IBM Support

How to configure an extended property as a login property for the LDAP repository configuration in a federated repository setup

Question & Answer


Question

For customers who are not using the properties from the federated repository schema, the following two steps describe the procedure to extend the federated repository to use a custom login property in addition to the default uid property. Perform the first step to extend the federated repository schema and the second step to update the federated repository configuration to use the custom attribute in addition to the default uid property.

Cause

The business use case could demand this requirement.

Answer

Step 1. Extend the federated repositories schema with a custom attribute (the custom attribute must contain unique values across repositories) using the addIdMgrPropertyToEntityTypes wasadmin command.

For more information about the addIdMgrPropertyToEntityTypes command, see
http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.soafep.multiplatform.doc%2Finfo%2Fae%2Fae%2Frxml_atidmgrDataModel.html

To extend the repository schema with a new custom attribute "CustomersSpecialLoginName," use the following command:

$AdminTask addIdMgrPropertyToEntityTypes { -name <name> -dataType <dataType> -isMultiValued false -entityTypeNames <entityTypeNames> -repositoryIds <repositoryIds>}

where
<name> is the name of the custom attribute to be extended
<dataType> is the data type of the attribute
<entityTypeNames> is the entity type of the attribute to be extended
<repositoryIds> is the repository ID of the LDAP repository configured in the federated repositories.

For example :

$AdminTask addIdMgrPropertyToEntityTypes { -name CustomersSpecialLoginName -dataType String -isMultiValued false -entityTypeNames PersonAccount -repositoryIds AD23}

The command will create an entry in the
WAS_profile _home/config/cells/<cell_name>/wim/model/wimxmlextension.xml file.

Step 2. Specify an extended property in the login properties list in addition to the existing login property without changing it.
1. Log on to WebSphere Application Server Administrative console.
2. Go to Global security > Federated repositories > Configure > Manage repositories > <Repository_ID>.
3. In the Login properties field, specify CustomersSpecialLoginName;uid.
4. Click Apply and then save.
5. Log off WebSphere Application Server Administrative console.
6. Restart the application server.

Notes:
If you define multiple login properties, then the first login property is mapped to the principalName property of the federated repositories. For example, if you set CustomersSpecialLoginName;uid as the login property, the LDAP attribute CustomersSpecialLoginName value is mapped to the federated repositories principalName property. If you have defined multiple login properties, the first login property is returned as the value of the principalName property after you login. For example, if you pass the value "joe" (uid value) as the principalName value and the login properties are configured as CustomersSpecialLoginName;uid, the principalName is returned as "myloginjoe"(CustomersSpecialLoginName value).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Virtual Member Manager (VMM)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5;8.5;8.0;7.0","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21662722

Page Feedback