Administer > Manage instances > WCS instance > Configure directory services (LDAP) with WebSphere Commerce

Replication for LDAP

The ldapentry.xml file is used to configure which attributes are synchronized between the LDAP server and the WebSphere Commerce database. Some commonly used attributes are specified by default.

The actual synchronization is done by synchronization beans.

• The Logon command is used.

• A single sign-on LTPA token is read.

• A registration command,such as...
  • UserRegistrationAdd
  • OrgEntityUpdate)

• The UserRegistrationDataBean or OrgEntityDataBean data bean is used.

An organization of type authorization domain, AD, (defined in the ORGENTITYTYPE column of the ORGENTITY table) would only exist in WebSphere Commerce, that is it would not be replicated to LDAP. The authorization domain is intended to own non-member assets such as a store. The authorization domain should not have any users or sub-organizations of type OU or O.

Access attributes that only exist in LDAP

WebSphere Commerce can access attributes that only exist in LDAP. In the ldapentry.xml file, map -ldapAttribute - flow specifies how the attribute value is read from and written to LDAP:

ldapOnly

The value exists only on LDAP, not the WebSphere Commerce database. These attributes will be accessible from the following APIs:

• UserSyncBean.getProperty(String propertyName)

• OrganizationSyncBean.getProperty(String propertyName)

That will in turn make it available to the following data beans:

• UserRegistrationDataBean.getAttribute(String attributeName)

• OrgEntityDataBean.getAttribute(String attributeName)

In turn, the GetPerson and GetOrganization services will populate the Person and Organization SDOs with these attributes when using the IBM_All access profile:

• /Person/Attributes

• /Organization/Attributes

Synchronization of multi-valued LDAP attributes to the MBRATTRVAL table

The MBRATTRVAL table is used for storing custom member attributes. The table can store multiple values (rows) for a single attribute and user. LDAP can handle multivalued attributes.

For example:

<map>
    <objectAttribute attrName="JobFunction_10001_r_n"/>
    <ldapAttribute name="telephoneNumber" operation="replace" flow="bothDirections"/>
</map> 

Original mapping:

<!--
<map>
    <objectAttribute attrName="phone1"/>
    <ldapAttribute name="telephoneNumber" operation="add" flow="bothDirections"/>
</map> -->

The telephoneNumber VMM attribute maps to the attribute...

JobFunction_10001_r_n

This WebSphere Commerce attribute, based on the naming convention, is a custom member attribute, whose values are stored in the MBRATTRVAL table.

The member attribute name ends with _n to indicate that it is multivalued.

If there are multiple values in the MBRATTRVAL table, they are synchronized over to multiple values in LDAP. Conversely, if there are multiple values in LDAP, they are synchronized to multiple rows in the MBRATTRVAL table.

The following URL is an example of how to add or update two JobFunction values for the current user:

https://localhost/webapp/wcs/stores/servlet/UserRegistrationUpdate?storeId=10101&catalogId=10101&langId=-1&editRegistration=Y&JobFunction_10101_r_1=manager&JobFunction_10101_r_2=clerk&URL=UserRegistrationForm

Note the two occurrences of JobFunction updates in the URL string.

JobFunction_10101_r_1	manager
JobFunction_10101_r_2	clerk

See also

1. ldapentry.xml
2. List of attributes that can be synchronized with LDAP

Previous topic: Enable security with federated repositories

Next topic: Enable WebSphere Commerce Payments for use with LDAP

+

Search Tips   |   Advanced Search