Configuring Lightweight Directory Access Protocol attributes in a federated repository configuration
Follow this task to add, modify, or delete the configuration of supported, unsupported, and external LDAP attributes in a federated repositories configuration.
Procedure
- In the administrative console, click Security > Global security.
- Under User account repository, select Federated repositories from the Available realm definitions field and click Configure. To configure for a specific domain in a multiple security domain environment, click Security domains > domain_name. Under Security Attributes, expand User Realm, and click Customize for this domain. Select the Realm type as Federated repositories and then click Configure.
- Under Related items, click Manage repositories, and then in the panel that appears, click the repository_id of the LDAP repository.
- Under Additional properties, click the LDAP attributes link.
- To add a new LDAP attribute configuration, click Add and select one of the
following options:
- Select Supported to add a supported LDAP attribute configuration. On the panel that
appears, enter the following details:
- Name
- Specifies the name of the LDAP attribute used in the repository LDAP adapter.
- Property name
- Specifies the name of the corresponding federated repository property.
- Syntax
- Specifies the syntax of the LDAP attribute. The default value is string. For example, the syntax of the unicodePwd LDAP attribute is octetString.
- Entity types
- Specifies the entity type that applies the attribute mapping.
- Default value
- Specifies the default value of the LDAP attribute.
- Default attribute
- Use this parameter to specify the default attribute of the LDAP attribute.
- Select Unsupported to add a configuration for a federated repository property that the
LDAP repository does not support. On the panel that appears, enter the following details:
- Property name
- Specifies the name of the federated repository property.
- Entity types
- Specifies one or more entity types. Use the semicolon (;) as the delimiter to specify multiple entity types.
- Select External to add a configuration for an LDAP attribute that is used as an external ID in
the specified LDAP repository. On the panel that appears, enter the following details:
- Name
- Specifies the name of the external ID attribute of the LDAP repository.
- Syntax
- Specifies the syntax of the LDAP attribute. The default value is string. For example, the syntax of the unicodePwd LDAP attribute is octetString.
- Entity types
- Specifies one or more entity types. Use the semicolon (;) as the delimiter to specify multiple entity types.
- Generate value
- Specifies whether or not the federated repository should generate the value of the LDAP attribute.
- Select Supported to add a supported LDAP attribute configuration. On the panel that
appears, enter the following details:
- To modify an existing configuration, click the Name/Property Name link and modify the details in the panel that appears.
- To delete an existing configuration, select the checkbox for the Name/Property Name and click Delete.
- Click OK and Save to the master configuration.
- Restart the application server.