Configuring the Data Store and User Options for the user Entity

By default, the user entity is populated by the user collection data store and contains the data-explorer-admin administrator user. For the initial setup of the user entity, add your administrator users and, if necessary, make required changes to the data store.

Before you begin

About this task

Regardless of the authentication method you used when you configured the user registry, you can populate the user entity with a collection data store. This method does not require the additional step of manually enqueueing users to the search collection, because authenticated users are enqueued in the search collection by default. If you disable the setting, you must manually enqueue users in the collection. For more information about automatically adding users to the collection, see Entity User Options.

By default, the user entity is populated with user names from the user search collection. Unless you have a specific need to populate the user entity by using a directory data store, or a search collection other than the user search collection, there is no reason to change the default data store configuration.

Unless you know that your user names need to be added to a different search collection, use the user search collection.

Procedure

  1. Log in to the Application Builder administration tool as the default administrator user, data-explorer-admin. The password is: TH1nk1710

    You can log in to Application Builder as the default administrator user because the user entity is automatically configured to include data-explorer-admin in the Admins field when you add the first backend to Application Builder.

  2. Click Entities and select user.
  3. For the data store, you do not need to change the default data store configuration unless you have a specific reason. If you do need to change the data store configuration, complete the steps that are required for the following options:
    Option Description
    If you want authenticated users to be enqueued to a search collection other than the default user search collection
    1. Select the name of the collection.
    2. Click Save changes at the bottom of the entity configuration page.
    3. To preview the results that are returned from your data store, from the bottom of the data store section, click Preview the results, which shows the first 10 results.
    If you want to populate the user entity with a directory data store
    1. Select Directory.
    2. Enter your directory service information for each field. Ensure that you enter values for each required field. The example values are not used by default. If you are connecting to an LDAP directory, the Connection name and Connection password fields are not required because anonymous binding is supported. For more information, see Entity Data Connection Options.
    Important: The directory service information that you specify in the user entity must match the directory service that you specify in the server.xml file for WebSphere Application Server Liberty profile.
  4. In the User options > Admins field, enter your user name and the user names of any other authenticated users who need access to the Application Builder administration tool.
  5. For the option that automatically adds users to the collection, unless you have a specific reason, keep the default option set to on. If you disable this option, you must manually enqueue authenticated users to the search collection. Otherwise, they will not be able to access the application. For more information, see Enqueueing Users for a Collection Data Store.
  6. For the Login with field list, keep the default value of title, unless you have a specific need to change the value, such as one of the following scenarios:
    • For the Login with field list, when you use an LDAP directory as the data store, it is not necessary to specify a field. However, if you do specify a field, it must match the value that is specified in the userFilter and userIdMap attributes in the ldapRegistry node of the AppBuilder/wlp/usr/servers/AppBuilder/server.xml file. Liberty profile passes that value to Application Builder by default. The default value in the server.xml file is sAMAccountName.
    • If you disable the option to automatically enqueue users, ensure that the Login with field is a field that exists for the users that you enqueue in the search collection.
      If you follow Enqueueing Users for a Collection Data Store and copy the XML that is provided, the user names are enqueued as title fields, which you can see in the following code <content name="title" indexed-fast-index="set">user_name</content>. If you added additional content nodes for each user, you can select a different field for users to log in with. If you did not enqueue additional content nodes for the user names, select title.
      Important: Ensure that the field that you select exists for each user that you enqueued and that the field value is unique for each user. If you select a field that does not exist for users, those users cannot log in.
  7. Click Save changes at the bottom of the entity configuration page.
  8. From the bottom of the data store section, click Preview the results, which shows the first 10 user names that are returned from the data store. Ensure that the preview contains results that you expect.
    Note: If you used a directory data store, in the previewed results, ensure that the field that you selected from the Login with field list contains the user names that users will log in with.
  9. Close your current browser session and delete any stored information from the cache, such as cookies, that contain user names and passwords.
  10. Verify that administrator users and end users can log in to the Application Builder administrator tool and end user application.
  11. Close all the windows and tabs of your browser to end your login session.

What to do next

To prevent access to the Application Builder administration tool with the default user name, data-explorer-admin, remove the default user name from the Admins field in the user entity.
Important: If you use basic authentication and the data-explorer-admin user name is removed from the basicRegistry node, it will not be authenticated and you cannot use it to access the administrator console, even if it is listed in the Admins field.

If you use LDAP authentication and the data-explorer-admin user name is not authenticated with the LDAP directory, you cannot use it to access the administrator tool, even if it is listed in the Admins field.

If errors occur after you complete this procedure, ensure that the user entity is populated by the correct search collection, and that your administrators are listed in the Admins field. Also, ensure that the server.xml file contains the same users as the search collection that populates the user entity. If necessary, complete the following steps to restore the backup file:
  1. On the Application Builder server, stop the Application Builder service.
  2. Restore the server.xml backup file.
  3. Restart Application Builder.
  4. Log in to Application Builder by using the default login credentials (data-explorer-admin and TH1nk1710) and check the user entity configuration.
  5. After you identify the cause of the error and the correct information, redo the procedure.
Parent topic: Application Builder System Administration
Related concepts:
The user Entity
Related tasks:
Configuring the User Registry for Application Builder with WebSphere Application Server Liberty profile
Enqueueing Users for a Collection Data Store