Manually configure a LDAP repository in a federated repository configuration

Before beginning, the LDAP repository should be configured in WAS and contain the following informatino....

Item Name	Example
Repository identifier	ldaprepo1
Directory type	IBM Tivoli Directory Server
Primary host name	localhost
Port	389
Bind distinguished name	cn=ldapadmin
Bind password	yourpwd
Login properties	uid (a property containing login information)

 

Procedure

1. Map the federated repository entity types to the LDAP object classes.

   1. Set the LDAP repository to match the used LDAP object class for users.

      1. In the admin console, click...

         Security | Global security | User account repository | Available realm definitions | Federated repositories | Configure
         Related items| Manage repositories | repository_name | LDAP entity types | PersonAccount
         • Insert the objectclass name used in our LDAP server, for example, inetOrgPerson.

         • Click Apply.

         • Click Save.
   2. Group attribute definition settings for an explanation of Set the LDAP repository to match the used LDAP objectclass for groups

      1. In the admin console, click...
         Security | Global security | User account repository | Available realm definitions | Federated repositories | Configure | Related items | Manage repositories | repository_name | LDAP entity types | Group

      2. Insert the objectclass name used for the LDAP server, for example, groupOfUniqueNames.

      3. Click Apply.

      4. Click Save.

2. Map the federated repository property names to the LDAP attribute names.

   1. Set the LDAP repository to match the used LDAP attributes for a user.

      1. Edit the file

         WAS_HOME/profiles/{profileName}/config/cells/{cellName}/wim/config/wimconfig.xml
         • Look for the section in this file containing the LDAP repository configuration, For example,

           <config:repositories xsi:type="config:LdapRepositoryType"  
                                adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAda pter" 
                                id="ldaprepo1" 
                                ...  >
           
               <config:attributeConfiguration>
           
                   <config:attributes name="anLDAPattribute"  propertyName="aVMMattribute"/>
           
               <config:attributeConfiguration>
           

         • Add an element of type config:attributes to define the mapping between a given federated depository property name, such as departmentNumber, to a desired LDAP attribute name, such as warehouseSection.

           For all given federated depository properties, a one-to-one mapping is assumed. If no explicit mapping of the above type is defined, for example the federated repository property departmentNumber, the underlying LDAP attribute name, departmentNumber is assumed.

   2. Set the unsupported properties of the federated repository.To indicate that a given federated repository property, such as departmentNumber is not supported by any LDAP attributes, we need to define the following type of element:

      <config:repositories xsi:type="config:LdapRepositoryType"  
                           adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter"  
                           id="ldaprepo1" 
                           ...> 
      
      <config:attributeConfiguration>
      
          <config:propertiesNotSupported name=" departmentNumber"/>
      
      <config:attributeConfiguration>
      
      

   3. Set the LDAP repository to match the used LDAP user membership attribute in the groups.

      1. In the admin console, click...
         Security | Global security User account repository | Federated repositories | Configure | Related items | Manage repositories | repository_name | Group attribute definitions | Member attributes

      2. Check if the LDAP attributes (for example, uniqueMember) is specified for the LDAP objectclass (for example, groupOfUniqueNames).

         • If not specified, click New and add the pair (objectclass / member attribute name) that applies to the LDAP schema (for example, uniqueMember / groupOfUniqueNames

         • If specified, proceed.

      3. Click Apply.

      4. Click Save.

3. Map other LDAP settings by configuring a new base entry for the new LDAP repository.

   1. In the admin console, click....
      Security | Global security | User account repository | Federated repositories | Configure Add Base Entry to Realm | repository_name

   2. Specifiy:

      • The base entry within the federated repository realm, for example, o=Default Organization

      • The base entry within the LDAP repository, for example, o=Default Organization

   3. Click Apply.

   4. Click Save.
   For an explanation of base entries, see Set supported entity types in a federated repository configuration

 

Results

After completing these steps, the federated repository matches the LDAP server settings.

 

Next steps

 

Related tasks

LDAP default mappings
Set supported entity types in a federated repository configuration
Manage the realm in a federated repository configuration LDAP repository settings