Configure entity types in a federated repository
Supported entity types:
Base entry for the default parent Repository location for entity for write operations Group entity Simple collection of entities that might not have any relational context. PersonAccount entity Human being. OrgContainer entity Organization, such as a company or an enterprise, a subsidiary, or an organizational unit, such as a division, a location, or a department. We cannot add or delete the supported entity types, because these types are predefined.
To manage users and groups, click...
Users and Groups > [Manage Users | Manage Groups]
To manage users and groups for a specific domain in a multiple security domain environment, click...
Security > Global security Security Domains > domain_name > Security Attributes > User Realm > Customize for this domain > Realm type > Federated repositories
Click Apply and Save to the master configuration.
Links to manage users and groups for a specific domain are displayed only after we save the federated repositories configuration for the domain.
On Security domains panel that appears, click...
domain_name > User realm > Manage users or Manager Groups links
If the federated repository has changed we must restart the server or dmgr before using the Manage Users option. Otherwise, user or group changes made to the repository could be lost after restart.
Tasks
- In the administrative console, click...
Security > Global security > User account repository > > Available realm definitions > Federated repositories > Configure
To configure for a specific domain in a multiple security domain environment, click...
Security domains > domain_name > Security Attributes > User Realm > Customize for this domain
Select the Realm type as Federated repositories and then click Configure.
- Click Supported entity types to view a list of predefined entity types.
Entity Type Base Entry for the Default Parent Relative Distinguished Name (RDN) Group o=defaultWIMFileBasedRealm cn OrgContainer o=defaultWIMFileBasedRealm o;ou;dc;cn PersonAccount o=defaultWIMFileBasedRealm uid - Click the name of a predefined entity type to change its configuration.
- For the default parent field supply the distinguished name of a base entry in the repository.
This default parent is the location in the repository where entities of this type are placed on write operations.
- Supply the relative distinguished name (RDN) properties for the specified entity type in the Relative Distinguished Name properties field.
Possible values are cn for Group, uid or cn for PersonAccount, and o, ou, dc, and cn for OrgContainer. Delimit multiple properties for the OrgContainer entity with a semicolon (;).
The following list outlines known requirements and limitations that apply to specific LDAP servers:
- Use Microsoft Active Directory as the LDAP server
- Unless we modify the LDAP schema to use uid, we must specify cn in the Relative Distinguished Name (RDN) properties field for the PersonAccount entity type.
- Secure Sockets Layer communications must be enabled to create users with passwords. To select the Require SSL communications option, see the topic Configure LDAP in a federated repository configuration.
- Typically the value of user is specified as the value in the Object classes field for the PersonAccount entity type and the value of group is specified as the value in the Object classes field for the Group entity type.
- Use a Lotus Domino Enterprise Server as the LDAP server
- Typically, the value of cn is specified in the Relative Distinguished Name (RDN) properties field for the PersonAccount entity type. The value of uid is also acceptable.
- Typically, both inetOrgPerson and dominoPerson are used as values in the Object classes field for the PersonAccount entity type.
- Use Sun ONE Directory Server as the LDAP server
- Typically, groupOfUniqueNames is specified as the value in the Object classes field for the Group entity type.
- Click OK.
After completing these steps, the federated repository configuration, which uses supported entity types, is configured.
What to do next
- After configuring the federated repositories, return to the Global security panel...
Security > Global security
Verify that Federated repositories is identified in the Current realm definition field. If Federated repositories is not identified, select...
Available realm definitions > Federated repositories > Set as current
To verify the federated repositories configuration, click Apply on the panel. If Federated repositories is not identified in the Current realm definition field, the federated repositories configuration is not used by WebSphere Application Server.
- If we are enabling security, complete the remaining steps as specified in Enable WebSphere Application Server security. As the final step, validate this setup by clicking Apply on the Global security panel.
- Save, stop, and restart all the product servers (deployment managers, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.
Subtopics