Manually configuring a Lightweight Directory Access Protocol repository in a federated repository configuration

Follow this topic to manually configure Lightweight Directory Access Protocol (LDAP) repository in a federated repository configuration.

Before you begin

As a prerequisite, you need to add a LDAP repository to your WebSphere® Application Server configuration, where you define the following information:
Table 1. Prerequisite LDAP repository information.

This table lists prerequisite LDAP repository information,

Item Name Example
Repository identifier ldaprepo1
Directory type IBM® Tivoli® Directory Server
Primary host name localhost
Port 389
Bind distinguished name cn=ldapadmin
Bind password yourpwd
Login properties uid (a property containing login information)
See Lightweight Directory Access Protocol repository configuration settings for the specific steps you must perform to establish this LDAP repository.

About this task

At this point, you have a valid LDAP repository ready to be manually configured in a federated repository configuration.

Procedure

  1. Map the federated repository entity types to the LDAP object classes.
    1. Configure the LDAP repository to match the used LDAP object class for users.
      1. In the administrative console, click Security > Global security.
      2. Under User account repository, select Federated repositories from the Available realm definitions field and click Configure.
      3. Under Related items, click Manage repositories.
      4. Select the repository (for example, ldaprepo1).
      5. Click LDAP entity types.
      6. Click PersonAccount.
      7. Insert the objectclass name used in our LDAP server, for example, inetOrgPerson.
      8. Click Apply.
      9. Click Save.

      See Configuring supported entity types in a federated repository configuration for an explanation of the supported entity types.

      See http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/com.ibm.websphere.wim.doc.en/ldap.html for a description of the LDAP default mappings.

    2. Configure the LDAP repository to match the used LDAP objectclass for groups
      1. In the administrative console, click Security > Global security.
      2. Under User account repository, select Federated repositories from the Available realm definitions field and click Configure.
      3. Under Related items, click Manage repositories.
      4. Select ldaprepo1.
      5. Click LDAP entity types.
      6. Click Group.
      7. Insert the objectclass name used for your LDAP server, for example, groupOfUniqueNames.
      8. Click Apply.
      9. Click Save.

      See Group attribute definition settings for an explanation of group attribute definitions.

  2. Map the federated repository property names to the LDAP attribute names.
    1. Configure the LDAP repository to match the used LDAP attributes for a user.
      1. Edit the file
        {WAS_HOME}\profiles\{profileName}\config\cells\{cellName}\wim\config\wimconfig.xml 
      2. Look for the section in this file containing the LDAP repository configuration, For example,
        1. <config:repositories 
          xsi:type="config:LdapRepositoryType" 
          adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAda
          pter" id="ldaprepo1" ...>
          
        2. <config:attributeConfiguration>
          
        3. ...
          
        4. <config:attributes name="anLDAPattribute" 
          propertyName="aVMMattribute"/>
          
        5. ...
          <config:attributeConfiguration>
      3. Add an element of type config:attributes to define the mapping between a given federated depository property name, such as departmentNumber, to a desired LDAP attribute name, such as warehouseSection.
        Note: For all given federated depository properties, a one-to-one mapping is assumed. If no explicit mapping of the above type is defined, for example the federated repository property departmentNumber, the underlying LDAP attribute name, departmentNumber is assumed.
    2. Configure the unsupported properties of the federated repository.
      To indicate that a given federated repository property, such as departmentNumber is not supported by any LDAP attributes, you need to define the following type of element:
      <config:repositories xsi:type="config:LdapRepositoryType" 
      adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter" 
      id="ldaprepo1" ...>
      <config:attributeConfiguration>
      ...
      <config:propertiesNotSupported name=" departmentNumber"/>
      ...
      <config:attributeConfiguration>
      
    3. Configure the LDAP repository to match the used LDAP user membership attribute in the groups.
      1. In the administrative console, click Security > Global security.
      2. Under User account repository, select Federated repositories from the Available realm definitions field and click Configure.
      3. Under Related items, click Manage repositories.
      4. Select ldaprepo1
      5. Click Group attribute defintions.
      6. Click Member attributes.
      7. Check if your LDAP attributes (for example, uniqueMember) is specified for your LDAP objectclass (for example, groupOfUniqueNames).
        • If not specified, click New and add the pair (objectclass / member attribute name) that applies to your LDAP schema (for example, uniqueMember / groupOfUniqueNames
        • If specified, proceed.
      8. Click Apply.
      9. Click Save.
  3. Map other LDAP settings by configuring a new base entry for the new LDAP repository.
    1. In the administrative console, click Security > Global security.
    2. Under User account repository, select Federated repositories from the Available realm definitions field and click Configure.
    3. Click Add Base Entry to Realm.
    4. Select ldaprepo1.
    5. Specifiy:
      • The base entry within the federated repository realm, for example, o=Default Organization
      • The base entry within the LDAP repository, for example, o=Default Organization
    6. Click Apply.
    7. Click Save.
    For an explanation of base entries, see the Configuring supported entity types in a federated repository configuration topic.

Results

After completing these steps, your federated repository matches the LDAP server settings.

What to do next




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Jun 11, 2013 8:40:09 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=twim_ldap_manual
File name: twim_ldap_manual.html