Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Configure virtual member manager > Adapters > LDAP

Default LDAP configuration mapping based on LDAP server type

Virtual member manager configuration CLIs and WebSphere federated repository LDAP configuration GUI set default values in the wimconfig.xml file, based on the selected LDAP server type.

Default values are set for following properties:

External identifier:

The name of the LDAP attributes used as external ID. For example, “ibm-entryUUID”, “objectGUID”. A special name “distinguishedName” indicates that the DN of the entity is used as the external ID.

<config:attributeConfiguration> 
<config:externalIdAttributes name="dominounid"/> ...

</config:attributeConfiguration> 

Entity types:

Maps the entity type to an objectClass.

<config:ldapEntityTypes name="PersonAccount" searchFilter="">
<config:objectClasses>dominoPerson
</config:objectClasses>
</config:ldapEntityTypes> 

RDN attribute types:

If there is more than one RDN attribute for an entity, maps the RDN property to the objectClass.

<config:ldapEntityTypes name="OrgContainer">
<config:rdnAttributes name="o" objectClass="organization"/>
<config:rdnAttributes name="ou" objectClass="organizationalUnit"/> ...

</config:ldapEntityTypes> 

Member attribute types:

Specifies the Member attribute of the group objects

<config:groupConfiguration>
<config:memberAttributes dummyMember="uid=dummy" name="member"
  objectClass="groupOfNames" scope="direct"/>
</config:groupConfiguration> 

Attribute types:

Maps the vmm property name to the LDAP attribute name (globally or per entity type).

<config:attributeConfiguration>
<config:externalIdAttributes name="dominounid"/>
<config:attributes name="userPassword" propertyName="password"/>
<config:attributes name="cn" propertyName="displayName">
<config:entityTypes>Group
</config:entityTypes>
</config:attributes>
<config:attributes name="cn" propertyName="cn">
<config:entityTypes>Group
</config:entityTypes>
</config:attributes>
<config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration> 

Unsupported properties:

Maps properties that are not supported by the LDAP.

<config:attributeConfiguration>   ...

<config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration> 

Context pool and cache:

<config:contextPool enabled="true" initPoolSize="1" maxPoolSize="0"
  poolTimeOut="0" poolWaitTime="3000" prefPoolSize="3"/>
<config:cacheConfiguration cachesDiskOffLoad="false">
<config:attributesCache attributeSizeLimit="2000" cacheSize="4000"
    cacheTimeOut="1200" enabled="true" cacheDistPolicy="none"/>
<config:searchResultsCache cacheSize="2000" cacheTimeOut="600"
    enabled="true" searchResultSizeLimit="1000" cacheDistPolicy="none"/>
</config:cacheConfiguration> 

Active Directory

External identifier: objectguid

Entity types

Group

objectClasses: group SearchFilter: (ObjectCategory=Group)

OrgContainer

objectClasses: organization, organizationalUnit, domain, container

PersonAccount

objectClasses: user SearchFilter: (ObjectCategory=User)

RDN attribute types for OrgContainer

o

objectClass: organization

ou

objectClass: organizationalUnit

dc

objectClass: domain

cn

objectClass: container

Member attribute types:

Member attribute of the group objects, which is used when searching for members of a group.

member

name: member objectClass: group scope: direct

Membership attribute types:

Membership attribute of the user objects, which is used when searching for groups to which a user belongs.

membership

name: memberOf scope: direct

Attribute Type

userAccountControl

DefaultValue: 544 EntityTypes: PersonAccount

samAccountName

DefaultValue: uid EntityTypes: PersonAccount

samAccountName

DefaultValue: cn EntityTypes: Group

groupType

DefaultValue: 8 EntityTypes: Group

unicodePwd

PropertyName: password Syntax: unicodePwd

ADAM does not use samAccountName. The following are the mappings for ADAM

uid

DefaultValue: uid EntityTypes: PersonAccount

cn

DefaultValue: cn EntityTypes: Group

Unsupported properties:

