Replication for LDAP
WebSphere Commerce supports using LDAP for authentication and for storing authentication and profile data. Some of the data is replicated between the WebSphere Commerce database and the LDAP server. Most of the replication can be configured using the ldapentry.xml file. Replication takes place in the following cases:
- The Logon command is used.
- A single sign-on LTPA token is read.
- A registration command (such as UserRegistrationAdd and OrgEntityUpdate) is used.
- The UserRegistrationDataBean or OrgEntityDataBean data bean is used.
An organization of type authorization domain, AD, (defined in the ORGENTITYTYPE column of the ORGENTITY table) would only exist in WebSphere Commerce, that is it would not be replicated to LDAP. The authorization domain is intended to own non-member assets such as a store. The authorization domain should not have any users or sub-organizations of type OU or O.
Related concepts
WebSphere Commerce authentication model
Related tasks
Enabling security with an LDAP user registry
Related Reference