<?xml version="1.0"?> <!-- Sample wmm.xml for LDAP(Novell eDirectory Server, SSL) + LookAside Configuration --> <wmm name="member manager" description="member manager" defaultRealmName="wmmRealm" horizontalPartitioning="false" lookAside="true" configurationFile="xml/wmmAttributes.xml" uniqueIdGeneratorClassName="com.ibm.ws.wmm.uniqueid.WMMUniqueMemberIdentifierGenerator" maximumSearchResults="2000" searchTimeOut="600000" maximumSearchResultsForSortingAndPaging="500" maximumTotalSearchResultsForSortingAndPaging="1000" pagingMemberObject="true" timeToRemovePagedCacheEntry="900" userSecurityNameAttribute="uid" passwordAttribute="userPassword"> <supportedMemberTypes> <supportedMemberType name="Person" rdnAttrTypes="uid" defaultParentMember="cn=users,dc=yourco,dc=com" defaultProfileRepository="LDAP1"/> <supportedMemberType name="Group" rdnAttrTypes="cn" defaultParentMember="cn=groups,dc=yourco,dc=com" defaultProfileRepository="LDAP1"/> <supportedMemberType name="Organization" rdnAttrTypes="o" defaultParentMember="cn=users,dc=yourco,dc=com" defaultProfileRepository="LDAP1"/> <supportedMemberType name="OrganizationalUnit" rdnAttrTypes="ou" defaultParentMember="cn=users,dc=yourco,dc=com" defaultProfileRepository="LDAP1"/> </supportedMemberTypes> <repositories> <!-- ****************************************************************************************************** databaseType dataAccessManagerClassName ****************************************************************************************************** db2 com.ibm.ws.wmm.db.dao.db2.WMMDB2Dao oracle com.ibm.ws.wmm.db.dao.oracle.WMMOracleDao cloudscape com.ibm.ws.wmm.db.dao.cloudscape.WMMCloudscapeDao sqlserver com.ibm.ws.wmm.db.dao.sqlserver.WMMSQLServerDao informix com.ibm.ws.wmm.db.dao.informix.WMMInformixDao ******************************************************************************************************* --> <lookAsideRepository name="wmmDBLookAside" UUID="LA" supportTransactions="true" standardNamingSubContext="" specVersion="1.0" adapterClassName="com.ibm.ws.wmm.lookaside.db.LookAsideAdapter" supportDynamicAttributes="true" dataSourceName="jdbc/wmmDS" databaseType="DB2" dataAccessManagerClassName="com.ibm.ws.wmm.db.dao.db2.WMMDB2Dao"/> <!-- *************************************************************************************************************** ldapType adapterClassName configurationFile *************************************************************************************************************** ids com.ibm.ws.wmm.ldap.ibmdir.IBMDirectoryAdapterImpl xml/wmmLDAPAttributes_IDS.xml ids5 com.ibm.ws.wmm.ldap.ibmdir.IBMDirectory5AdapterImpl xml/wmmLDAPAttributes_IDS.xml sunone com.ibm.ws.wmm.ldap.sunone.SunOneDirectoryAdapterImpl xml/wmmLDAPAttributes_SO.xml activedir com.ibm.ws.wmm.ldap.activedir.ActiveDirectoryAdapterImpl xml/wmmLDAPAttributes_AD.xml activedir2003 com.ibm.ws.wmm.ldap.activedir.ActiveDirectory2003AdapterImpl xml/wmmLDAPAttributes_AD.xml domino5 com.ibm.ws.wmm.ldap.domino.DominoLdapAdapterImpl xml/wmmLDAPAttributes_DM.xml domino6 com.ibm.ws.wmm.ldap.domino.Domino6LdapAdapterImpl xml/wmmLDAPAttributes_DM.xml nds com.ibm.ws.wmm.ldap.novell.NovelleDirectoryAdapterImpl xml/wmmLDAPAttributes_NDS.xml *************************************************************************************************************** UUID - The universal unique identifier of the repository adapterClassName - The implementation class name of the repository adapter supportDynamicAttributes - Whether or not support dynamic attributes. Should be set to false for LDAP repository. configurationFile - The LDAP attributes mapping XML file supportGetPersonByAccountName - Whether or not the getPersonByAccountName API is supported profileRepositoryForGroups - Defines the UUIDs of the repositories which can contains members in this repository. supportTransactions - Whether or not the repository supports transaction. Should be set to false for LDAP repository. adminId - The DN of the LDAP administrator which will be used to create the LDPA connection adminPassword - The password of the LDAP administrator ldapHost - The host name or IP address of the LDAP server ldapPort - The LDAP port of the LDAP server ldapTimeOut - The time limit for LDAP search in milliseconds. If the value is 0, this means to wait indefinitely ldapAuthentication - A string specifying the type of authentication to use; one of "none", "simple", "strong", or a provider-specific string ldapType - Reserved