistry-3.0, federatedRegistry-1.0, distributedMap-1.0, appSecurity-2.0, jdbc-4.1, el-3.0].
[AUDIT   ] CWWKF0011I: The server odm is ready to run a smarter planet.
[WARNING ] XOM repository set in database persistence mode: Apache Derby 10.10.2.0 - (1582446)
...

Access RES

https://ubuntu:10443/res/login.jsf

Login as hayd / passw0rd

Test Hello World via HTDS ( REST )

https://ubuntu:10443/DecisionService/run.jsp?path=/HelloWorldRuleApp/1.0/HelloWorld&trace=false&type=WADL&kind=native

Send: -

...
<par:Request xmlns:par="http://www.ibm.com/rules/decisionservice/HelloWorldRuleApp/HelloWorld/param">
  <!--Optional:-->
  <par:DecisionID>string</par:DecisionID>
  <!--Optional:-->
  <par:request>Dave Hay Rules</par:request>
</par:Request>
...

Returns: -

...
<?xml version="1.0" encoding="UTF-8"?><par:Response xmlns:par="http://www.ibm.com/rules/decisionservice/HelloWorldRuleApp/HelloWorld/param">
  <par:DecisionID>string</par:DecisionID>
  <par:response>Hello Dave Hay Rules</par:response>
</par:Response>
...

Check WLP Logs

cat /home/hayd/wlp/usr/servers/odm/logs/console.log

...
[WARNING ] XOM repository set in database persistence mode: Apache Derby 10.10.2.0 - (1582446)
[WARNING ] XOM repository set in database persistence mode: Apache Derby 10.10.2.0 - (1582446)
Hello Dave Hay Rules!
...

cat /home/hayd/wlp/usr/servers/odm/logs/messages.log

...
[9/29/18 16:25:21:257 UTC] 00000046 com.ibm.rules.res.execution                                  I The wait timeout of the pool is set to 0.
[9/29/18 16:25:21:264 UTC] 00000046 com.ibm.rules.res.execution                                  I Initializes the pool CRETransformerPool.
[9/29/18 16:25:21:264 UTC] 00000046 com.ibm.rules.res.execution                                  I Pool CRETransformerPool, properties: {pool.maxSize=10, pool.waitTimeout=0}.
[9/29/18 16:25:21:264 UTC] 00000046 com.ibm.rules.res.execution                                  I The wait timeout of the pool is set to 0.
[9/29/18 16:25:53:552 UTC] 0000004a SystemOut                                                    O Hello Dave Hay Rules!
...