Update the user registry on IBM i
After deploying IBM WebSphere Portal, you may need to make adjustments to the standalone LDAP user registry or to the federated user repository configurations. We can update these configurations to achieve the proper user registry configuration.Complete the following tasks to update the user registry configurations:
- IBM i: Add a database user registry
Add a database user registry to the default federated repository to store user account information for authentication and authorization. We can add multiple database user registries to the default federated repository although we can only add one database user registry at a time.- Configure a property extension database on IBM i
You can configure a property extension database to store attributes the LDAP directory does not or cannot store, but which to include in the portal user registry. For example, if the LDAP directory does not allow schema extensions for new attributes. A property extension database extends the user registry, making new attributes available as part of the portal user profile.- Change from a stand-alone repository to a federated repository on IBM i
If you originally configured a standalone LDAP user registry but find that you need a more robust security configuration, we can change to the federated user repository.- Update the base entry on IBM i
After creating the base entries, we might need to update the DN in the repository that uniquely identifies the base entry name. This task applies only to federated repository configurations. This task does not update the base DN entry if we use a stand-alone repository.- Update the database user registry on IBM i
After creating and using the database user registry, we can run wp-update-db to update the database user ID, password, and/or the database where the data is stored. This task does not change the DN structure stored in the database repository.- Update the federated LDAP user registry on IBM i
After creating and using the LDAP user registry in the default federated repository, you may find the LDAP user registry is not working exactly as you would like.For example, we can change the LDAP Bind password.
- Update the realm configuration on IBM i
After creating and using the realm(s) in the default federated repository, you may find that the realm configuration is not working exactly as you would like. We can update the realm configurations and make the necessary changes.- Create the entity type on IBM i
If an entity type exists within IBM WebSphere Portal to use but it does not exist within the LDAP user registry, we can create the entity type within the LDAP user registry and then add the relative distinguished name (RDN) to the entity type to map it between WebSphere Portal and your LDAP user registry.- Update an entity type on IBM i
After adding the user registry, you may find that update a single entity type with the value of the default parent.For example, if you delete a repository, you will need to update the entity type if it points to the deleted repository.
- Update a group member on IBM i
After creating the LDAP user registry, you may find that the group member is not correct. We can update the group member in the LDAP user registry configuration.- Update the stand-alone LDAP user registry on IBM i
Changing the LDAP bind password removes any existing attribute mappings. Review all existing attribute mappings before proceeding so we can re-create them after completing this task.
- Update the group membership configuration on IBM i
When you configure your LDAP user registry, a group membership is automatically created. You may need to adjust the group membership configuration if you notice high loads on the LDAP server and/or long response times on authentication requests.- Update the context pool configuration on IBM i
After configuring the LDAP user registry, you may find that you need to adjust the number of context instances concurrently maintained by the content pool in order to increase performance.