+

Search Tips   |   Advanced Search

Configure supported entity types in federated repository

The supported entity types are...

A Group entity represents a simple collection of entities that might not have any relational context. An OrgContainer entity represents an organization, such as a company or an enterprise, a subsidiary, or an organizational unit, such as a division, a location, or a department. A PersonAccount entity represents a human being. We cannot add or delete the supported entity types, because these types are predefined.

The Base entry for the default parent determines the repository location where entities of the specified type are placed on write operations by user and group management.

To manage users and groups, click Users and Groups in the console navigation tree, then click either Manage Users or Manage Groups.

To manage users and groups for a specific domain in a multiple security domain environment, click...

On Security domains panel that appears, click the domain_name again to go to the domain configuration panel. Under User realm, click the Manage users or Manager Groups links that are displayed now. These links to manage users and groups for a specific domain are displayed only after you save the federated repositories configuration for the domain.

You must restart the server or dmgr if the federated repository has changed before using the Manage Users option. Otherwise, user or group changes made to the repository could be lost after restart.

  1. In the console, click...

      Security | Global security | User account repository | Available realm definitions | Federated repositories | Configure

    To configure for a specific domain in a multiple security domain environment, click...

      Security domains | domain_name | Security Attributes | User Realm | Customize for this domain | Realm type | Federated repositories | Configure

  2. To view a list of predefined entity types, click...

      Supported entity types

  3. Click the name of a predefined entity type to change its configuration.

  4. Supply the distinguished name of a base entry in the repository in the Base entry for the default parent field. This entry determines the default location in the repository where entities of this type are placed on write operations by user and group management.

  5. Supply the relative distinguished name (RDN ) properties for the specified entity type in the Relative Distinguished Name properties field. Possible values are cn for Group, uid or cn for PersonAccount, and o, ou, dc, and cn for OrgContainer. Delimit multiple properties for the OrgContainer entity with a semicolon (;).

    The following list outlines known requirements and limitations that apply to specific LDAP servers:

    Use Microsoft Active Directory as the LDAP server

    Use a Lotus Domino Enterprise Server as the LDAP server

    • Typically, the value of cn is specified in the Relative Distinguished Name (RDN) properties field for the PersonAccount entity type. The value of uid is also acceptable.

    • Typically, both inetOrgPerson and dominoPerson are used as values in the Object classes field for the PersonAccount entity type.

    Use Sun ONE Directory Server as the LDAP server

    • Typically, groupOfUniqueNames is specified as the value in the Object classes field for the Group entity type.

  6. Click OK.


Results

After completing these steps, the federated repository configuration, which uses supported entity types, is configured.


What to do next

  1. After configuring the federated repositories, to return to the Global security panel...

      Security | Global security

    Verify that Federated repositories is identified in the Current realm definition field. If Federated repositories is not identified, select...

      Available realm definitions field | Federated repositories | Set as current

    To verify the federated repositories configuration, click Apply on the Global security panel. If Federated repositories is not identified in the Current realm definition field, the federated repositories configuration is not used by WAS.

  2. If we are enabling security, complete the remaining steps as specified in Enable security for the realm. As the final step, validate this setup by clicking Apply on the Global security panel.

  3. Save, stop, and restart all the product servers (deployment managers, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.


Subtopics

Task topic