wimconfig_example.xml

 

<?xml version="1.0" encoding="UTF-8"?>

<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:config="http://www.ibm.com/websphere/wim/config" 
               xmlns:sdo="commonj.sdo">

  <config:configurationProvider maxPagingResults="500" 
                                maxSearchResults="4500" 
                                maxTotalPagingResults="1000"
                                pagedCacheTimeOut="900" 
                                pagingEntityObject="true" 
                                searchTimeOut="600000">

    <config:dynamicModel xsdFileName="wimdatagraph.xsd"/>

    <config:supportedEntityTypes defaultParent="ou=groups,dc=myco,dc=com" 
                                 name="Group">

      <config:rdnProperties>cn</config:rdnProperties>

    </config:supportedEntityTypes>

    <config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" 
                                 name="OrgContainer">

      <config:rdnProperties>o</config:rdnProperties>
      <config:rdnProperties>ou</config:rdnProperties>
      <config:rdnProperties>dc</config:rdnProperties>
      <config:rdnProperties>cn</config:rdnProperties>

    </config:supportedEntityTypes>

    <config:supportedEntityTypes defaultParent="ou=people,dc=myco,dc=com" 
                                 name="PersonAccount">

      <config:rdnProperties>uid</config:rdnProperties>

    </config:supportedEntityTypes>

    <config:propertyExtensionRepository adapterClassName="com.ibm.ws.wim.lookaside.LookasideAdapter"
                                        id="LA" 
                                        databaseType="oracle" 
                                        dataSourceName="jdbc/vmmladbDS_oracle" 
                                        dbAdminId="propextdbint"
                                        dbAdminPassword="{xor}KDkrN25tNTQ=" 
                                        dbURL="jdbc:oracle:thin:@drt1-scan.myco.com:1522/wpdbr_taf"
                                        entityRetrievalLimit="50" 
                                        JDBCDriverClass="oracle.jdbc.OracleDriver"/>

    <config:repositories xsi:type="config:LdapRepositoryType" 
                         adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter"
                         id="DRTintLDAP"
                         isExtIdUnique="true"
                         supportAsyncMode="false"
                         supportExternalName="false"
                         supportPaging="false"
                         supportSorting="false"
                         supportTransactions="false"
                         certificateFilter=""
                         certificateMapMode="EXACT_DN"
                         ldapServerType="SUNONE"
                         translateRDN="false">

      <config:baseEntries name="dc=myco,dc=com" nameInRepository="dc=myco,dc=com"/>

      <config:loginProperties>uid</config:loginProperties>

      <config:ldapServerConfiguration primaryServerQueryTimeInterval="15"
                                      returnToPrimaryServer="true"
                                      searchCountLimit="500" 
                                      searchTimeLimit="600000" 
                                      sslConfiguration="">

        <config:ldapServers authentication="simple" 
                            bindDN="uid=wpbind,cn=serviceids,ou=special users,dc=myco,dc=com"
                            bindPassword="{xor}CDwyHz1uMTs=" 
                            connectionPool="false" 
                            connectTimeout="0"
                            derefAliases="always" 
                            referal="ignore" 
                            sslEnabled="true">

          <config:connections host="drt-ldap-tam60.myco.com" 
                              port="636"/>

        </config:ldapServers>

      </config:ldapServerConfiguration>


      <config:ldapEntityTypes name="OrgContainer">

        <config:rdnAttributes name="o" objectClass="organization"/>
        <config:rdnAttributes name="ou" objectClass="organizationalUnit"/>
        <config:rdnAttributes name="dc" objectClass="domain"/>
        <config:rdnAttributes name="cn" objectClass="container"/>

        <config:objectClasses>organization</config:objectClasses>
        <config:objectClasses>organizationalUnit</config:objectClasses>
        <config:objectClasses>domain</config:objectClasses>
        <config:objectClasses>container</config:objectClasses>

