User registry options
Option Explanation Federated security Create Virtual Portals with multiple realms. We can also use multiple repositories (LDAP, database, custom), and we can add Application Groups to the system. Useful for merging multiple LDAP servers into one cohesive structure. To enable the transient user feature, choose the federated user registry configuration. Take care that there are no duplicate names between the various repositories. For example, if we installed the product with a Portal Administrator of admin1, then admin1 must not exist in the corporate LDAP server. Custom security There is a custom user registry and a custom member adapter for Virtual Member Manager (VMM). The abilities of this option depend on the implementation.
Federated security
WebSphere Portal is configured with a default federated repository with a built-in file repository. The federated repository offers the richest number of options to meet business needs. We can expand the business as needs grow. For example, the company acquires a new business with an existing LDAP user registry. We can add that LDAP server to the federated repository. Choose one of the following tasks to enable a production repository:
Task Description Add a federated LDAP repository to the VMM configuration This task does not change the current security assignment. The administrative user defined during installation is still active. Add a federated database repository to the VMM configuration This task does not change the current security assignment. The administrative user defined during installation is still active. Add a federated custom user registry This task does not change the current security assignment. The administrative user defined during installation is still active. After adding the initial user registry, we can add more user registries to the repository to create a multiple user registry configuration. After configuring the repository, we can optionally remove the default file-based repository. We do not have to remove the file-based repository in a development environment, or if we are using IBM Connections.
The following tasks are required to remove the default file-based repository:
Task Description Change the user registry where users and groups are stored Changes the default repository where new users and groups are stored. Change WAS administrator Changes the WAS administrator user ID and password. Change Portal Server administrator Changes the WebSphere Portal administrator user ID and password. Delete a federated repository from the VMM configuration Deletes the default file-based repository from the configuration. After using the federated repository, we might need to manage the user registry. We can run any of the following optional tasks to fine-tune the federated repository:
Task Description Update the federated LDAP user registry Update certain parameters such as the bind ID and password to fix issues with the LDAP user registry. Update the federated database user registry Update certain parameters such as the data source name, database URL, and database type to fix issues with the database user registry. Create a realm Create a realm, which is a group of users from one or more user registries that form a coherent group within WebSphere Portal. A realm must be mapped to a Virtual Portal to allow the defined users to log in to the virtual portal. In a federated repository, we can create multiple realms.
Parent User registry considerations