for IBM internal use sslEnabled - Whether or not enable SSL sslTrustStore - The absolute path to the truststore used for SSL server authentication. dirContextsMaxSize - Maximum number of connections in the pool. If the value is larger than 0, connection pool is enabled dirContextsMinSize - Minimum number of connections in the pool dirContextTimeToLive - The number of seconds a connection in the connection pool can live cacheAttributes - Whether or not enable Attributes Cache. Attribute Cache stores attributes of the LDAP entries. Attributes Cache is enabled by default. attributesCacheSize - The maximum size of Attributes Cache. attributesCacheTimeOut - How long the cached entries can stay in the Attributes Cache before being invalidated (in seconds) cacheNames - Whether or not enable Names Cache. Names Cache stores the results of LDAP searches. Names Cache is enabled by default. namesCacheSize - The maximum size of Names Cache. namesCacheTimeOut - How long the cached entries can stay in the Names Cache before being invalidated (in seconds) cacheGroups - Whether or not enable Group Cache. Group Cache caches the names (DNs), membership relationships and attributes of all groups under WMM nodes on the LDAP server. Group Cache is disabled by default. If there are large amount of groups (>5000), it is recommended to turn off Groups Cache. groupsCacheTimeOut - How frequently the Group Cache should be refreshed (in seconds). groupMembershipAttributeMap - The name and scope of the membership attribute. Scope includes: direct (default), nested and all. --> <ldapRepository name="wmmLDAP" UUID="LDAP1" adapterClassName="com.ibm.ws.wmm.ldap.novell.NovelleDirectoryAdapterImpl" supportDynamicAttributes="false" configurationFile="xml/wmmLDAPAttributes_NDS.xml" supportGetPersonByAccountName="true" profileRepositoryForGroups="LDAP1" supportTransactions="false" adminId="cn=Admin,dc=youroc,dc=com" adminPassword="******" ldapHost="localhost" ldapPort="636" ldapTimeOut="6000" ldapAuthentication="SIMPLE" ldapType="0" sslEnabled="true" sslTrustStore="C:\WebSphere\AppServer\etc\DummyServerTrustFile.jks" dirContextsMaxSize="10" dirContextsMinSize="5" dirContextTimeToLive="600" cacheGroups="false" groupsCacheTimeOut="600" cacheAttributes="true" attributesCacheSize="2000" attributesCacheTimeOut="600" cacheNames="true" namesCacheSize="2000" namesCacheTimeOut="600" groupMembershipAttributeMap="groupMembership"> <readMemberType> <memberType name="Person" /> <memberType name="Group" /> <memberType name="Organization" /> <memberType name="OrganizationalUnit" /> </readMemberType> <createMemberType> <memberType name="Person" /> <memberType name="Group" /> <memberType name="Organization" /> <memberType name="OrganizationalUnit" /> </createMemberType> <updateMemberType> <memberType name="Person" /> <memberType name="Group" /> <memberType name="Organization" /> <memberType name="OrganizationalUnit" /> </updateMemberType> <deleteMemberType> <memberType name="Person" /> <memberType name="Group" /> <memberType name="Organization" /> <memberType name="OrganizationalUnit" /> </deleteMemberType> <renameMemberType> <memberType name="Person" /> <memberType name="Group" /> <memberType name="Organization" /> <memberType name="OrganizationalUnit" /> </renameMemberType> <moveMemberType> <memberType name="Person" /> <memberType name="Group" /> <memberType name="Organization" /> <memberType name="OrganizationalUnit" /> </moveMemberType> <nodeMaps> <nodeMap node="dc=yourco,dc=com" pluginNode="dc=yourco,dc=com" /> <nodeMap node="cn=users,dc=yourco,dc=com" pluginNode="dc=users,dc=yourco,dc=com" /> <nodeMap node="cn=groups,dc=yourco,dc=com" pluginNode="dc=groups,dc=yourco,dc=com" /> </nodeMaps> <supportedLdapEntryTypes> <supportedLdapEntryType name="Person" rdnAttrTypes="uid" objectClassesForRead="inetOrgPerson" objectClassesForWrite="inetOrgPerson" searchBases="cn=users,dc=yourco,dc=com"/> <supportedLdapEntryType name="Group" rdnAttrTypes="cn" objectClassesForRead="groupOfNames" objectClassesForWrite="groupOfNames" searchBases="cn=groups,dc=yourco,dc=com"/> <supportedLdapEntryType name="Organization" rdnAttrTypes="o" objectClassesForRead="organization" objectClassesForWrite="organization"/> <supportedLdapEntryType name="OrganizationalUnit" rdnAttrTypes="ou" objectClassesForRead="organizationalUnit" objectClassesForWrite="organizationalUnit"/> </supportedLdapEntryTypes> </ldapRepository> </repositories> </wmm>
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.