      </config:ldapEntityTypes>

      <config:ldapEntityTypes name="PersonAccount" searchFilter="">

        <config:objectClasses>inetOrgPerson</config:objectClasses>

      </config:ldapEntityTypes>


      <config:ldapEntityTypes name="Group" searchFilter="">

        <config:objectClasses>groupOfUniqueNames</config:objectClasses>

      </config:ldapEntityTypes>



      <config:groupConfiguration>

        <config:memberAttributes dummyMember="" 
                                 name="uniqueMember" 
                                 objectClass="groupOfUniqueNames"
                                 scope="direct"/>

      </config:groupConfiguration>


      <config:attributeConfiguration>

        <config:attributes name="userPassword" 
                           propertyName="password"/>

        <config:attributes name="krbPrincipalName" 
                           propertyName="kerberosId">

          <config:entityTypes>PersonAccount</config:entityTypes>

        </config:attributes>


        <config:attributes name="mail" 
                           propertyName="ibm-primaryEmail">

          <config:entityTypes>PersonAccount</config:entityTypes>
          <config:entityTypes>Group</config:entityTypes>

        </config:attributes>


        <config:propertiesNotSupported name="homeAddress"/>
        <config:propertiesNotSupported name="businessAddress"/>
        <config:propertiesNotSupported name="textSize"/>
        <config:propertiesNotSupported name="MYResourceCategories"/>

      </config:attributeConfiguration>

      <config:contextPool enabled="true" 
                          initPoolSize="1" 
                          maxPoolSize="20" 
                          poolTimeOut="0"
                          poolWaitTime="3000" 
                          prefPoolSize="3"/>

      <config:cacheConfiguration>


        <config:attributesCache attributeSizeLimit="2000" 
                                cacheSize="4000" 
                                cacheTimeOut="1200"
                                enabled="true"/>

        <config:searchResultsCache cacheSize="2000" 
                                   cacheTimeOut="600" 
                                   enabled="true"
                                   searchResultSizeLimit="1000"/>

      </config:cacheConfiguration>

    </config:repositories>

    <config:realmConfiguration defaultRealm="replacewithyourrealm">

      <config:realms delimiter="/" 
                     name="replacewithyourrealm" 
                     securityUse="active"
                     allowOperationIfReposDown="false">

        <config:participatingBaseEntries name="dc=myco,dc=com"/>

        <config:uniqueUserIdMapping propertyForInput="uniqueName" 
                                    propertyForOutput="uniqueName"/>

        <config:userSecurityNameMapping propertyForInput="principalName" 
                                        propertyForOutput="externalName"/>

        <config:userDisplayNameMapping propertyForInput="principalName" 
                                       propertyForOutput="principalName"/>

        <config:uniqueGroupIdMapping propertyForInput="uniqueName"
                                     propertyForOutput="uniqueName"/>

        <config:groupSecurityNameMapping propertyForInput="cn" 
                                         propertyForOutput="externalName"/>

        <config:groupDisplayNameMapping propertyForInput="cn" 
                                        propertyForOutput="cn"/>

      </config:realms>

    </config:realmConfiguration>


    <config:pluginManagerConfiguration>

      <config:topicSubscriberList>

        <config:topicSubscriber topicSubscriberName="DefaultDAViewProcessor" 
                                topicSubscriberType="ModificationSubscriber">

          <config:className>com.ibm.ws.wim.plugins.orgview.impl.DefaultDAViewProcessorImpl</config:className>

        </config:topicSubscriber>

      </config:topicSubscriberList>


      <config:topicRegistrationList>

        <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.create">

          <config:preExit>

            <config:notificationSubscriberList/>
            <config:modificationSubscriberList>

              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>

            </config:modificationSubscriberList>

          </config:preExit>


          <config:inlineExit inlineExitName="createInViewExplicit">

            <config:modificationSubscriberList>

              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>

            </config:modificationSubscriberList>

          </config:inlineExit>


          <config:postExit>

            <config:modificationSubscriberList>

              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>

            </config:modificationSubscriberList>

            <config:notificationSubscriberList/>

          </config:postExit>

        </config:topicEmitter>


        <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.delete">

          <config:preExit>

            <config:notificationSubscriberList/>

            <config:modificationSubscriberList>
              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>

