+

Search Tips   |   Advanced Search

Realm support

A realm is a collection of users or groups from one or more branches of the repository tree. Those branches can be part of a single repository, for example an LDAP user registry, or it can be a combination of multiple user registries. A realm is then mapped to a Virtual Portal to allow the realm's user population to log in to the virtual portal. This functionality allows us to define areas within WebSphere Portal that only a limited set of users can access. For example, if we are an international company with employees in Asia, Europe, USA, and Canada, we may have an application or information that only applies to a subset of these employees. We can create a subset of employees and create a Virtual Portal containing the application or information for that realm. Users from one realm cannot access another realm unless they are also members of that realm. For example, the wpsadmin user will not be able to log in to a Virtual Portal unless the wpsadmin user is a member of the corresponding realm.


Create a realm that combines users from the various registries

We can create a realm that combines users from various user registries; for example, the realm can span three LDAP user registries and a database user registry: LDAP1, LDAP2, LDAP3, and DB1. The following limitations apply...

  • Distinguished names must be unique for a realm over all registries.

    For example, if uid=wpsadmin,o=myco exists in LDAP1, it must not exist in LDAP2, LDAP3, or DB1.

  • The shortname, for example wpsadmin, should be unique for a realm over all registries.

  • The base distinguished names for all registries used within a realm must not overlap; for example, if LDAP1 is c=us,o=myco, LDAP2 should not be o=myco.

  • Do not leave the base entry blank for any of the registries used within a realm.

  • If IBM Domino will be one of the user registries in a multiple registry configuration and will share a realm with another user registry, ensure the groups are stored in a hierarchical format in the Domino Directory as opposed to the default flat-naming structure. For example, the flat-naming convention is cn=groupName and the hierarchical format is cn=groupName,o=root.

  • The user must exist in a user registry and not within the property extension configuration; otherwise, the user cannot be a member of the realm.


Parent User registry considerations