ldapentry.xml
The WCServer_enterprise_archive/xml/ldap/ldapentry.xml file provides a default mapping for the most commonly used fields and replaces the ldapmap.xml file used in earlier versions of WebSphere Commerce. (Ensure the contents of your ldapmap.xml file used previously are transferred to the ldapentry.xml file.)
LDAP attributes in the default schema mapping are based on the default user object classes (person, organizationalPerson, inetOrgPerson, and ePerson) and default organizational entity object classes (organization and organizationalUnit). These object classes are defined for all LDAP servers supported by WebSphere Commerce. To extend the default schema mapping beyond these object classes, ensure that schema extensions are performed on the LDAP server first, then mapping for new attributes can be placed in the ldapentry .xml file. IBM recommends that you do not persist to LDAP internally generated keys within WebSphere Commerce or data that changes often (such as the PREVLASTSESSION column of the USERS table).
For information about LDAP attributes, refer to IBM LDAP Directory Schema: Overview.
<?xml version="1.0"?> <!DOCTYPE ldapentry SYSTEM "ldapentry.dtd"> <ldapentry> <entry entryName="User"> <ldapsetting> <ldaprdn rdnName="uid" keyAttrName="logonId" keyObjName="UserRegistry"/> <ldapocs objClass="top;person;organizationalPerson;inetOrgPerson"/> <ldapbase defaultBase="o=Default Organization,o=Root Organization" searchBase="o=Root Organization"/> </ldapsetting> <ldapmap> <map> <objectAttribute attrName="logonPassword"/> <ldapAttribute name="userPassword" operation="replace" flow="wcsToLdap"/> </map> <map> <objectAttribute attrName="lastName"/> <objectAttribute attrName="firstName"/> <objectSeparator attrSeparator="/"/> <ldapAttribute name="cn" operation="replace" flow="wcsToLdap"/> </map> <map> <objectAttribute attrName="lastName"/> <ldapAttribute name="sn" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="firstName"/> <ldapAttribute name="givenName" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="phone1"/> <ldapAttribute name="homePhone" operation="add" flow="bothDirections"/> </map> <map> <objectAttribute attrName="email1"/> <ldapAttribute name="mail" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="zipCode"/> <ldapAttribute name="postalCode" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="address1" size="50"/> <objectAttribute attrName="address2" size="50"/> <objectAttribute attrName="address3" size="50"/> <objectSeparator attrSeparator="/"/> <ldapAttribute name="postalAddress" operation="replace" flow="bothDirections"/> </map> </ldapmap> </entry> <entry entryName="Organization"> <ldapsetting> <ldaprdn rdnName="o" keyAttrName="orgEntityName" keyObjName="Organization"/> <ldapocs objClass="top;organization"/> <ldapbase defaultBase="o=Root Organization" searchBase="o=Root Organization"/> </ldapsetting> <ldapmap> <map> <objectAttribute attrName="businessCategory"/> <ldapAttribute name="businessCategory" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="description"/> <ldapAttribute name="description" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="address1" size="50"/> <objectAttribute attrName="address2" size="50"/> <objectAttribute attrName="address3" size="50"/> <objectSeparator attrSeparator="/"/> <ldapAttribute name="postalAddress" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="phone1"/> <ldapAttribute name="telephoneNumber" operation="add" flow="bothDirections"/> </map> </ldapmap> </entry> <entry entryName="OrganizationalUnit"> <ldapsetting> <ldaprdn rdnName="ou" keyAttrName="orgEntityName" keyObjName="Organization"/> <ldapocs objClass="top;organizationalUnit"/> <ldapbase defaultBase="o=Root Organization" searchBase="o=Root Organization"/> </ldapsetting> <ldapmap> <map> <objectAttribute attrName="businessCategory"/> <ldapAttribute name="businessCategory" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="description"/> <ldapAttribute name="description" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="address1" size="50"/> <objectAttribute attrName="address2" size="50"/> <objectAttribute attrName="address3" size="50"/> <objectSeparator attrSeparator="/"/> <ldapAttribute name="postalAddress" operation="replace" flow="bothDirections"/> </map> <map> <objectAttribute attrName="phone1"/> <ldapAttribute name="telephoneNumber" operation="add" flow="bothDirections"/> </map> </ldapmap> </entry> </ldapentry>The format of the ldapentry.xml file is as follows:
- entry
- The entry element identifies which type of member the mappings are for. Valid values are User, Organization, or OrganizationalUnit.
- ldapsetting - ldaprdn - rdnName
- Specifies which LDAP attribute is the RDN attribute
- ldapsetting - ldaprdn - keyAttrName
- Specifies which WebSphere Commerce attribute maps to the RDN attribute. For users, the attribute name corresponds to the property name documented in the syntax of the UserRegistrationAdd command. The attribute name is case sensitive. Similarly for organization and organizational unit in which case the OrgEntityAdd command should be used.
- ldapsetting - ldaprdn - keyObjName
- Specifies which WebSphere Commerce access bean can the WebSphere Commerce attribute specified in keyAttrName be found
- ldapsetting - ldapocs - objClass
This option is no longer used. It has been moved to the wmm.xml file.
- ldapsetting - ldapbase - defaultBase
This option is no longer used. It has been moved to the wmm.xml file.
- ldapsetting - ldapbase - searchBase
This option is no longer used. It has been moved to the wmm.xml file.
- map -objectAttribute - attrName
- A WebSphere Commerce attribute name. For users, the attribute name corresponds to the property name documented in the syntax of the UserRegistrationAdd command. The attribute name is case sensitive. Similarly for organization and organizational unit in which case the OrgEntityAdd command should be used. This entry also allows for Address attributes to be mapped. The properties are those defined in AddressAdd command.
- map -ldapAttribute - name
- Name of an LDAP attribute to be mapped to the WebSphere Commerce attribute specified in attrName
- map -ldapAttribute - flow
- Specifies whether the attribute value is read from, written to, or both read and written to LDAP. Valid values are ldapToWcs, wcsToLdap, or bothDirections.
- map -ldapAttribute - operation
- Specifies whether how the attribute value should be modified for LDAP. Valid values are replace or add. A value of replace updates the current user information with the new information provided (for example, replace a existing phone number with a new one). A value of add includes another entry for the user (for example, adding a new phone number to the current user information, making a list of phone numbers for the user).
- map - objectSeparator - attrSeparator
- Separator character used when storing or retrieving multiple WebSphere Commerce attributes to or from a single LDAP attribute.
Related concepts
WebSphere Commerce authentication model
Related tasks
Enabling security with an LDAP user registry
Related Reference