wimconfig.xml
<?xml v.mycoon="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:config="http://www.ibm.com/websphere/wim/config"
xmlns:sdo="commonj.sdo">
<config:configurationProvider maxPagingResults="500"
maxSearchResults="4500"
maxTotalPagingResults="1000"
pagedCacheTimeOut="900"
pagingEntityObject="true"
searchTimeOut="600000">
<config:dynamicModel xsdFileName="wimdatagraph.xsd"/>
<config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="Group">
<config:rdnProperties>cn</config:rdnProperties>
</config:supportedEntityTypes>
<config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="OrgContainer">
<config:rdnProperties>o</config:rdnProperties>
<config:rdnProperties>ou</config:rdnProperties>
<config:rdnProperties>dc</config:rdnProperties>
<config:rdnProperties>cn</config:rdnProperties>
</config:supportedEntityTypes>
<config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="PersonAccount">
<!-- config:rdnProperties>uid</config:rdnProperties -->
<config:rdnProperties>cn</config:rdnProperties>
</config:supportedEntityTypes>
<config:repositories xsi:type="config:FileRepositoryType"
adapterClassName="com.ibm.ws.wim.adapter.file.was.FileAdapter"
id="InternalFileRepository"
supportPaging="false"
messageDigestAlgorithm="SHA-1">
<config:baseEntries name="o=defaultWIMFileBasedRealm"/>
</config:repositories>
<config:repositories xsi:type="config:LdapRepositoryType"
adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter"
id="PortalLdap"
isExtIdUnique="true"
supportAsyncMode="false"
supportExternalName="false"
supportPaging="false"
supportSorting="false"
supportTransactions="false"
supportChangeLog="native"
certificateFilter=""
certificateMapMode="EXACT_DN"
ldapServerType="AD"
translateRDN="false">
<config:baseEntries name="dc=st,dc=myco" nameInRepository="dc=st,dc.myco"/>
<config:loginProperties>uid</config:loginProperties>
<config:loginProperties>cn</config:loginProperties>
<config:ldapServerConfiguration primaryServerQueryTimeInterval="15"
returnToPrimaryServer="true"
searchCountLimit="500"
searchTimeLimit="120000"
sslConfiguration="CellDefaultSSLSettings">
<config:ldapServers authentication="simple"
bindDN="CN=Service-PortalBind,CN=Users,DC=st,DC.myco"
bindPassword="foo"
connectionPool="false"
connectTimeout="0"
derefAliases="always"
referal="ignore"
sslEnabled="true">
<config:connections host="st-dc.myco" port="636"/>
</config:ldapServers>
</config:ldapServerConfiguration>
<config:ldapEntityTypes name="OrgContainer">
<config:rdnAttributes name="o" objectClass="organization"/>
<config:rdnAttributes name="ou" objectClass="organizationalUnit"/>
<config:rdnAttributes name="dc" objectClass="domain"/>
<config:rdnAttributes name="cn" objectClass="container"/>
<config:objectClasses>organization</config:objectClasses>
<config:objectClasses>organizationalUnit</config:objectClasses>
<config:objectClasses>domain</config:objectClasses>
<config:objectClasses>container</config:objectClasses>
</config:ldapEntityTypes>
<config:ldapEntityTypes name="PersonAccount" searchFilter="">
<config:objectClasses>user</config:objectClasses>
<!-- config:searchBases>CN=Users,DC=ST,DC=MyCo</config:searchBases -->
<config:searchBases>OU=ExternalUsers,DC=ST,DC=MyCo</config:searchBases>
<config:searchBases>OU=IndividualProxyUsers,DC=ST,DC=MyCo</config:searchBases>
<config:searchBases>OU=InternalUsers,DC=ST,DC=MyCo</config:searchBases>
</config:ldapEntityTypes>
<config:ldapEntityTypes name="Group" searchFilter="">
<config:objectClasses>group</config:objectClasses>
<config:searchBases>OU=Roles,DC=ST,DC=MyCo</config:searchBases>
<!-- config:searchBases>OU=ExternalUsers,DC=ST,DC=MyCo</config:searchBases -->
<!-- config:searchBases>OU=IndividualProxyUsers,DC=ST,DC=MyCo</config:searchBases -->
<!-- <config:searchBases>OU=InternalUsers,DC=ST,DC=MyCo</config:searchBases -->
</config:ldapEntityTypes>
<config:groupConfiguration>
<!-- config:memberAttributes name="member" objectClass="group" scope="direct"/ -->
<!-- config:memberAttributes dummyMember="" name="uniqueMember" objectClass="groupOfUniqueNames"
scope="direct"/ -->
<config:memberAttributes dummyMember="" name="member" objectClass="group"
scope="direct"/>
</config:groupConfiguration>
<config:attributeConfiguration>
<config:attributes defaultValue="515" name="userAccountControl">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="samAccountName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes defaultAttribute="cn" name="samAccountName">
<config:entityTypes>Group</config:entityTypes>
</config:attributes>
<config:attributes defaultValue="8" name="groupType">
<config:entityTypes>Group</config:entityTypes>
</config:attributes>
<config:attributes name="unicodePwd" propertyName="password" syntax="unicodePwd"/>
