Overview of user registry options

 

+

Search Tips   |   Advanced Search

 

Security option Explanation
Standalone LDAP security Single LDAP security option that similar to past options. Create Virtual Portals with a single realm and store users and groups in a single LDAP server.
Federated security Create Virtual Portals with multiple realms accessing multiple repositories (LDAP, database, custom) and Application Groups.

Important: Make sure there are no duplicate names between the repositories. A common gotcha is to install the product with a Portal Administrator of "wpsadmin" when user "wpsadmin" already exists in the corporate LDAP server. If you know that you are going to configure a federated LDAP, when installing portal, use a portal admin ID like: tmp_wpsadmin.

Custom security Use a Custom User Registry and a Custom Member Adapter for Virtual Member Manager (VMM).


Standalone LDAP security

Out-of-the-box, WebSphere Portal is configured with the default federated repository with a built-in file repository.

To switch to a standalone LDAP user registry, run...

To fine-tune your standalone LDAP user registry...

Task Explanation
Update the standalone LDAP user registry You can update certain parameters such as your bind ID and password.
Property extension database (formerly known as the lookaside database) Store additional attributes inside the VMM property extension instead of within the LDAP user registry.

Used by Common Mail portlet and IBM Lotus Web Content Management.

Create an entity type Use an entity type that exists in WebSphere Portal but not within your LDAP user registry. This option creates the entity type in the user registry and adds the relative distinguished name to map the entity type between WebSphere Portal and the user registry.
Update an existing entity type Update the default parent of an existing, single entity type; for example, if you deleted a repository and the entity type points to the deleted repository, update the information to point to a new repository.


Federated security

Out-of-the-box, WebSphere Portal is configured with the default federated repository with a built-in file repository.

The federated repository offers the richest amount of options.

For example, if your company acquires a new business that has an existing LDAP user registry, you can just add that LDAP server to your federated repository.

Choose one of the following tasks to enable a production repository:

Task Description
Add a federated LDAP repository to the VMM configuration This task does not change the current security assignment; therefore, the administrative user defined during installation is still active.
Add a federated database repository to the VMM configuration This task does not change the current security assignment; therefore, the administrative user defined during installation is still active.
Add a federated custom user registry This task does not change the current security assignment; therefore, the administrative user defined during installation is still active.

After adding an initial LDAP, database, or custom user registry, you can add additional user registries to create a multiple user registry configuration.

After configuring the initial repository, remove the default file-based repository unless this is a development environment. The following tasks are required to remove the default file-based repository:

Task Description
Change the user registry where users and groups are stored Change the default repository where new users and groups are stored.
Change WAS administrator Change the WAS administrator user ID and password from what was defined during installation to the new user ID and password required for the clustered or standalone production environment.
Change WebSphere Portal Server administrative user Change the WebSphere Portal administrator user ID and password from what was defined during installation to the new user ID and password required for the clustered or standalone production environment.
Delete a federated repository from the VMM configuration Delete the default file-based repository from your configuration.

Optional tasks...

Task Description
Updating the federated LDAP user registry Update certain parameters such as your bind ID and password to fix issues with your LDAP user registry.
Updating the federated database user registry Update certain parameters such as the data source name, database URL, and database type to fix issues with your database user registry.
Create a new realm Choose this option to create a realm, which is a group of users from one or more user registries that form a coherent group within WebSphere Portal. Realms are mapped to Virtual Portals

In a federated repository, you can create multiple realms.

Property extension database; formerly known as the lookaside database Store additional attributes inside the VMM property extension instead of within the LDAP user registry. Some applications, such as Common Mail portlet and IBM Lotus Web Content Management use the property extension database to store additional attributes. After you enable the property extension database, you can add attributes to meet your business needs.
Create the entity type Use an entity type that exists in WebSphere Portal but not within your LDAP user registry. This option creates the entity type in the user registry and adds the relative distinguished name to map the entity type between WebSphere Portal and the user registry.
Update an existing entity type Update the default parent of an existing, single entity type; for example, if you deleted a repository and the entity type points to the deleted repository, update the information to point to a new repository.


Parent topic:

User registry