+

Search Tips   |   Advanced Search

Map attributes

Map the attributes between IBM WebSphere Portal and the LDAP user registries.

  1. Edit...

    ...and identify the LDAP server...

    • federated.ldap.id
    • federated.ldap.host
    • federated.ldap.port
    • federated.ldap.sslEnabled
    • federated.ldap.bindDN
    • federated.ldap.bindPassword
    • federated.ldap.baseDN

  2. To check that all defined attributes are available in the configured LDAP user registry:

  3. Open WP_PROFILE/log/ConfigTrace.log and review the following output for the PersonAccount and Group entity type:

    • The following attributes are defined in WebSphere Portal, but not in the LDAP server

      For attributes we do not plan to use, flag as unsupported. To use an attribute in the list, map the attribute to LDAP, including uid, cn, firstName, sn, preferredLanguage, and ibm-primaryEmail attributes.

    • The following attributes are flagged as required in the LDAP server but not in WebSphere Portal

      Flag these attributes as required within WebSphere Portal. Go to the next step to flag an attribute as either unsupported or required.

    • The following attributes have a different type in WebSphere Portal and in the LDAP server

      WebSphere Portal might ignore an attribute if the type in portal and the LDAP server do not match.

  4. Edit wkplc.properties file

  5. Set parameters to correct any issues found in the configuration trace file:

    • federated.ldap.attributes.nonSupported
    • federated.ldap.attributes.nonSupported.delete
    • federated.ldap.attributes.mapping.ldapName
    • federated.ldap.attributes.mapping.portalName
    • federated.ldap.attributes.mapping.entityTypes

    The following values flag certificate and members as unsupported attributes, maps ibm-primaryEmail to mail, and maps ibm-jobTitle to title for the PersonAccount entityTypes:

      federated.ldap.attributes.nonSupported=certificate, members
      federated.ldap.attributes.nonSupported.delete=
      federated.ldap.attributes.mapping.ldapName=mail, title
      federated.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle
      federated.ldap.attributes.mapping.entityTypes=PersonAccount

    To map attributes for the groups instead of users, set the entityTypes to Group.

      federated.ldap.attributes.mapping.entityTypes=Group

  6. Save the changes to wkplc.properties.

  7. Update the LDAP user registry

  8. Stop and restart the appropriate servers to propagate the changes.

  9. To flag an attribute as either unsupported or required for the entire WebSphere Portal environment instead of just for the specified LDAP:

    1. Set the following required parameters in wkplc.properties:

      • user.attributes. required
      • user.attributes.nonsupported

    2. Save changes.

    3. Run the following task:

        ./ConfigEngine.sh wp-update-attribute-config -DWasPassword=foo

    4. Stop and restart all necessary servers to propagate your changes.


Parent Add more attributes to VMM

Previous topic: Add attributes

Next topic: Remove attributes