AIX stand-alone: Configure Portal to use dynamic groups
By default, WebSphere Portal is enabled for static groups. However, the Virtual Member Manager (VMM) allows users to be members of either static or dynamic groups. Static groups are those where a persistent binding exists between a group and its members. Dynamic groups are those where a search query is defined to retrieve the members of a group. If you have the LDAP server configured to use dynamic groups, complete the steps in this task for WebSphere Portal to use dynamic group queries when you setup the LDAP server.Perform the required tasks to configure either a stand-alone or federated LDAPserver security.
- Prerequisites
- AIX stand-alone: Prepare user registries
- AIX stand-alone: Choose the user registry model
- AIX stand-alone: Adapt the attribute configuration
The steps in this task use groupOfURLs as the object class for dynamic groups and memberURL as the dynamic membership attribute. The actual values for object classes and dynamic membership attributes can vary depending on the LDAP server. For this reason, you should export an LDIF file to verify the object classes and dynamic membership attributes.
Clustered environments: Perform the following steps on the dmgr then synchronize the nodes.
Configure WebSphere Portal to use dynamic groups
- If we are using a Standalone LDAP server...
- cd WP_PROFILE/cells/cell_name/wim/config
- Edit wimconfig.xml
- Add the following line to the <config:groupConfiguration> tag:
<config:dynamicMemberAttributes name="memberurl" objectClass="groupofurls"/>
- Save and close wimconfig.xml.
- If we are using a Federated LDAP server...
- Log in to the WAS admin console.
- Select Security > Global security.
- In Available realm definitions, select Federated repositories and click Configure.
- In Related Items, click Manage repositories.
- Select the appropriate repository from the list.
- In Additional Properties, click Group attribute definition then click Dynamic member attributes.
- Click New and specify values for the Name and Object class fields as appropriate.
For example,
- Name: memberurl
- Object class: groupofurls
- Click OK and save the changes to the master configuration.
- Stop and restart servers, dmgrs, and node agents.
Parent: AIX stand-alone: Configure portal to use a user registry
Previous: AIX stand-alone: Adapt the attribute configuration
Next: AIX stand-alone: Enable referrals for the LDAP user registry