Home
Specify a custom ID attribute for users or groups
You can specify custom global unique ID attributes to identify users and groups in the LDAP
Restrictions...
- The ID must be static and unique in the cell.
- The ID must not exceed 256 characters in length.
- If you are planning to install the Files or Wikis feature, the ID cannot exceed 252 characters in length.
- To achieve faster search results, use a fixed-length attribute for the ID.
- The ID must have a one-to-one mapping per object. You cannot use an attribute with multiple values as a unique ID.
To specify a custom attribute as the unique ID for users or groups...
- Edit...
VMM_HOME/model/wimxmlextension.xml
If no file with this name exists, create one.
VMM_HOME location is set by wim.home system property. Default is location is...
user.install.root/config/cells/local.cell/wim
- To select a single ID attribute for both users and groups, use the following sample XML, which defines a new property type called enterpriseID and adds this property type to both PersonAccount and Group entity types:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:sdo="commonj.sdo" xmlns:wim="http://www.example.com/websphere/wim"> <wim:schema> <wim:propertySchema nsURI="http://www.example.com/websphere/wim" dataType="STRING" multiValued="false" propertyName="enterpriseID"> <wim:applicableEntityTypeNames> PersonAccount </wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.example.com/websphere/wim" dataType="STRING" multiValued="false" propertyName="enterpriseID"> <wim:applicableEntityTypeNames> Group </wim:applicableEntityTypeNames> </wim:propertySchema> </wim:schema> </sdo:datagraph>Ensure that the XML is well-formed and conforms to the schema defined in wimschema.xsd.
- To use two different ID attributes, one for users and a different one for groups, use the following sample XML, which defines a property type called customUserID and adds it to the PersonAccount entity type, and also defines a property type called customGroupID and adds it to the Group entity type:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:sdo="commonj.sdo" xmlns:wim="http://www.example.com/websphere/wim"> <wim:schema> <wim:propertySchema nsURI="http://www.example.com/websphere/wim" dataType="STRING" multiValued="false" propertyName="customUserID"> <wim:applicableEntityTypeNames>PersonAccount </wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.example.com/websphere/wim" dataType="STRING" multiValued="false" propertyName="customGroupID"> <wim:applicableEntityTypeNames>Group </wim:applicableEntityTypeNames> </wim:propertySchema> </wim:schema> </sdo:datagraph>
The customUserID and customGroupID properties are not related to the properties of the login ID.
- Add new property types to each repository adapter in wimconfig.xml.
AIX PROFILE_HOME/profile/config/cells/cell_name/wim/config Linux /opt/WAS/AppServer/profiles/profile/config/cells/cell_name/wim/config Microsoft Windows C:\WAS\AppServer\profiles\profile\config\cells\cell_name\wim\config - To use a single ID attribute for both users and groups, using a string called enterpriseid, add the following text:
<config:attributeConfiguration> <config:externalIdAttributes name="enterpriseID" syntax="String"/> </config:attributeConfiguration>- To use two different ID attributes, one for users and the other for groups, add the following text:
<config:attributeConfiguration> <config:attributes name="userPassword" propertyName="password"/> <config:attributes name="customUserID" propertyName="customUserID"/> <config:attributes name="customGroupID" propertyName="customGroupID"/> <config:propertiesNotSupported name="homeAddress"/> <config:propertiesNotSupported name="businessAddress"/> </config:attributeConfiguration>
- Save and close the wimconfig.xml file.
If you specified different ID attributes for users and groups, configure the required custom ID attribute.
When you map fields in the Profiles database, ensure that you add the custom ID attribute to the PROF_GUID field in the EMPLOYEE table.
Related tasks
Prepare to configure the LDAP directory
Choose log in values
Configure the custom ID attribute for users or groups