Mapping external IDs (extId) in Member Manager
Overview
This section provides information on mapping external IDs in Member Manager. Every main profile repository that is used with Member Manager needs to have an attribute whose value is unique, static, and never reused for every member entry. In Member Manager, this attribute is called extId. If a Lookaside repository is also used with Member Manager, extId allows Member Manager to associate data for a member in the Lookaside repository to the data for the same member in the main profile repository.
WebSphere Portal provides three ways to map the external IDs in the LDAP repository:
- Mapping external IDs to a unique ID attribute generated by the LDAP server
- Mapping external IDs to a unique ID attribute generated by Member Manager (ibm-appUUID)
- Mapping external IDs to the distinguished name of the member
Mapping external IDs to a unique ID attribute generated by the LDAP server
Some LDAP servers already have a unique ID attribute that will be automatically populated by the LDAP server for each entry that is created on the LDAP server. If you are using an LDAP server with Member Manager, it is likely that the LDAP server already has an attribute whose value is unique, static, and never reused. In this case, map that attribute to the extId attribute in Member Manager and set wmmGenerateExtId to false. You can map extId to this unique ID attribute that is generated by the LDAP server in <wp_root>/wmm/wmmLDAPServerAttributes.xml and set wmmGenerateExtId to false.
There are two data types for the unique ID that is generated by the LDAP server, string type and octet string type.
To map external IDs to a unique ID attribute that is generated by the LDAP server:
- Open <wp_root>/shared/app/wmm/wmm.xml, search for wmmGenerateExtId, and set it to false.
- Open <wp_root>/wmm/wmmLDAPServerAttributes.xml. This file is different for each LDAP server type. Set the attribute for the system, as follows:
IBM Directory Server
IBM Directory Server Version 5.1 has a unique ID attribute called ibm-entryUuid that has a string data type. Map extId to this attribute in <wp_root>/wmm/wmmLDAPServerAttributes.xml:
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="ibm-entryUuid" dataType="String" multiValued="false" readOnly="true"/>
Sun ONE Directory Server
Sun ONE Directory Server Version 5.1 (formerly iPlanet) has a unique ID attribute called nsuniqueid that has a string data type. Map extId to this attribute in <wp_root>/wmm/wmmLDAPServerAttributes.xml:
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="nsuniqueid" dataType="String" multiValued="false" readOnly="true"/>
Microsoft Active Directory
Microsoft Active Directory server has a unique ID attribute called objectGUID that has an octet string type. In <wp_root>/wmm/wmmLDAPServerAttributes.xml, map extId to this attribute, and specify pluginDataType as OctetString:
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="objectGUID" dataType="String" pluginDataType="OctetString" multiValued="false" readOnly="true"/>
Novell eDirectory
Novell eDirectory Server has a unique ID attribute called GUID that has an octet string type. In <wp_root>/wmm/wmmLDAPServerAttributes.xml, map extId to this attribute, and specify pluginDataType as OctetString:
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="GUID" dataType="String" pluginDataType="OctetString" multiValued="false" readOnly="true"/>
Mapping external IDs to a unique ID attribute that is generated by Member Manager (ibm-appUUID)
If the LDAP server does not have an attribute whose value is unique, static, and never reused, you can set wmmGenerateExtId to true. In this case, Member Manager attaches the LDAP auxiliary class ibm-appUUIDAux with an attribute ibm-appUUID to every LDAP entry that is accessed by Member Manager. The ibm-appUUID attribute is the unique, static, and never reused attribute that is added by Member Manager to the LDAP server entries.
To map external IDs to a unique ID attribute that is generated by Member Manager:
- Create the schema of the ibm-appUUIDAux auxiliary object class and the ibm-appUUID attribute on the LDAP server. To do this, refer to the documentation for configuring Directory Server for Member Manager.
- Open <wp_root>/shared/app/wmm/wmm.xml, search for wmmGenerateExtId, and set it to true.
In wmm.xml, add ibm-appUUIDAux object class to all member types:
<supportedLdapEntryTypes> <supportedLdapEntryType name="Person" rdnAttrTypes="uid" ojectClassesForRead="inetOrgPerson" objectClassesForWrite="inetOrgPerson;ibm-appUUIDAux"/> <supportedLdapEntryType name="Group" rdnAttrTypes="cn" objectClassesForRead="groupOfNames" objectClassesForWrite="groupOfNames;ibm-appUUIDAux"/> <supportedLdapEntryType name="Organization" rdnAttrTypes="o" objectClassesForRead="organization" objectClassesForWrite="organization;ibm-appUUIDAux"/> <supportedLdapEntryType name="OrganizationalUnit" rdnAttrTypes="ou" objectClassesForRead="organizationalUnit" objectClassesForWrite="organizationalUnit;ibm-appUUIDAux"/> </supportedLdapEntryTypes>Open <wp_root>/wmm/wmmLDAPServerAttributes.xml. Map extId to ibm-appUUID.
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="ibm-appUUID" dataType="String" multiValued="false" readOnly="true"/>
Mapping external IDs to the distinguished name of the member
If the LDAP server does not have an attribute whose value is unique, static, and never reused, and you do not want Member Manager to attach auxiliary classes to the LDAP entries, you can map the extId attribute to the LDAP distinguished name (DN). However, because the value of extId is meant to be unique, static, and never reused, by mapping the LDAP DN to extId, you assume that LDAP DN values are not only unique, but also static and never reused, which might not be true.
The attribute wmmGenerateExtId in wmm.xml determines whether or not the repository needs Member Manager to generate the external ID. If you map extId to a unique attribute that is automatically populated by the LDAP server or mapped to the DN, you need to set wmmGenerateExtId to false.
You can also use the distinguished name of the member as its external ID. To do this, map extId to DistinguishedName in <wp_root>/wmm/wmmLDAPServerAttributes.xml. It is not necessary to change the LDAP schema. However, because the DN is modifiable, it cannot always uniquely identify the LDAP entries.
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="DistinguishedName" dataType="String" multiValued="false" readOnly="true"/>
See also