Configuring additional properties for users and groups

You can configure additional properties for users and groups of federated repositories. To enable schema or property extensions, ensure that the property can be read from and written to the underlying repositories.

1. You can specify the following additional property information in the server.xml file to enable schema or property extension.
   • Extended Property Name – The name of the extended property. Ensure that the name specified is unique and does not match with an existing property name.
   • Data type – The data type of the extended property. The possible values are Integer, Long, String, Boolean, Date, Double, BigInteger, BigDecimal.
   • Entity type – The entity to which the property applies. The possible values are PersonAccount or Group.

     Single or multi-valued - You can set the value of the property to be either single or multi-valued. A default value can also be set for the property. When an entity is created and no value is specified for the property, the default value is used. For a multi-valued property, you can add an extended property named assetId for storing assets assigned to a user. If each user can be assigned more than one assets then the assetId needs to be multi-valued. You must ensure that the attribute to which the assetId is mapped is also a multi-valued attribute in the back-end LDAP .

   The following sample shows the configuration in server.xml:

   
   <federatedRepository>
       <primaryRealm name="WIMRegistry">
           <participatingBaseEntry name="o=ibm,c=us"/>
       </primaryRealm>
       <extendedProperty dataType="String" name="extendedProperty" entityType="PersonAccount"> </extendedProperty>
   </federatedRepository>
     

2. To use the extended property in the code, you must use the generic getter/setter methods as shown in the following example:

   
   PersonAccount person = new PersonAccount(); 
   ... 
   person.set("extendedProperty", "xyz"); 
   ... 
   String value = (String)person.get("extendedProperty");

3. To ensure that property can be read from and written to the LDAP, you have the following two options:
   • Pass-through: If the name of the extended property is same as the name of the LDAP attribute, then the property is passed through and read from and written to the attribute.
   • Property Mapping: If the name of the extended property is different from the name of the LDAP attribute, then the property needs to be mapped by using attribute mapping.

     The following sample configuration shows the mapping of the extended property to an attribute named extendedAttribute.

     
     <attributeConfiguration>
         <attribute name="extendedAttribute" propertyName="extendedProperty" syntax="String" entityType="PersonAccount"></attribute>
     </attributeConfiguration>