Windows stand-alone: Adapt the attribute configuration

After installing IBM WebSphere Portal and configuring the LDAP user registries, adapt the attribute configuration to match the configured LDAP server(s) and your business needs. You do not need to perform these steps if we are using either a database user registry or the default federated file-based repository for out-of-box installations.

After installation, IBM WebSphere Portal has a predefined set of attributes for users and groups. Your LDAP server may have a different set of predefined user and group attributes. To ensure proper communication between WebSphere Portal and your LDAP server, we can configure additional attributes and flag existing attributes as required or unsupported on a per repository basis or for all configure repositories.

LDAP servers can only handle attributes that are explicitly defined in their schema. The LDAP server's schema is different from the WebSphere Portal schema but the two schemas should match for proper communication between WebSphere Portal and the LDAP server. The task to add the LDAP user registry does some basic attribute configurations depending on the type of LDAP server that you choose. You may, however, still need to adapt the WebSphere Portal configuration to match the LDAP schema; for example, if an attribute is defined in WebSphere Portal but not in the LDAP server, you will need to perform one of the following tasks to resolve this mismatch

• Flag the attribute as unsupported for the LDAP server
• Introduce an attribute mapping that maps the WebSphere Portal attribute to an attribute defined in the LDAP schema

Perform the following tasks to adapt the attribute configuration to match the configured LDAP server(s) and the business needs:

1. Windows stand-alone: Query the defined attributes
   After installing IBM WebSphere Portal and configuring the LDAP user registries, we can query the defined attributes to see what attributes are flagged as unsupported or if the attribute is mapped to a different LDAP attribute.
2. Windows stand-alone: Add attributes
   The VMM is configured with a default attribute scheme that might not be compatible with the LDAP server. If this is the case, extend the VMM attribute schema by adding new attributes that we can map between IBM WebSphere Portal and the user registry.
3. Windows stand-alone: Map attributes
   
4. Windows stand-alone: Remove attributes
   Due to a Virtual Member Manager (VMM) limitation, there is currently no task to update an attribute. If we added an attribute to the property extension database or when adapting attributes to match the LDAP server that were spelled incorrectly or already added due to migration, remove the attribute from the database. Use caution when performing these steps.

Parent: Windows stand-alone: Configure Portal to use a user registry
Previous: Windows stand-alone: Choose the user registry model
Next: Windows stand-alone: Configure the portal to use dynamic groups
Related:
Add an LDAP user registry on Windows
Add an LDAP user registry over SSL on Windows
Configure a stand-alone LDAP user registry on Windows
Configure a stand-alone LDAP user registry over SSL on Windows