          </config:preExit>


          <config:inlineExit inlineExitName="deleteInViewExplicit">

            <config:modificationSubscriberList>

              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>

          </config:inlineExit>


          <config:postExit>

            <config:modificationSubscriberList>
              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>
            <config:notificationSubscriberList/>
          </config:postExit>

        </config:topicEmitter>


        <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.update">

          <config:preExit>

            <config:notificationSubscriberList/>
            <config:modificationSubscriberList>
              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>

          </config:preExit>

          <config:postExit>

            <config:modificationSubscriberList>

              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>

            </config:modificationSubscriberList>

            <config:notificationSubscriberList/>

          </config:postExit>

        </config:topicEmitter>

        <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.get">
          <config:preExit>
            <config:notificationSubscriberList/>
            <config:modificationSubscriberList>
              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>
          </config:preExit>

          <config:inlineExit inlineExitName="getInViewExplicit">
            <config:modificationSubscriberList>
              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>
          </config:inlineExit>

          <config:postExit>
            <config:modificationSubscriberList>
              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>
            <config:notificationSubscriberList/>
          </config:postExit>
        </config:topicEmitter>

        <config:topicEmitter topicEmitterName="com.ibm.ws.wim.authz.ProfileSecurityManager">

          <config:preExit>
            <config:notificationSubscriberList/>
            <config:modificationSubscriberList>
              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>
          </config:preExit>

          <config:inlineExit inlineExitName="getInViewExplicit">
            <config:modificationSubscriberList>
              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>
          </config:inlineExit>

          <config:postExit>
            <config:modificationSubscriberList>
              <config:modificationSubscriber>
                <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
                <config:realmList>All</config:realmList>
              </config:modificationSubscriber>
            </config:modificationSubscriberList>
            <config:notificationSubscriberList/>
          </config:postExit>

        </config:topicEmitter>

      </config:topicRegistrationList>

    </config:pluginManagerConfiguration>



    <config:authorization defaultAttributeGroup="default" 
                          importPolicyFromFile="true"
                          isAttributeGroupingEnabled="true" 
                          isSecurityEnabled="true" 
                          jaccPolicyClass="com.ibm.sec.authz.provider.CommonAuthzPolicy"
                          jaccPolicyConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzPolicyConfigurationFactory"
                          jaccPrincipalToRolePolicyFileName="wim-rolemapping.xml" 
                          jaccPrincipalToRolePolicyId="WIM Policy"
                          jaccRoleMappingClass="com.ibm.sec.authz.provider.CommonAuthzRoleMapping" 
                          jaccRoleMappingConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzRoleMappingConfigurationFactory"
                          jaccRoleToPermissionPolicyFileName="wim-policy.xml" 
                          jaccRoleToPermissionPolicyId="WIM Policy"
                          useSystemJACCProvider="false">


      <config:attributeGroups>

        <config:groupName>general</config:groupName>

        <config:attributeNames>cn</config:attributeNames>
        <config:attributeNames>sn</config:attributeNames>
        <config:attributeNames>uid</config:attributeNames>

      </config:attributeGroups>


      <config:attributeGroups>

        <config:groupName>sensitive</config:groupName>

        <config:attributeNames>password</config:attributeNames>

      </config:attributeGroups>


      <config:attributeGroups>

        <config:groupName>unchecked</config:groupName>

        <config:attributeNames>identifier</config:attributeNames>
        <config:attributeNames>createTimestamp</config:attributeNames>
        <config:attributeNames>modifyTimestamp</config:attributeNames>
        <config:attributeNames>entitlementInfo</config:attributeNames>

      </config:attributeGroups>

    </config:authorization>

  </config:configurationProvider>

</sdo:datagraph>