The migrateEAR utility migrates changes made to console users and groups in the admin-authz.xml and naming-authz.xml files into the Tivoli Access Manager object space.
migrateEAR -profile_name default -j fully_qualified_filename -a Tivoli_Access_Manager_administrator_ID -p Tivoli_Access_Manager_administrator_password -w WebSphere_Application_Server_administrator_user_name -d user_registry_domain_suffix -c PdPerm.properties_file_location [-z role_mapping_location]
This parameter is optional. When the parameter is not specified, you are prompted to supply it at run time.
file:profile_root/etc/pd/PdPerm.properties
You can use the pdadmin user show command to display the distinguished name (DN) for a user.
profile_root/config/cells/cell_name
When this parameter is not specified, the user is prompted to supply the password for the administrative user name.
When the WebSphere Application Server administrative user does not already exist in the protected object space, it is created or imported. In this case, a random password is generated for the user and the account is set to not valid. Change this password to a known value and set the account to valid.
/WebAppServer/deployedResouces
/WebAppServer/deployedResouces/Roles
This utility migrates security policy information from deployment descriptors or enterprise archive files to Tivoli Access Manager for WebSphere Application Server. The script calls com.tivoli.pdwas.migrate.Migrate the Java class.
Before you invoke the script, you must run the setupCmdLine script from the Qshell command line. You can find this file in the profile_root/bin directory, where profile_root is your installation path. In a default installation, profile_root is app_server_rootBase.
The script is dependent on finding the correct environment variables for the location of prerequisite software.
To enable a new user access to the administrative group in WebSphere Application Server, it is recommended that the user be added to the pdwas-admin group after JACC has been enabled. You can enter the administrative primary ID (adminID) in the group. This is required when the serverID is not the same as the adminID.
pdadmin> group modify pdwas-admin add adminID