+

Search Tips   |   Advanced Search

 

Configure dynamic member attributes in a federated repository configuration

 

Follow this task to configure dynamic member attributes in a federated repository configuration. Because dynamic member attributes apply only to a Lightweight Directory Access Protocol (LDAP) repository, first configure an LDAP repository. For more information, see Manage repositories in a federated repository configuration.

 

Procedure

  1. In the console, click Security > Secure administration, applications, and infrastructure.

  2. Under User account repository, select Federated repositories from the Available realm definitions field and click Configure.

  3. Under Related items, click Manage repositories.

  4. Click Add to specify a new external repository or select an external repository that is preconfigured.

    If you click Add to specify a new external repository, first complete the required fields and click Apply before you can proceed to the next step.

  5. Under Additional properties, click Group attribute definition.

  6. Under Additional properties, click Dynamic member attributes.

  7. Click New to specify a new dynamic member attribute or Delete to remove a preconfigured dynamic member attribute.

  8. Accept the default, or supply the name of the dynamic member attribute in the Name of dynamic member attribute field. The name of the dynamic member attribute defines the filter for dynamic group members in LDAP, for example, memberURL is the name of a commonly used dynamic member attribute.

    If both member and dynamic member attributes are specified for the same group type, this group type is a hybrid group with both static and dynamic members.

    A dynamic group defines its members differently than a static group. Instead of listing the members individually, the dynamic group defines its members using an LDAP search. The filter for the search is defined in a dynamic member attribute. For example, the dynamic group uses the structural objectclass groupOfURLs, or auxiliary objectclass ibm-dynamicGroup, and the attribute memberURL, to define the search using a simplified LDAP URL syntax:

    ldap:///<base DN of search> ? ? <scope of search> ? <searchfilter>

    The following is an example of the LDAP URL that defines all entries that are under o=Acme with the objectclass=person:

    ldap:///o=Acme,c=US??sub?objectclass=person

  9. Supply the object class of the group that contains the dynamic member attribute in the Dynamic object class field, for example, groupOfURLs. If this property is not defined, the dynamic member attribute applies to all group object classes.

 

Results

After completing these steps, dynamic member attributes are configured for your LDAP repository.

 

What to do next

  1. After configuring the federated repositories, click Security > Secure administration, applications, and infrastructure to return to the Secure administration, applications, and infrastructure panel. Verify that Federated repositories is identified in the Current realm definition field. If Federated repositories is not identified, select Federated repositories from the Available realm definitions field and click Set as current. To verify the federated repositories configuration, click Apply on the Secure administration, applications, and infrastructure panel. If Federated repositories is not identified in the Current realm definition field, your federated repositories configuration is not used by WebSphere Application Server.

  2. If you are enabling security, complete the remaining steps as specified in Enabling security for the realm. As the final step, validate this setup by clicking Apply in the Secure administration, applications, and infrastructure panel.

  3. Save, stop, and restart all the product servers (deployment managers, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.



Dynamic member attributes collection

Dynamic member attributes settings