<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:config="http://www.ibm.com/websphere/wim/config" xmlns:sdo="commonj.sdo"> <config:configurationProvider maxPagingResults="500" maxSearchResults="4500" maxTotalPagingResults="1000" pagedCacheTimeOut="900" pagingEntityObject="true" searchTimeOut="600000"> <config:dynamicModel xsdFileName="wimdatagraph.xsd"/> <config:supportedEntityTypes defaultParent="ou=groups,dc=myco,dc=com" name="Group"> <config:rdnProperties>cn</config:rdnProperties> </config:supportedEntityTypes> <config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="OrgContainer"> <config:rdnProperties>o</config:rdnProperties> <config:rdnProperties>ou</config:rdnProperties> <config:rdnProperties>dc</config:rdnProperties> <config:rdnProperties>cn</config:rdnProperties> </config:supportedEntityTypes> <config:supportedEntityTypes defaultParent="ou=people,dc=myco,dc=com" name="PersonAccount"> <config:rdnProperties>uid</config:rdnProperties> </config:supportedEntityTypes> <config:propertyExtensionRepository adapterClassName="com.ibm.ws.wim.lookaside.LookasideAdapter" id="LA" databaseType="oracle" dataSourceName="jdbc/vmmladbDS_oracle" dbAdminId="propextdbint" dbAdminPassword="{xor}KDkrN25tNTQ=" dbURL="jdbc:oracle:thin:@drt1-scan.myco.com:1522/wpdbr_taf" entityRetrievalLimit="50" JDBCDriverClass="oracle.jdbc.OracleDriver"/> <config:repositories xsi:type="config:LdapRepositoryType" adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter" id="DRTintLDAP" isExtIdUnique="true" supportAsyncMode="false" supportExternalName="false" supportPaging="false" supportSorting="false" supportTransactions="false" certificateFilter="" certificateMapMode="EXACT_DN" ldapServerType="SUNONE" translateRDN="false"> <config:baseEntries name="dc=myco,dc=com" nameInRepository="dc=myco,dc=com"/> <config:loginProperties>uid</config:loginProperties> <config:ldapServerConfiguration primaryServerQueryTimeInterval="15" returnToPrimaryServer="true" searchCountLimit="500" searchTimeLimit="600000" sslConfiguration=""> <config:ldapServers authentication="simple" bindDN="uid=wpbind,cn=serviceids,ou=special users,dc=myco,dc=com" bindPassword="{xor}CDwyHz1uMTs=" connectionPool="false" connectTimeout="0" derefAliases="always" referal="ignore" sslEnabled="true"> <config:connections host="drt-ldap-tam60.myco.com" port="636"/> </config:ldapServers> </config:ldapServerConfiguration> <config:ldapEntityTypes name="OrgContainer"> <config:rdnAttributes name="o" objectClass="organization"/> <config:rdnAttributes name="ou" objectClass="organizationalUnit"/> <config:rdnAttributes name="dc" objectClass="domain"/> <config:rdnAttributes name="cn" objectClass="container"/> <config:objectClasses>organization</config:objectClasses> <config:objectClasses>organizationalUnit</config:objectClasses> <config:objectClasses>domain</config:objectClasses> <config:objectClasses>container</config:objectClasses> </config:ldapEntityTypes> <config:ldapEntityTypes name="PersonAccount" searchFilter=""> <config:objectClasses>inetOrgPerson</config:objectClasses> </config:ldapEntityTypes> <config:ldapEntityTypes name="Group" searchFilter=""> <config:objectClasses>groupOfUniqueNames</config:objectClasses> </config:ldapEntityTypes> <config:groupConfiguration> <config:memberAttributes dummyMember="" name="uniqueMember" objectClass="groupOfUniqueNames" scope="direct"/> </config:groupConfiguration> <config:attributeConfiguration> <config:attributes name="userPassword" propertyName="password"/> <config:attributes name="krbPrincipalName" propertyName="kerberosId"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes> <config:attributes name="mail" propertyName="ibm-primaryEmail"> <config:entityTypes>PersonAccount</config:entityTypes> <config:entityTypes>Group</config:entityTypes> </config:attributes> <config:propertiesNotSupported name="homeAddress"/> <config:propertiesNotSupported name="businessAddress"/> <config:propertiesNotSupported name="textSize"/> <config:propertiesNotSupported name="MYResourceCategories"/> </config:attributeConfiguration> <config:contextPool enabled="true" initPoolSize="1" maxPoolSize="20" poolTimeOut="0" poolWaitTime="3000" prefPoolSize="3"/> <config:cacheConfiguration> <config:attributesCache attributeSizeLimit="2000" cacheSize="4000" cacheTimeOut="1200" enabled="true"/> <config:searchResultsCache cacheSize="2000" cacheTimeOut="600" enabled="true" searchResultSizeLimit="1000"/> </config:cacheConfiguration> </config:repositories> <config:realmConfiguration defaultRealm="replacewithyourrealm"> <config:realms delimiter="/" name="replacewithyourrealm" securityUse="active" allowOperationIfReposDown="false"> <config:participatingBaseEntries name="dc=myco,dc=com"/> <config:uniqueUserIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/> <config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="externalName"/> <config:userDisplayNameMapping