Specify the global ID attribute for users and groups 

Determine which attribute to use as the unique identifier of each person and group in the organization. This value must be unique across the organization.

By default, WAS reserves the following attributes to serve as the unique identifier for the following LDAP directory servers:

• IBM Tivoli Directory Server:
  ibm-entryUUID
  

• Microsoftâ„¢ Active Directory:
  objectGUID

  If you are using Active Directory, remember that the samAccountName attribute has a 20-character limit; other IDs used by IBM Connections have a 256-character limit.
  

• Microsoft Active Directory Application Mode (ADAM):
  objectGUID

  To use objectSID as the default for ADAM, add the following line to the <config:attributeConfiguration> section of the wimconfig.xml file:

  <config:externalIdAttributes

  name="objectSID" syntax="octetString"/>
  

• IBM Domino Enterprise Server:
  dominoUNID

  Note: If the bind ID for the Domino LDAP does not have sufficient manager access to the Domino directory, the Virtual Member Manager (VMM) does not return the correct attribute type for the Domino schema query; DN is returned as the VMM ID. To override VMM's default ID setting, add the following line to the <config:attributeConfiguration> section of the wimconfig.xml file:

  <config:externalIdAttributes

  name="dominoUNID"/>
  

• Sun Javaâ„¢ System Directory Server:
  nsuniqueid
  

• eNovell Directory Server:
  GUID
  

• Custom ID:
  If your organization already uses a unique identifier for each user and group, you can configure IBM Connections to use that. For more information, see the Specify a custom ID attribute for users or groups topic.
  

The wimconfig.xml file is stored in the following location:

AIX

/usr/IBM/WebSphere/AppServer/profiles/<profile_name>/config/cells/<cell_name>/wim/config

Linuxâ„¢

/opt/IBM/WebSphere/AppServer/profiles/<profile_name>/config/cells/<cell_name>/wim/config

Microsoft Windowsâ„¢

<drive>:\IBM\WebSphere\AppServer\profiles\<profile_name>\config\cells\<cell_name>\wim\config

Note: You should not allow the GUID of a user in the system to change. If change the GUID, the user will not have access to their data until you re-synchronize the LDAP and IBM Connections databases with the new GUID.

The unique identifiers assigned by LDAP directory servers are unique for an LDAP entry instance. If the user information is deleted and re-added, or imported into another LDAP directory, the GUID changes and the user will not have access to their data until you re-synchronize the LDAP and the Profiles database with the new GUID. To allow deletes and adds, or migration across various LDAP servers (for example, from staging to production), use an LDAP attribute that is fixed across various directories or when entries are recreated.

Parent topic

Preparing to configure the LDAP directory

Related concepts
Choosing login values

Related tasks

Specify a custom ID attribute for users or groups

+

Search Tips   |   Advanced Search