Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

---

 

Map external IDs (extId) in Member Manager

 

+

Search Tips   |   Advanced Search

 

Overview

Every main profile repository that is used with Member Manager needs to have an attribute whose value is...

• Unique
• Static
• Never reused for every member entry

In Member Manager, this attribute is called extId.

If a Lookaside repository is also used with Member Manager, extId allows Member Manager to associate data for a member in the Lookaside repository to the data for the same member in the main profile repository.

WebSphere Portal Express provides three ways to map the external IDs in the LDAP repository:

1. Map external IDs to a unique ID attribute generated by the LDAP server
2. Map external IDs to a unique ID attribute that is generated by Member Manager (ibm-appUUID)
3. Map external IDs to the distinguished name of the member

Change the external ID after configuring your LDAP user registry but before you customize IBM WebSphere Portal Express; otherwise, changing the ID will cause all role mappings, personalization of pages, and other resources such as Web Content Management documents to be lost.

 

Map external IDs to a unique ID attribute generated by the LDAP server

If you are using an LDAP server with Member Manager, it is likely that your LDAP server already has an attribute whose value is unique, static, and never reused. In this case, you should map that attribute to the extId attribute in Member Manager and set wmmGenerateExtId to false.

To map external IDs to a unique ID attribute that is generated by the LDAP server:

1. Open....

   portal_server_root/wmm/wmm.xml

   ...search for wmmGenerateExtId, and set it to false.

2. Map extId. Open...

   portal_server_root/wmm/wmmLDAPServerAttributes.xml

   This file is different for each LDAP server type.

   • Tivoli Directory Server Version 6.0 has a unique ID attribute called ibm-entryUuid that has a string data type.

        
     <attributeMap wmmAttributeName="extId"    
                   applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                   pluginAttributeName="ibm-entryUuid"
                   dataType="String"          
                   multiValued="false"
                   readOnly="true"/>

   • Sun Java System Directory Server Version 6.0 has a unique ID attribute called nsuniqueid that has a string data type.

        
     <attributeMap wmmAttributeName="extId"    
                      applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                      pluginAttributeName="nsuniqueid"
                      dataType="String"       
                      multiValued="false"
                      readOnly="true"/>

   • Microsoft Active Directory server has a unique ID attribute called objectGUID that has an octet string type.

        
     <attributeMap wmmAttributeName="extId" 
                      applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                      pluginAttributeName="objectGUID"
                      dataType="String"
                      pluginDataType="OctetString"
                      multiValued="false"
                      readOnly="true"/>

   • Novell eDirectory has a unique ID attribute called GUID that has an octet string type.

        
     <attributeMap wmmAttributeName="extId" 
                      applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                      pluginAttributeName="GUID"
                      dataType="String"
                      pluginDataType="OctetString"
                      multiValued="false"
                      readOnly="true"/>

 

Map external IDs to a unique ID attribute that is generated by Member Manager (ibm-appUUID)

If your LDAP server does not have an attribute whose value is unique, static, and never reused, you can set wmmGenerateExtId to true. In this case, Member Manager attaches the LDAP auxiliary class ibm-appUUIDAux with an attribute ibm-appUUID to every LDAP entry that is accessed by Member Manager. The ibm-appUUID attribute is the unique, static, and never reused attribute that is added by Member Manager to your LDAP server entries.

To map external IDs to a unique ID attribute that is generated by Member Manager:

1. Create the schema of the ibm-appUUIDAux auxiliary object class and the ibm-appUUID attribute on the LDAP server. To do this, refer to the documentation for configuring Directory Server for Member Manager.

2. Open portal_server_root/wmm/wmm.xml, search for wmmGenerateExtId, and set it to true.

3. In wmm.xml, add ibm-appUUIDAux object class to all member types:

   <supportedLdapEntryTypes>
   
      <supportedLdapEntryType name="Person"
                              rdnAttrTypes="uid" 
                              objectClassesForRead="inetOrgPerson"
                              objectClassesForWrite="inetOrgPerson;ibm-appUUIDAux"/>
   
      <supportedLdapEntryType name="Group"
                              rdnAttrTypes="cn"      
                              objectClassesForRead="groupOfNames"
                              objectClassesForWrite="groupOfNames;ibm-appUUIDAux"/>
   
      <supportedLdapEntryType name="Organization"
                              rdnAttrTypes="o" 
                              objectClassesForRead="organization"
                              objectClassesForWrite="organization;ibm-appUUIDAux"/>
   
      <supportedLdapEntryType name="OrganizationalUnit"
                                 rdnAttrTypes="ou" 
                                 objectClassesForRead="organizationalUnit"
                                 objectClassesForWrite="organizationalUnit;ibm-appUUIDAux"/>
   </supportedLdapEntryTypes>
   

4. Open...

   portal_server_root/wmm/wmmLDAPServerAttributes.xml

   ...and map extId to ibm-appUUID.

       
   <attributeMap wmmAttributeName="extId"        
                 applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                 pluginAttributeName="ibm-appUUID"
                 dataType="String"               
                 multiValued="false"
                 readOnly="true"/>

 

Map external IDs to the distinguished name of the member

If your LDAP server does not have an attribute whose value is unique, static, and never reused, and you do not want Member Manager to attach auxiliary classes to your LDAP entries, you can map the extId attribute to the LDAP distinguished name (DN).However, because the value of extId is meant to be unique, static, and never reused, by mapping the LDAP DN to extId, you assume that LDAP DN values are not only unique, but also static and never reused, which might not be true.

The attribute wmmGenerateExtId in wmm.xml determines whether or not the repository needs Member Manager to generate the external ID. If you map extId to a unique attribute that is automatically populated by the LDAP server or mapped to the DN, you need to set wmmGenerateExtId to false.

You can also use the distinguished name of the member as its external ID. To do this, map extId to DistinguishedName in portal_server_root/wmm/wmmLDAPServerAttributes.xml. It is not necessary to change the LDAP schema. However, because the DN is modifiable, it cannot always uniquely identify the LDAP entries.

    <attributeMap wmmAttributeName="extId"    
                     applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                     pluginAttributeName="DistinguishedName"
                     dataType="String"        
                     multiValued="false"
                     readOnly="true"/>

 

Parent topic:

Additional LDAP configuration

---