propertyForInput="principalName" propertyForOutput="principalName"/> <config:uniqueGroupIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/> <config:groupSecurityNameMapping propertyForInput="cn" propertyForOutput="externalName"/> <config:groupDisplayNameMapping propertyForInput="cn" propertyForOutput="cn"/> </config:realms> </config:realmConfiguration> <config:pluginManagerConfiguration> <config:topicSubscriberList> <config:topicSubscriber topicSubscriberName="DefaultDAViewProcessor" topicSubscriberType="ModificationSubscriber"> <config:className>com.ibm.ws.wim.plugins.orgview.impl.DefaultDAViewProcessorImpl</config:className> </config:topicSubscriber> </config:topicSubscriberList> <config:topicRegistrationList> <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.create"> <config:preExit> <config:notificationSubscriberList/> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> </config:preExit> <config:inlineExit inlineExitName="createInViewExplicit"> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> </config:inlineExit> <config:postExit> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> <config:notificationSubscriberList/> </config:postExit> </config:topicEmitter> <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.delete"> <config:preExit> <config:notificationSubscriberList/> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> </config:preExit> <config:inlineExit inlineExitName="deleteInViewExplicit"> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> </config:inlineExit> <config:postExit> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> <config:notificationSubscriberList/> </config:postExit> </config:topicEmitter> <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.update"> <config:preExit> <config:notificationSubscriberList/> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> </config:preExit> <config:postExit> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> <config:notificationSubscriberList/> </config:postExit> </config:topicEmitter> <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.get"> <config:preExit> <config:notificationSubscriberList/> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> </config:preExit> <config:inlineExit inlineExitName="getInViewExplicit"> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> </config:inlineExit> <config:postExit> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> <config:notificationSubscriberList/> </config:postExit> </config:topicEmitter> <config:topicEmitter topicEmitterName="com.ibm.ws.wim.authz.ProfileSecurityManager"> <config:preExit> <config:notificationSubscriberList/> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> </config:preExit> <config:inlineExit inlineExitName="getInViewExplicit"> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> </config:inlineExit> <config:postExit> <config:modificationSubscriberList> <config:modificationSubscriber> <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference> <config:realmList>All</config:realmList> </config:modificationSubscriber> </config:modificationSubscriberList> <config:notificationSubscriberList/> </config:postExit> </config:topicEmitter> </config:topicRegistrationList> </config:pluginManagerConfiguration> <config:authorization defaultAttributeGroup="default" importPolicyFromFile="true" isAttributeGroupingEnabled="true" isSecurityEnabled="true" jaccPolicyClass="com.ibm.sec.authz.provider.CommonAuthzPolicy" jaccPolicyConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzPolicyConfigurationFactory" jaccPrincipalToRolePolicyFileName="wim-rolemapping.xml" jaccPrincipalToRolePolicyId="WIM Policy" jaccRoleMappingClass="com.ibm.sec.authz.provider.CommonAuthzRoleMapping" jaccRoleMappingConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzRoleMappingConfigurationFactory" jaccRoleToPermissionPolicyFileName="wim-policy.xml" jaccRoleToPermissionPolicyId="WIM Policy" useSystemJACCProvider="false"> <config:attributeGroups> <config:groupName>general</config:groupName> <config:attributeNames>cn</config:attributeNames> <config:attributeNames>sn</config:attributeNames> <config:attributeNames>uid</config:attributeNames> </config:attributeGroups> <config:attributeGroups> <config:groupName>sensitive</config:groupName> <config:attributeNames>password</config:attributeNames> </config:attributeGroups> <config:attributeGroups> <config:groupName>unchecked</config:groupName> <config:attributeNames>identifier</config:attributeNames> <config:attributeNames>createTimestamp</config:attributeNames> <config:attributeNames>modifyTimestamp</config:attributeNames> <config:attributeNames>entitlementInfo</config:attributeNames> </config:attributeGroups> </config:authorization> </config:configurationProvider> </sdo:datagraph>