Federated repositories

Federated repositories

Federated repositories enable multiple combined repositories under a single realm.
Repositories can be...

file-based
LDAP
sub-tree of an LDAP

All repositories are active and invisible to WAS.
User ID (uid) and distinguished name (DN) must be unique across all user repositories. For example, if repository adapter searches of the combined repositories turn up multiple instances of user wasadmin, an exception is thrown.
If an app calls for a sorted list of people, WAS searches all of the federated repositories. Results are combined and sorted before the results are returned.
Unlike the local operating system, standalone LDAP registry, or custom registry options, federated repositories provide user and group management with read and write capabilities.
When configuring realms set...

Supported entity types
Base entry for the default parent

The base entry determines where write operations occur during user and group management.
To manage users and groups...

User management APIs.
Admin console.
Users and Groups | Manage Users
Users and Groups | Manage Groups

wsadmin commands.
WIMManagementCommands

If we do not configure the federated repositories functionality or do not enable federated repositories as the active repository, we cannot use the user management capabilities associated with federated repositories. To have authentication take place using the LDAP server, and enable user management functionality, configure an LDAP server as the active user registry and configure the same LDAP server under federated repositories, but do not select federated repositories as the active user repository.
Federated repository functionality in V7.0 vs. registry functionality from previous versions...

Federated repositories User registry
Supports registry types...

file-based
LDAP
database
custom

File-based and LDAP repositories are supported by the admin console.
Database and custom repositories, are supported by wsadmin or the configuration APIs.
Local operating system implementations are not supported.
Supported registry types...

local operating system
standalone LDAP registry
standalone custom registry

Supports multiple repositories in a realm within a cell. Supports one registry only in a realm within a cell.
Provides read and write capabilities for the repositories defined in the federated repository configuration. Provides read only capability for the registries.
Provides account and password policy support as defined by the registry type. However, this support is not provided by the federated repository functionality. Provides account and password policy support as defined by the registry type.
Supports identity profiles. Does not support identity profiles.
Uses the custom UserRegistry implementation. Uses the custom UserRegistry implementation.

Related tasks

Manage the realm in a federated repository configuration

Federated repositories	User registry
Supports registry types... file-based LDAP database custom File-based and LDAP repositories are supported by the admin console. Database and custom repositories, are supported by wsadmin or the configuration APIs. Local operating system implementations are not supported.	Supported registry types... local operating system standalone LDAP registry standalone custom registry
Supports multiple repositories in a realm within a cell.	Supports one registry only in a realm within a cell.
Provides read and write capabilities for the repositories defined in the federated repository configuration.	Provides read only capability for the registries.
Provides account and password policy support as defined by the registry type. However, this support is not provided by the federated repository functionality.	Provides account and password policy support as defined by the registry type.
Supports identity profiles.	Does not support identity profiles.
Uses the custom UserRegistry implementation.	Uses the custom UserRegistry implementation.