+

Search Tips   |   Advanced Search

Configure entity types in a federated repository

Supported entity types:

We cannot add or delete the supported entity types, because these types are predefined.

To manage users and groups, click...

To manage users and groups for a specific domain in a multiple security domain environment, click...

Click Apply and Save to the master configuration.

Links to manage users and groups for a specific domain are displayed only after we save the federated repositories configuration for the domain.

On Security domains panel that appears, click...

If the federated repository has changed we must restart the server or dmgr before using the Manage Users option. Otherwise, user or group changes made to the repository could be lost after restart.


Tasks

  1. In the administrative console, click...

      Security > Global security > User account repository > > Available realm definitions > Federated repositories > Configure

    To configure for a specific domain in a multiple security domain environment, click...

      Security domains > domain_name > Security Attributes > User Realm > Customize for this domain

    Select the Realm type as Federated repositories and then click Configure.

  2. Click Supported entity types to view a list of predefined entity types.

      Entity Type Base Entry for the Default Parent Relative Distinguished Name (RDN)
      Group o=defaultWIMFileBasedRealm cn
      OrgContainer o=defaultWIMFileBasedRealm o;ou;dc;cn
      PersonAccount o=defaultWIMFileBasedRealm uid

  3. Click the name of a predefined entity type to change its configuration.

  4. For the default parent field supply the distinguished name of a base entry in the repository.

    This default parent is the location in the repository where entities of this type are placed on write operations.

  5. Supply the relative distinguished name (RDN) properties for the specified entity type in the Relative Distinguished Name properties field.

    Possible values are cn for Group, uid or cn for PersonAccount, and o, ou, dc, and cn for OrgContainer. Delimit multiple properties for the OrgContainer entity with a semicolon (;).

    The following list outlines known requirements and limitations that apply to specific LDAP servers:

      Use Microsoft Active Directory as the LDAP server

      • Unless we modify the LDAP schema to use uid, we must specify cn in the Relative Distinguished Name (RDN) properties field for the PersonAccount entity type.

      • Secure Sockets Layer communications must be enabled to create users with passwords. To select the Require SSL communications option, see the topic Configure LDAP in a federated repository configuration.

      • Typically the value of user is specified as the value in the Object classes field for the PersonAccount entity type and the value of group is specified as the value in the Object classes field for the Group entity type.

      Use a Lotus Domino Enterprise Server as the LDAP server

      • Typically, the value of cn is specified in the Relative Distinguished Name (RDN) properties field for the PersonAccount entity type. The value of uid is also acceptable.

      • Typically, both inetOrgPerson and dominoPerson are used as values in the Object classes field for the PersonAccount entity type.

      Use Sun ONE Directory Server as the LDAP server

      • Typically, groupOfUniqueNames is specified as the value in the Object classes field for the Group entity type.

  6. Click OK.

After completing these steps, the federated repository configuration, which uses supported entity types, is configured.


What to do next

  1. After configuring the federated repositories, return to the Global security panel...

    Verify that Federated repositories is identified in the Current realm definition field. If Federated repositories is not identified, select...

      Available realm definitions > Federated repositories > Set as current

    To verify the federated repositories configuration, click Apply on the panel. If Federated repositories is not identified in the Current realm definition field, the federated repositories configuration is not used by WebSphere Application Server.

  2. If we are enabling security, complete the remaining steps as specified in Enable WebSphere Application Server security. As the final step, validate this setup by clicking Apply on the Global security panel.

  3. Save, stop, and restart all the product servers (deployment managers, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.


Subtopics