Set a property extension repository in a federated repository configuration
Follow this task to configure a property extension repository to store attributes that cannot be stored in the LDAP server.
For security and business reasons, we might not want to not allow write operations to the repositories. However, applications calling the federated repository configuration might need to store additional properties for the entities. A federated repository configuration provides a property extension repository, which is a database regardless of the type of main profile repositories, for a propertylevel join configuration. For example, a company that uses an LDAP directory for its internal employees and a database for external customers and business partners might not allow write access to its LDAP and its database. The company can use the property extension repository in a federated repository configuration to store additional properties for the people in those repositories, excluding the user ID. When an application uses the federated repository configuration to retrieve an entry for a person, the federated repository configuration transparently joins the properties of the person that is retrieved from either the LDAP or the customer’s database with the properties of the person that is retrieved from the property extension repository into a single logical person entry. When you configure a property extension repository, we can supply a valid data source, a direct connection configuration, or both. The system first tries to connect by way of the data source. If the data source is not available, then the system uses the direct access configuration. Restriction: We cannot configure a property extension repository in a mixedversion dmgr cell.
- Set the data source. See Set the WAS data source.
- If adding new properties (including properties that are stored in the property extension repository) to the schema, do the following before you create the property extension repository.
- Open or create the wimxmlextension.xml file under the $WP_PROFILE\config\cells\mycell\wim\model directory.
Make sure the editor is on the dmgr node.
- Add the schema definition of the new property.
The following sample wimxmlextension.xml file adds a new property called ibmotherEmail to both the Person and PersonAccount entity types. This new property type is "String" and it is multiplevalued.
<sdo:datagraph xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim"> <wim:schema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-otherEmail"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-personalTitle"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-middleName"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-generationQualifier"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-regionalLocale"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-timeZone"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-preferredCalendar"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-alternativeCalendar"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-firstDayOfWeek"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-firstWorkDayOfWeek"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-gender"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-hobby"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> </wim:schema> </sdo:datagraph>Available data types are defined in com.ibm.websphere.wim.SchemaConstants. For example:/** * Instance Class: java.lang.String */ String DATA_TYPE_STRING = "String"; /** * Instance Class: int */ String DATA_TYPE_INT = "Int"; /** * Instance Class: java.lang.Object */ String DATA_TYPE_DATE = "Date"; /** * Instance Class: dobjava.lang.Object */ String DATA_TYPE_ANY_SIMPLE_TYPE = "AnySimpleType"; /** * Instance Class: java.lang.String */ String DATA_TYPE_ANY_URI = "AnyURI"; /** * Instance Class: java.lang.boolean */ String DATA_TYPE_BOOLEAN = "Boolean"; /** * Instance Class: long */ String DATA_TYPE_LONG = "Long"; /** * Instance Class: double */ String DATA_TYPE_DOUBLE = "Double"; /** * Instance Class: short */ String DATA_TYPE_SHORT = "Short";- Follow the example inside this file to define the new property definitions. The schema file for wimlaproperties.xml is wimdbproperty.xsd and is in the same directory. It can be used for reference.
- Run the setupIdMgrPropertyExtensionRepositoryTables command to create the property extension repository and to add the new properties.
- Set up the property extension repository using wsadmin by following the procedure discussed in Set up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands; ignore the "Before beginning" options.
- Set the property extension repository by completing the following steps:
- In the admin console, click...
Security | Global security
- Under User account repository, select Federated repositories, and click Configure.
- Click Property extension repository.
- Supply the name of the data source in the Data source name field.
- Select the type of database used for the property extension repository.
- Supply the name of the Java database connectivity (JDBC) driver in the JDBC driver field. Values include:
- DB2
- com.ibm.db2.jcc.DB2Driver
- Oracle
- oracle.jdbc.driver.OracleDriver
- Informix
- com.informix.jdbc.IfxDriver
- Microsoft SQL Server
- com.microsoft.jdbc.sqlserver.SQLServerDriver
- Derby
- org.apache.derby.jdbc.EmbeddedDriver
- Supply the database URL used to access the property extension repository with JDBC in the Database URL field. Use an alphanumeric text string that conforms to the standard JDBC URL syntax. Values include:
- DB2
- jdbc:db2: //<hostname>:<port>/<DB2location>
- Oracle
- jdbc:oracle:thin:@<hostname>:<port>:<dbname>
- Derby
- jdbc:derby:c:\derby\wim
- Microsoft SQL Server
- jdbc:microsoft:sqlserver: //<hostname>:1433;databaseName=wim;selectmethod=cursor;
- Informix
- jdbc:informixsqli: //<hostname>:1526/wim:INFORMIXSERVER=<IFXServerName>;
- Supply the user name of the database administrator in the Database administrator user name field.
- Supply the password of the database administrator in the field.
- Specify the entity retrieval limit in the Entity retrieval limit field. The entity retrieval limit is the maximum number of entities that the system can retrieve from the property extension repository with a single database query. The default value is 200.
- Click OK.
Results
After completing these steps, the federated repository configuration, which includes a property extension repository, is configured.
Next steps
- If enabling security, complete the remaining steps as specified in Enable security for the realm. As the final step, validate this setup by clicking Apply in the Secure administration, applications, and infrastructure panel.
- Save, stop, and restart all WAS servers (dmgrs, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.
Property extension repository settings
Set up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands
Set the WAS data source