Map external IDs (extId) in Member Manager
Overview>
Every main profile repository that is used with Member Manager needs to have an attribute whose value is unique, static, and never reused for every member entry. In Member Manager, this attribute is called extId. If a Lookaside repository is also used with Member Manager, extId allows Member Manager to associate data for a member in the Lookaside repository to the data for the same member in the main profile repository.
WebSphere Portal provides three ways to map the external IDs in the LDAP repository:
- Unique ID attribute generated by the LDAP server
- Unique ID attribute generated by Member Manager (ibm-appUUID)
- Distinguished name of the member
Map external IDs to a unique ID attribute generated by the LDAP server
Some LDAP servers already have a unique ID attribute that will be automatically populated by the LDAP server for each entry that is created on the LDAP server. If you are using an LDAP server with Member Manager, it is likely that your LDAP server already has an attribute whose value is unique, static, and never reused. In this case, map that attribute to the extId attribute in Member Manager and set wmmGenerateExtId to false. You can map extId to this unique ID attribute that is generated by the LDAP server in...
<wp_root>/wmm/wmmLDAPServerAttributes.xml...and set wmmGenerateExtId to false.
There are two data types for the unique ID that is generated by the LDAP server, string type and octet string type.
To map external IDs to a unique ID attribute that is generated by the LDAP server:
- Open...
<wp_root>/shared/app/wmm/wmm.xml...search for wmmGenerateExtId, and set it to false.
- Open...
<wp_root>/wmm/wmmLDAPServerAttributes.xmlThis file is different for each LDAP server type. Set the attribute for your system, as follows:
- IBM Directory Server
IBM Directory Server V5.1 has a unique ID attribute called ibm-entryUuid that has a string data type. Map extId to this attribute in...
<wp_root>/wmm/wmmLDAPServerAttributes.xmlFor example...
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="ibm-entryUuid" dataType="String" multiValued="false" readOnly="true"/>- Sun ONE Directory Server
Sun ONE Directory Server V5.1 (formerly iPlanet) has a unique ID attribute called nsuniqueid that has a string data type. Map extId to this attribute in...
<wp_root>/wmm/wmmLDAPServerAttributes.xmlFor example...
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="nsuniqueid" dataType="String" multiValued="false" readOnly="true"/>- Microsoft Active Directory
Microsoft Active Directory server has a unique ID attribute called objectGUID that has an octet string type. In...
<wp_root>/wmm/wmmLDAPServerAttributes.xml...map extId to this attribute, and specify pluginDataType as OctetString:
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="objectGUID" dataType="String" pluginDataType="OctetString" multiValued="false" readOnly="true"/>- Novell eDirectory
Novell eDirectory Server has a unique ID attribute called GUID that has an octet string type. In...
<wp_root>/wmm/wmmLDAPServerAttributes.xml... map extId to this attribute, and specify pluginDataType as OctetString:
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="GUID" dataType="String" pluginDataType="OctetString" multiValued="false" readOnly="true"/>
Map external IDs to a unique ID attribute that is generated by Member Manager (ibm-appUUID)
If your LDAP server does not have an attribute whose value is unique, static, and never reused, you can set wmmGenerateExtId to true. In this case, Member Manager attaches the LDAP auxiliary class ibm-appUUIDAux with an attribute ibm-appUUID to every LDAP entry that is accessed by Member Manager. The ibm-appUUID attribute is the unique, static, and never reused attribute that is added by Member Manager to your LDAP server entries.
To map external IDs to a unique ID attribute that is generated by Member Manager:
- Create the schema of the ibm-appUUIDAux auxiliary object class and the ibm-appUUID attribute on the LDAP server. To do this, refer to the documentation for configuring Directory Server for Member Manager.
- Open...
<wp_root>/shared/app/wmm/wmm.xml...search for wmmGenerateExtId, and set it to true.
In wmm.xml, add ibm-appUUIDAux object class to all member types:
<supportedLdapEntryTypes> <supportedLdapEntryType name="Person" rdnAttrTypes="uid" ojectClassesForRead="inetOrgPerson" objectClassesForWrite="inetOrgPerson;ibm-appUUIDAux"/> <supportedLdapEntryType name="Group" rdnAttrTypes="cn" objectClassesForRead="groupOfNames" objectClassesForWrite="groupOfNames;ibm-appUUIDAux"/> <supportedLdapEntryType name="Organization" rdnAttrTypes="o" objectClassesForRead="organization" objectClassesForWrite="organization;ibm-appUUIDAux"/> <supportedLdapEntryType name="OrganizationalUnit" rdnAttrTypes="ou" objectClassesForRead="organizationalUnit" objectClassesForWrite="organizationalUnit;ibm-appUUIDAux"/> </supportedLdapEntryTypes>Open...
<wp_root>/wmm/wmmLDAPServerAttributes.xmlMap extId to ibm-appUUID.
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="ibm-appUUID" dataType="String" multiValued="false" readOnly="true"/>
Map external IDs to the distinguished name of the member
If your LDAP server does not have an attribute whose value is unique, static, and never reused, and you do not want Member Manager to attach auxiliary classes to your LDAP entries, you can map the extId attribute to the LDAP distinguished name (DN). However, because the value of extId is meant to be unique, static, and never reused, by mapping the LDAP DN to extId, you assume that LDAP DN values are not only unique, but also static and never reused, which might not be true.
The attribute wmmGenerateExtId in wmm.xml determines whether or not the repository needs Member Manager to generate the external ID. If you map extId to a unique attribute that is automatically populated by the LDAP server or mapped to the DN, set wmmGenerateExtId to false.
You can also use the distinguished name of the member as its external ID. To do this, map extId to DistinguishedName in...
<wp_root>/wmm/wmmLDAPServerAttributes.xmlIt is not necessary to change the LDAP schema. However, because the DN is modifiable, it cannot always uniquely identify the LDAP entries.
<attributeMap wmmAttributeName="extId" applicableMemberTypes="Person;Group;Organization;OrganizationalUnit" pluginAttributeName="DistinguishedName" dataType="String" multiValued="false" readOnly="true"/>
See also
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.