WAS v8.5 > Reference > Administrator best practices

Federated repositories limitations

This topic outlines known limitations and important information for configuring federated repositories.


Configure federated repositories in a mixed-version environment

In a mixed-version deployment manager cell containing both v6.1.x and v5.x or 6.0.x nodes, the following limitations apply for configuring federated repositories:


Configure LDAP servers in a federated repository

The LDAP connection connectTimeout default value is 20 seconds. LDAP should respond within 20 seconds for any request from WebSphere Application Server. If we cannot connect to the LDAP within this time, verify the LDAP is running. A connection error displays at the top of the LDAP configuration panel when the connection timeout exceeds 20 seconds.


Coexisting with Tivoli Access Manager

For Tivoli Access Manager to coexist with a federated repositories configuration, the following limitations apply:


Limitation for configuring active directories with their own federated repository realms

To use the dmgr console to perform a wildcard search for all available users on two Active Directories, and to prevent multiple entries exceptions with all built-in IDs, first configure each Active Directory with it's own federated repository realm.

However, we cannot use the dmgr console to configure each Active Directory with it's own federated repository realm. We can instead use a wsadmin script similar to the following:

$AdminTask createIdMgrRealm {-name AD1realm}
$AdminTask addIdMgrRealmBaseEntry {-name AD1realm -baseEntry o=AD1}

$AdminTask createIdMgrRealm {-name AD2realm}
$AdminTask addIdMgrRealmBaseEntry {-name AD2realm -baseEntry o=AD2}

$AdminConfig save


Limitation for repository ID in federated repositories configuration

In a federated repositories configuration, the repository ID must not exceed a length of 36 characters. If the repository ID exceeds 36 characters, an error may occur while retrieving or storing data, especially if the property extension repository is configured.


z/OS LDAP server with RACF not supported

WAS federated repositories DO NOT support a z/OS LDAP server with an SDBM backend (resource access control facility (RACF)).


Related


Manage the realm in a federated repository configuration


Reference:

Standalone LDAP registry settings
IdMgrRealmConfig command group for AdminTask


+

Search Tips   |   Advanced Search