<config:attributes name="title" propertyName="ibm-jobTitle">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="mail" propertyName="ibm-primaryEmail">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes defaultValue="512" name="userAccountControl">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="userprincipalname" propertyName="kerberosId">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="pager" propertyName="pager">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="sn" propertyName="sn">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="initials" propertyName="initials">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="postalCode" propertyName="postalCode">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="mobile" propertyName="mobile">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="telephoneNumber" propertyName="telephoneNumber">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="givenName" propertyName="givenName">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="cn" propertyName="cn">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:propertiesNotSupported name="description"/>
<config:propertiesNotSupported name="jpegPhoto"/>
<config:propertiesNotSupported name="labeledURI"/>
<config:propertiesNotSupported name="carLicense"/>
<!-- config:propertiesNotSupported name="pager"/ -->
<config:propertiesNotSupported name="roomNumber"/>
<config:propertiesNotSupported name="localityName"/>
<config:propertiesNotSupported name="stateOrProvinceName"/>
<config:propertiesNotSupported name="countryName"/>
<config:propertiesNotSupported name="employeeNumber"/>
<config:propertiesNotSupported name="employeeType"/>
<config:propertiesNotSupported name="businessCategory"/>
<config:propertiesNotSupported name="departmentNumber"/>
<config:propertiesNotSupported name="homeAddress"/>
<config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration>
<config:contextPool enabled="true"
initPoolSize="1" maxPoolSize="20"
poolTimeOut="0"
poolWaitTime="3000"
prefPoolSize="3"/>
<config:cacheConfiguration>
<config:attributesCache attributeSizeLimit="2000"
cacheSize="4000"
cacheTimeOut="1200"
enabled="true"/>
<config:searchResultsCache cacheSize="2000"
cacheTimeOut="600"
enabled="true"
searchResultSizeLimit="1000"/>
</config:cacheConfiguration>
</config:repositories>
<config:realmConfiguration defaultRealm="defaultWIMFileBasedRealm">
<config:realms delimiter="/" name="defaultWIMFileBasedRealm" securityUse="active">
<config:participatingBaseEntries name="o=defaultWIMFileBasedRealm"/>
<config:participatingBaseEntries name="dc=st,dc=myco"/>
<config:uniqueUserIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:userDisplayNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:uniqueGroupIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:groupSecurityNameMapping propertyForInput="cn" propertyForOutput="cn"/>
<config:groupDisplayNameMapping propertyForInput="cn" propertyForOutput="cn"/>
</config:realms>
</config:realmConfiguration>
<config:pluginManagerConfiguration>
<config:topicSubscriberList>
<config:topicSubscriber topicSubscriberName="DefaultDAViewProcessor"
topicSubscriberType="ModificationSubscriber">
<config:className>com.ibm.ws.wim.plugins.orgview.impl.DefaultDAViewProcessorImpl</config:className>
</config:topicSubscriber>
</config:topicSubscriberList>
<config:topicRegistrationList>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.create">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="createInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.delete">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="deleteInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.update">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.get">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="getInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.authz.ProfileSecurityManager">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="getInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
</config:topicRegistrationList>
</config:pluginManagerConfiguration>
<config:authorization defaultAttributeGroup="default"
importPolicyFromFile="true"
isAttributeGroupingEnabled="true"
isSecurityEnabled="true"
jaccPolicyClass="com.ibm.sec.authz.provider.CommonAuthzPolicy"
jaccPolicyConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzPolicyConfigurationFactory"
jaccPrincipalToRolePolicyFileName="wim-rolemapping.xml"
jaccPrincipalToRolePolicyId="WIM Policy"
jaccRoleMappingClass="com.ibm.sec.authz.provider.CommonAuthzRoleMapping"
jaccRoleMappingConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzRoleMappingConfigurationFactory"
jaccRoleToPermissionPolicyFileName="wim-policy.xml"
jaccRoleToPermissionPolicyId="WIM Policy"
useSystemJACCProvider="false">
<config:attributeGroups>
<config:groupName>general</config:groupName>
<config:attributeNames>cn</config:attributeNames>
<config:attributeNames>sn</config:attributeNames>
<config:attributeNames>uid</config:attributeNames>
</config:attributeGroups>
<config:attributeGroups>
<config:groupName>sensitive</config:groupName>
<config:attributeNames>password</config:attributeNames>
</config:attributeGroups>
<config:attributeGroups>
<config:groupName>unchecked</config:groupName>
<config:attributeNames>identifier</config:attributeNames>
<config:attributeNames>createTimestamp</config:attributeNames>
<config:attributeNames>modifyTimestamp</config:attributeNames>
<config:attributeNames>entitlementInfo</config:attributeNames>
</config:attributeGroups>
</config:authorization>
</config:configurationProvider>
</sdo:datagraph>