Follow this task to configure a property extension repository to store attributes that
cannot be stored in your Lightweight Directory Access Protocol (LDAP) server.
About this task
For security and business reasons, you might want to prohibit write operations to your
repositories. However, applications calling the federated repository configuration might need to
store additional properties for the entities. A federated repository configuration provides a
property extension repository, which is a database regardless of the type of main profile
repositories, for a propertylevel join configuration. For example, a company that uses an LDAP
directory for its internal employees and a database for external customers and business partners
might not allow write access to its LDAP and its database. The company can use the property
extension repository in a federated repository configuration to store additional properties for
the people in those repositories, excluding the user ID. When an application uses the federated
repository configuration to retrieve an entry for a person, the federated repository configuration
transparently joins the properties of the person that is retrieved from either the LDAP or the
customer's database with the properties of the person that is retrieved from the property extension
repository into a single logical person entry. When you configure a property extension
repository, you can supply a valid data source, a direct connection configuration, or both. The
system first tries to connect by way of the data source. If the data source is not available, then
the system uses the direct access configuration.
Restriction: You cannot configure a
property extension repository in a mixed version deployment manager cell.
Procedure
- Configure the WebSphere® Application Server data source. See Configuring the WebSphere Application Server data source.
- If you are adding new properties (including properties that are stored in the property
extension repository) to the schema, you must do the following before you create the property
extension repository.
- Open or create the wimxmlextension.xml file under the profile_root\config\cells\cell_name\wim\model
directory.
Attention: Make sure the editor is on the deployment manager node.
- Add the schema definition of the new property.
The following sample
wimxmlextension.xml file adds a new property called ibmotherEmail to both the Person and
PersonAccount entity types. This new property type is
String
and it is
multiplevalued.
<sdo:datagraph xmlns:sdo="commonj.sdo"
xmlns:wim="https://www.ibm.com/websphere/wim">
<wim:schema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="true"
propertyName="ibm-otherEmail">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="true"
propertyName="ibm-personalTitle">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="true"
propertyName="ibm-middleName">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String" multiValued="true"
propertyName="ibm-generationQualifier">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="false"
propertyName="ibm-regionalLocale">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="false"
propertyName="ibm-timeZone">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="false"
propertyName="ibm-preferredCalendar">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="false"
propertyName="ibm-alternativeCalendar">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="false"
propertyName="ibm-firstDayOfWeek">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="false"
propertyName="ibm-firstWorkDayOfWeek">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="false"
propertyName="ibm-gender">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="https://www.ibm.com/websphere/wim"
dataType="String"
multiValued="true"
propertyName="ibm-hobby">
<wim:applicableEntityTypeNames>Person
</wim:applicableEntityTypeNames>
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
</wim:schema>
</sdo:datagraph>
Available
data types are defined in
com.ibm.websphere.wim.SchemaConstants. For
example:
/**
* Instance Class: java.lang.String
*/
String DATA_TYPE_STRING = "String";
/**
* Instance Class: int
*/
String DATA_TYPE_INT = "Int";
/**
* Instance Class: java.lang.Object
*/
String DATA_TYPE_DATE = "Date";
/**
* Instance Class: dobjava.lang.Object
*/
String DATA_TYPE_ANY_SIMPLE_TYPE = "AnySimpleType";
/**
* Instance Class: java.lang.String
*/
String DATA_TYPE_ANY_URI = "AnyURI";
/**
* Instance Class: java.lang.boolean
*/
String DATA_TYPE_BOOLEAN = "Boolean";
/**
* Instance Class: long
*/
String DATA_TYPE_LONG = "Long";
/**
* Instance Class: double
*/
String DATA_TYPE_DOUBLE = "Double";
/**
* Instance Class: short
*/
String DATA_TYPE_SHORT = "Short";
- Add the new property to the property extension repository. Before
running the setupIdMgrPropertyExtensionRepositoryTables command, add the new properties
into install_root/etc/wim/setup/wimlaproperties.xml.
- Follow the example inside this file to define the new property definitions. The schema
file for wimlaproperties.xml is wimdbproperty.xsd and is in the same directory. It
can be used for reference.
- Run the setupIdMgrPropertyExtensionRepositoryTables command to create the
property extension repository and to add the new properties.
-
Set up the property extension repository using wsadmin by following the procedure discussed in
Setting up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands; ignore the Before you begin options.
- Configure the property extension repository by completing the following steps:
- In the administrative console, click Security > Global
security.
- Under User account repository, select Federated repositories, and click
Configure. To configure for a specific domain in a multiple security domain environment,
click Security domains > domain_name. Under Security Attributes, expand User
Realm, and click Customize for this domain. Select the Realm type as Federated
repositories and then click Configure.
- Click Property extension repository.
- Supply the name of the data source in the Data source name field.
- Select the type of database that is used for the property extension
repository.
- Supply the name of the Java™ database connectivity (JDBC) driver in the JDBC driver
field.
Values include:
- DB2®
- com.ibm.db2.jcc.DB2Driver
- Oracle
- oracle.jdbc.driver.OracleDriver
- Informix®
- com.informix.jdbc.IfxDriver
- Microsoft SQL Server
- com.microsoft.jdbc.sqlserver.SQLServerDriver
- Derby
- org.apache.derby.jdbc.EmbeddedDriver
- Supply the database URL that is used to access the property extension repository with
JDBC in the Database URL field.
Use an alphanumeric text string that conforms to the
standard JDBC URL syntax.
Values include:
- DB2
- jdbc:db2://<hostname>:<port>/<DB2location>
- Oracle
- jdbc:oracle:thin:@<hostname>:<port>:<dbname>
- Derby
- jdbc:derby:c:\derby\wim
- Microsoft SQL Server
- jdbc:microsoft:sqlserver://<hostname>:1433;databaseName=wim;selectmethod=cursor;
- Informix
- jdbc:informixsqli://<hostname>:1526/wim:INFORMIXSERVER=<IFXServerName>;
- Supply the user name of the database administrator in the Database administrator user
name field.
- Supply the password of the database administrator in the Password
field.
- Specify the entity retrieval limit in the Entity retrieval limit field.
The
entity retrieval limit is the maximum number of entities that the system can retrieve from the
property extension repository with a single database query. The default value is
200.
- Click OK.
Results
After completing these steps, your federated repository configuration, which includes a
property extension repository, is configured.
What to do next
- If you are enabling security, complete the remaining steps as specified in Enabling security for the realm. As the final step, validate this setup by clicking Apply on the
Global security panel.
- Save, stop, and restart all the product servers (deployment managers, nodes, and Application
Servers) for changes in this panel to take effect. If the server comes up without any problems, the
setup is correct.