Home

 

Specify a custom ID attribute for users or groups

 

+

Search Tips   |   Advanced Search

 

You can specify custom global unique ID attributes to identify users and groups in the LDAP

Restrictions...

To specify a custom attribute as the unique ID for users or groups...

  1. Edit...

      VMM_HOME/model/wimxmlextension.xml

    If no file with this name exists, create one.

    VMM_HOME location is set by wim.home system property. Default is location is...

      user.install.root/config/cells/local.cell/wim

  2. To select a single ID attribute for both users and groups, use the following sample XML, which defines a new property type called enterpriseID and adds this property type to both PersonAccount and Group entity types:

      <?xml version="1.0" 
            encoding="UTF-8"?>
      
      <sdo:datagraph xmlns:sdo="commonj.sdo" 
                        xmlns:wim="http://www.example.com/websphere/wim">
      
          <wim:schema>
      
              <wim:propertySchema nsURI="http://www.example.com/websphere/wim"  
                                  dataType="STRING" 
                                  multiValued="false"  
                                  propertyName="enterpriseID">
      
                  <wim:applicableEntityTypeNames> PersonAccount </wim:applicableEntityTypeNames>
      
              </wim:propertySchema>
      
              <wim:propertySchema nsURI="http://www.example.com/websphere/wim"  
                                  dataType="STRING" 
                                  multiValued="false"  
                                  propertyName="enterpriseID">
      
                  <wim:applicableEntityTypeNames> Group </wim:applicableEntityTypeNames>
      
              </wim:propertySchema>
      
          </wim:schema>
      </sdo:datagraph> 
      

    Ensure that the XML is well-formed and conforms to the schema defined in wimschema.xsd.

  3. To use two different ID attributes, one for users and a different one for groups, use the following sample XML, which defines a property type called customUserID and adds it to the PersonAccount entity type, and also defines a property type called customGroupID and adds it to the Group entity type:

      <?xml version="1.0" encoding="UTF-8"?>
      
      <sdo:datagraph xmlns:sdo="commonj.sdo" 
                        xmlns:wim="http://www.example.com/websphere/wim">
      
          <wim:schema>
              <wim:propertySchema nsURI="http://www.example.com/websphere/wim" 
                                  dataType="STRING" 
                                  multiValued="false" 
                                  propertyName="customUserID">
                  <wim:applicableEntityTypeNames>PersonAccount
      
              </wim:applicableEntityTypeNames>
              </wim:propertySchema>
      
              <wim:propertySchema nsURI="http://www.example.com/websphere/wim" 
                                  dataType="STRING" 
                                  multiValued="false" 
                                  propertyName="customGroupID">
      
                  <wim:applicableEntityTypeNames>Group
                  </wim:applicableEntityTypeNames>
              </wim:propertySchema>
      
          </wim:schema>
      
      </sdo:datagraph> 
      
      

    The customUserID and customGroupID properties are not related to the properties of the login ID.

  4. Add new property types to each repository adapter in wimconfig.xml.

    AIX PROFILE_HOME/profile/config/cells/cell_name/wim/config
    Linux /opt/WAS/AppServer/profiles/profile/config/cells/cell_name/wim/config
    Microsoft Windows C:\WAS\AppServer\profiles\profile\config\cells\cell_name\wim\config

  5. To use a single ID attribute for both users and groups, using a string called enterpriseid, add the following text:

      <config:attributeConfiguration>
      
          <config:externalIdAttributes name="enterpriseID" 
                                       syntax="String"/>
      
      </config:attributeConfiguration>  
      

  6. To use two different ID attributes, one for users and the other for groups, add the following text:

      <config:attributeConfiguration>
          <config:attributes name="userPassword" propertyName="password"/>
          <config:attributes name="customUserID" propertyName="customUserID"/>
          <config:attributes name="customGroupID" propertyName="customGroupID"/>
          <config:propertiesNotSupported name="homeAddress"/>
          <config:propertiesNotSupported name="businessAddress"/>
      </config:attributeConfiguration> 
      

  7. Save and close the wimconfig.xml file.

If you specified different ID attributes for users and groups, configure the required custom ID attribute.

When you map fields in the Profiles database, ensure that you add the custom ID attribute to the PROF_GUID field in the EMPLOYEE table.

 

Related tasks

Prepare to configure the LDAP directory
Choose log in values
Configure the custom ID attribute for users or groups