Troubleshooting
Problem
After following the instructions in the ESSO Configuration Guide, Appendix C - Automatically assigning User Policy Templates to new users, the assignment is not occurring as expected.
Symptom
New users are allocated the default user template.
Cause
Though the IMS Enterprise Directory configuration file (EnterpriseDirectoryConfiguration.xml) has been updated as per the guide, this is not reflected in the VMM configuration files. This means that VMM does not retrieve the newly defined attribute from the Enterprise Directory. IMS therefore see no attribute value and so assigns the default user template.
Resolving The Problem
The VMM configuration needs to be updated to match the changes made following the guide. Below the 'department' attribute is mentioned, but if a different attribute was chosen, then substitute the chosen attribute where 'department' is mentioned.
There are two ways in which this can be done:-
A) The GUI approach:-
- Log into the IMS Configuration Tool
- Delete the existing AD Enterprise directory entry
- Reboot the system
- Recreate the AD Enterprise Entry
- Reboot again to make this active.
2) Manual Approach:-
- Ensure that both ESSO applications are NOT running when making these changes. Best if WAS not running.
- Edit the VMM config files to manually add the 'department' attribute. This would need to be done for each profile used by the ESSO IMS Applications.
- The two key files are:
- <WASHOME>\profiles\<profilename>\config\<cellname>\wim\config\wimconfig.xml
The following needs to be added to this file in the correct location:
<config:attributes name="department" propertyName="department">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
This should be added after the same type of entry for 'lockoutTime', ie within the <config:attributeConfiguration> node.
- <WASHOME>\profiles\<profilename>\config\<cellname>\wim\model\wimxmlextension.xml
The following needs to be added to this file in the correct location:
<wim:propertySchema nsPrefix="wim" nsURI="http://www.ibm.com/websphere/wim" dataType="string" multiValued="false" propertyName="department">
<wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames>
</wim:propertySchema>
Add this at the end of the '<wim:schema>' node, ie after the entry for "msDS-User-Account-Control-Computed", easiest is to copy and paste this last entry and change it to reference 'department' attribute.
- Reboot the system
Was this topic helpful?
Document Information
Modified date:
03 September 2019
UID
swg21652358