AIX stand-alone: Adapt the attribute configuration
After installing WebSphere Portal and configuring LDAP user registries, you will need to adapt the attribute configuration to match the configured LDAP server(s) and business needs. However, you do not need to perform these steps if you are using either a database user registry or the default federated file-based repository for out-of-box installations.
Prerequisites
Prepare user registries
Choose the user registry modelAfter installation, IBM WebSphere Portal has a predefined set of attributes for users and groups. Your LDAP server may have a different set of predefined user and group attributes. To ensure proper communication between WebSphere Portal and LDAP server, you can configure additional attributes and flag existing attributes as required or unsupported on a per repository basis or for all configure repositories.
LDAP servers can only handle attributes that are explicitly defined in their schema. The LDAP server's schema is different from the WebSphere Portal schema but the two schemas should match for proper communication between WebSphere Portal and the LDAP server. The task to add the LDAP user registry does some basic attribute configurations depending on the type of LDAP server that you choose. You may, however, still need to adapt the WebSphere Portal configuration to match the LDAP schema; for example, if an attribute is defined in WebSphere Portal but not in the LDAP server, perform one of the following tasks to resolve this mismatch
Perform the following tasks to adapt the attribute configuration to match the configured LDAP server(s) and business needs:
- Flag the attribute as unsupported for the LDAP server
- Introduce an attribute mapping that maps the WebSphere Portal attribute to an attribute defined in the LDAP schema
1. Query the defined attributes
After installing IBM WebSphere Portal and configuring LDAP user registries, you can query the defined attributes to see what attributes are flagged as unsupported or if the attribute is mapped to a different LDAP attribute.
The VMM is configured with a default attribute schema that might not be compatible with LDAP server. If this is the case, extend the VMM attribute schema by adding new attributes that you can map between IBM WebSphere Portal and user registry.
After you install and configure LDAP user registry and after you query the defined attributes, you can map the attributes so they match the configured LDAP servers and business needs.
Due to a Virtual Member Manager (VMM) limitation, there is currently no task to update an attribute. Therefore, if you added an attribute to property extension database or when adapting attributes to match LDAP server that were spelled incorrectly or already added due to migration, remove the attribute from the database. Use caution when performing these steps.
Parent
Configure portal to use a user registry
Previous
Choose the user registry model
Next topic
Configure WebSphere Portal to use dynamic groups
Related tasks
Add an LDAP user registry without SSL
Add an LDAP user registry over SSL on AIX
Configure a stand-alone LDAP user registry on AIX
Configure a stand-alone LDAP user registry over SSL on AIX