Map attributes
Map the attributes between IBM WebSphere Portal and the LDAP user registries.
- Edit...
WP_PROFILE/ConfigEngine/properties/wkplc.properties
...and identify the LDAP server...
- federated.ldap.id
- federated.ldap.host
- federated.ldap.port
- federated.ldap.sslEnabled
- federated.ldap.bindDN
- federated.ldap.bindPassword
- federated.ldap.baseDN
- To check that all defined attributes are available in the configured LDAP user registry:
./ConfigEngine.sh wp-validate-federated-ldap-attribute-config -DWasPassword=foo
- Open WP_PROFILE/log/ConfigTrace.log and review the following output for the PersonAccount and Group entity type:
- The following attributes are defined in WebSphere Portal, but not in the LDAP server
For attributes we do not plan to use, flag as unsupported. To use an attribute in the list, map the attribute to LDAP, including uid, cn, firstName, sn, preferredLanguage, and ibm-primaryEmail attributes.
- The following attributes are flagged as required in the LDAP server but not in WebSphere Portal
Flag these attributes as required within WebSphere Portal. Go to the next step to flag an attribute as either unsupported or required.
- The following attributes have a different type in WebSphere Portal and in the LDAP server
WebSphere Portal might ignore an attribute if the type in portal and the LDAP server do not match.
- Edit wkplc.properties file
- Set parameters to correct any issues found in the configuration trace file:
- federated.ldap.attributes.nonSupported
- federated.ldap.attributes.nonSupported.delete
- federated.ldap.attributes.mapping.ldapName
- federated.ldap.attributes.mapping.portalName
- federated.ldap.attributes.mapping.entityTypes
The following values flag certificate and members as unsupported attributes, maps ibm-primaryEmail to mail, and maps ibm-jobTitle to title for the PersonAccount entityTypes:
federated.ldap.attributes.nonSupported=certificate, members
federated.ldap.attributes.nonSupported.delete=
federated.ldap.attributes.mapping.ldapName=mail, title
federated.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle
federated.ldap.attributes.mapping.entityTypes=PersonAccount
To map attributes for the groups instead of users, set the entityTypes to Group.
federated.ldap.attributes.mapping.entityTypes=Group
- Save the changes to wkplc.properties.
- Update the LDAP user registry
./ConfigEngine.sh wp-update-federated-ldap-attribute-config -DWasPassword=foo
- Stop and restart the appropriate servers to propagate the changes.
- To flag an attribute as either unsupported or required for the entire WebSphere Portal environment instead of just for the specified LDAP:
- Set the following required parameters in wkplc.properties:
- user.attributes. required
- user.attributes.nonsupported
- Save changes.
- Run the following task:
./ConfigEngine.sh wp-update-attribute-config -DWasPassword=foo
- Stop and restart all necessary servers to propagate your changes.
Parent Add more attributes to VMMPrevious topic: Add attributes
Next topic: Remove attributes