Map external IDs (extId) in Member Manager

 

+
Search Tips   |   Advanced Search

 


Overview>

Every main profile repository that is used with Member Manager needs to have an attribute whose value is unique, static, and never reused for every member entry. In Member Manager, this attribute is called extId. If a Lookaside repository is also used with Member Manager, extId allows Member Manager to associate data for a member in the Lookaside repository to the data for the same member in the main profile repository. 

WebSphere Portal provides three ways to map the external IDs in the LDAP repository:

  1. Unique ID attribute generated by the LDAP server
  2. Unique ID attribute generated by Member Manager (ibm-appUUID)
  3. Distinguished name of the member

 

Map external IDs to a unique ID attribute generated by the LDAP server

Some LDAP servers already have a unique ID attribute that will be automatically populated by the LDAP server for each entry that is created on the LDAP server. If you are using an LDAP server with Member Manager, it is likely that your LDAP server already has an attribute whose value is unique, static, and never reused.  In this case, map that attribute to the extId attribute in Member Manager and set wmmGenerateExtId to false. You can map extId to this unique ID attribute that is generated by the LDAP server in...

<wp_root>/wmm/wmmLDAPServerAttributes.xml

...and set wmmGenerateExtId to false.

There are two data types for the unique ID that is generated by the LDAP server, string type and octet string type.

To map external IDs to a unique ID attribute that is generated by the LDAP server:

  1. Open...

    <wp_root>/shared/app/wmm/wmm.xml

    ...search for wmmGenerateExtId, and set it to false.

  2. Open...

    <wp_root>/wmm/wmmLDAPServerAttributes.xml

    This file is different for each LDAP server type. Set the attribute for your system, as follows:

    • IBM Directory Server

      IBM Directory Server V5.1 has a unique ID attribute called ibm-entryUuid that has a string data type. Map extId to this attribute in...

      <wp_root>/wmm/wmmLDAPServerAttributes.xml

      For example...

         <attributeMap wmmAttributeName="extId"    
                       applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                       pluginAttributeName="ibm-entryUuid"
                       dataType="String"          
                       multiValued="false"
                       readOnly="true"/>
      
    • Sun ONE Directory Server

      Sun ONE Directory Server V5.1 (formerly iPlanet) has a unique ID attribute called nsuniqueid that has a string data type. Map extId to this attribute in...

      <wp_root>/wmm/wmmLDAPServerAttributes.xml

      For example...

         <attributeMap wmmAttributeName="extId"    
                       applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                       pluginAttributeName="nsuniqueid"
                       dataType="String"       
                       multiValued="false"
                       readOnly="true"/>
      

    • Microsoft Active Directory

      Microsoft Active Directory server has a unique ID attribute called objectGUID that has an octet string type. In...

      <wp_root>/wmm/wmmLDAPServerAttributes.xml

      ...map extId to this attribute, and specify pluginDataType as OctetString:

         <attributeMap wmmAttributeName="extId" 
                       applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                       pluginAttributeName="objectGUID"
                       dataType="String"
                       pluginDataType="OctetString"
                       multiValued="false"
                       readOnly="true"/>
      

    • Novell eDirectory

      Novell eDirectory Server has a unique ID attribute called GUID that has an octet string type. In...

      <wp_root>/wmm/wmmLDAPServerAttributes.xml

      ... map extId to this attribute, and specify pluginDataType as OctetString:

         <attributeMap  wmmAttributeName="extId" 
                        applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
                        pluginAttributeName="GUID"
                        dataType="String"
                        pluginDataType="OctetString"
                        multiValued="false"
                        readOnly="true"/>
      

 

Map external IDs to a unique ID attribute that is generated by Member Manager (ibm-appUUID)

If your LDAP server does not have an attribute whose value is unique, static, and never reused, you can set wmmGenerateExtId to true.  In this case, Member Manager attaches the LDAP auxiliary class ibm-appUUIDAux with an attribute ibm-appUUID to every LDAP entry that is accessed by Member Manager. The ibm-appUUID attribute is the unique, static, and never reused attribute that is added by Member Manager to your LDAP server entries. 

To map external IDs to a unique ID attribute that is generated by Member Manager:

  1. Create the schema of the ibm-appUUIDAux auxiliary object class and the ibm-appUUID attribute on the LDAP server. To do this, refer to the documentation for configuring Directory Server for Member Manager.

  2. Open...

    <wp_root>/shared/app/wmm/wmm.xml

    ...search for wmmGenerateExtId, and set it to true.

  3. In wmm.xml, add ibm-appUUIDAux object class to all member types:

    <supportedLdapEntryTypes>
       <supportedLdapEntryType name="Person"
          rdnAttrTypes="uid" 
          ojectClassesForRead="inetOrgPerson"
          objectClassesForWrite="inetOrgPerson;ibm-appUUIDAux"/>
       <supportedLdapEntryType name="Group"
          rdnAttrTypes="cn"      
          objectClassesForRead="groupOfNames"
          objectClassesForWrite="groupOfNames;ibm-appUUIDAux"/>
       <supportedLdapEntryType name="Organization"
          rdnAttrTypes="o" 
          objectClassesForRead="organization"
          objectClassesForWrite="organization;ibm-appUUIDAux"/>
       <supportedLdapEntryType name="OrganizationalUnit"
          rdnAttrTypes="ou" 
          objectClassesForRead="organizationalUnit"
          objectClassesForWrite="organizationalUnit;ibm-appUUIDAux"/>
    </supportedLdapEntryTypes>
    

  4. Open...

    <wp_root>/wmm/wmmLDAPServerAttributes.xml

    Map extId to ibm-appUUID.           

        <attributeMap        wmmAttributeName="extId"        
           applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
           pluginAttributeName="ibm-appUUID"
           dataType="String"               
           multiValued="false"
           readOnly="true"/>
    

 

Map external IDs to the distinguished name of the member

If your LDAP server does not have an attribute whose value is unique, static, and never reused, and you do not want Member Manager to attach auxiliary classes to your LDAP entries, you can map the extId attribute to the LDAP distinguished name (DN). However, because the value of extId is meant to be unique, static, and never reused, by mapping the LDAP DN to extId, you assume that LDAP DN values are not only unique, but also static and never reused, which might not be true.

The attribute wmmGenerateExtId in wmm.xml determines whether or not the repository needs Member Manager to generate the external ID. If you map extId to a unique attribute that is automatically populated by the LDAP server or mapped to the DN, set wmmGenerateExtId to false.

You can also use the distinguished name of the member as its external ID. To do this, map extId to DistinguishedName in...

<wp_root>/wmm/wmmLDAPServerAttributes.xml

It is not necessary to change the LDAP schema. However, because the DN is modifiable, it cannot always uniquely identify the LDAP entries.

    <attributeMap        wmmAttributeName="extId"    
       applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
       pluginAttributeName="DistinguishedName"
       dataType="String"        
       multiValued="false"
       readOnly="true"/>

 

See also

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.