Choosing login valuesDetermine which LDAP attribute or attributes you to use to log in to IBM Connections.
The following scenarios are supported:
Single LDAP attribute with a single value
For example: uid=jsmith.
Multiple LDAP attributes, each with a single value
To specify multiple attributes, separate them with a semicolon when you enter them in the Login properties field (while adding the repository to IBM WAS). For example, where uid=jsmith and email@example.com, you would enter: uid; mail.
Single LDAP attribute with multiple values
For example, mail is the login attribute and it accepts two different email addresses: an intranet address and an extranet address. For example: mail=jsmith@<myCompany>.com or firstname.lastname@example.org.
Multiple LDAP attributes, each with multiple values
For example: uid=jsmith or uid=john_smith and email@example.com or firstname.lastname@example.org or mail=jsmith@<MyCompany>.com.
Multiple LDAP directories
For example: One LDAP directory uses uid as the login attribute and the other uses mail. You must repeat the steps in Setting up federated repositories for each LDAP directory.
Multi-valued attributesYou can map multiple values to common attributes such as uid or mail.
If, for example, you mapped the following attributes for a user called Sample User, all three values for the user are populated in the PROFILE_LOGIN table in the Profiles database:
A similar example for the uid property would have the following attributes:
By default, the population wizard only allows you to choose one attribute for logins, so you can't select mail and uid. You can, however, write a custom function to union multiple attributes.
Custom attributesThe Profiles population wizard populates uid and mail during the population process but maps the loginID attribute to null. You can specify a custom attribute if your directory uses a unique login attribute other than, for example, uid, mail, or cn. The login value can be based on any attribute that you have defined in your repository. You can specify that attribute by setting loginID=attribute when you populate the Profiles database.
The following sample extract from the profiles-config.xml file shows the standard login attributes:
<loginAttributes> <loginAttribute>uid</loginAttribute> <loginAttribute>email</loginAttribute> <loginAttribute>loginId</loginAttribute> </loginAttributes>
The value for the loginID attribute is stored in the Prof_Login column of the Employee table in the Profiles database. For more information, see the Mapping fields manually topic.
Using Profiles or LDAP as the repositoryThe default login attributes that are defined in the profiles-config.xml file are uid, email, or loginID
If you change the default IBM Connections configuration to use the LDAP directory as the user repository, WAS maps uid as the login default.
Parent topicPreparing to configure the LDAP directory
Specify the global ID attribute for users and groups
Specify a custom ID attribute for users or groups
Setting up federated repositories
Mapping fields manually