• description
• jpegPhoto
• labeledURI
• carLicense
• pager
• roomNumber
• localityName
• stateOrProvinceName
• countryName
• employeeNumber
• employeeType
• businessCategory
• departmentNumber
• homeAddress
• businessAddress

IBM Directory Server and z/OS Directory Server

External identifier: ibm-entryuuid

Entity types

Group

objectClasses: groupOfNames

OrgContainer

objectClasses: organization, organizationalUnit, domain, container

PersonAccount

objectClasses: inetOrgPerson

RDN attribute types

o

objectClass: organization

ou

objectClass: organizationalUnit

dc

objectClass: domain

cn

objectClass: container

Member attribute type

member

objectClass: groupOfNames DummyMember: uid=dummy scope: direct

Attribute type

userPassword

PropertyName: password

Unsupported properties:

• homeAddress
• businessAddress

Domino Server

External identifier: dominounid (not set by the CLI because it is not defined by default in all of the Domino LDAP schema)

Entity types

Group

objectClasses: groupOfNames

OrgContainer

objectClasses: organization, organizationalUnit, domain, container

PersonAccount

objectClasses: inetOrgPerson

RDN attribute types

o

objectClass: organization

ou

objectClass: organizationalUnit

dc

objectClass: domain

cn

objectClass: container

Member attribute type

member

objectClass: groupOfNames DummyMember: uid=dummy scope: direct

Attribute type

userPassword

PropertyName: password

Unsupported properties:

• homeAddress
• businessAddress

Novell Directory Services, Sun ONE and Sun Java System Directory Servers

External identifier: guid (NDS), nsuniqueid (Sun)

Entity types

Group

• NDS: objectClass: groupOfNames
• Sun: objectClass: groupOfUniqueNames

OrgContainer

objectClasses: organization, organizationalUnit, domain, container

PersonAccount

objectClasses: inetOrgPerson

RDN attribute types

o

objectClass: organization

ou

objectClass: organizationalUnit

dc

objectClass: domain

cn

objectClass: container

Member attribute type

member

• NDS: Name: member objectClass: groupOfNames scope: direct
• Sun: Name: uniquemember objectClass: groupOfUniqueNames scope: direct

Attribute type

userPassword

propertyName: password

Unsupported properties:

• homeAddress
• businessAddress

Context pool and cache configuration for all directory servers

Context pool

• enabled: true
• initPoolSize: 1
• maxPoolSize: 0
• prefPoolSize: 3
• poolTimeout: 0
• poolWaitTime: 3000

Attributes Cache

• enabled: true
• cacheSize: 4000
• cacheTimeOut: 1200
• attributeSizeLimit: 2000
• cacheDistPolicy: none

Search cache

• enabled: true
• cacheSize: 2000
• cacheTimeOut: 600
• searchResultSizeLimit: 1000
• cacheDistPolicy: none

Default LDAP datetime format based on LDAP server type

Active Directory

Format: yyyyMMddHHmmss.SZ

Example: 20100708135722.0Z

Tivoli Directory Server

Format: yyyyMMddHHmmss[.fraction]Z (Fraction of the second is optional.)

Example 1: 20090711150348.000000Z

Example 2: 20090711150348.000Z

Example 3: 20090711150348Z

SunONE

Format: yyyyMMddHHmmssZ

Example: 20090721194630Z

Domino

Format: yyyyMMddHHmmssZ

Example: 20090721194630Z

Novell Directory Server

Format: yyyyMMddHHmmssZ

Example: 20090721194630Z

Custom

Custom LDAP adapter supports the following formats:

Format: yyyyMMddHHmmss.SZ

Example: 20040708135722.0Z

Format: yyyyMMddHHmmssZ

Example: 20060120153334Z

Parent topic: LDAP

---

+

Search Tips   |   Advanced Search