Map attributes - AIX

 

+

Search Tips   |   Advanced Search

 

Flag attributes as unsupported or required and then map the required attributes between WebSphere Portal and the LDAP server.

To map attributes between WebSphere Portal and your user registry:

1. To create...

   WP_PROFILE/ConfigEngine/log/availableAttributes.html

   ...run...

   cd WP_PROFILE/ConfigEngine directory
   ConfigEngine.sh wp-query-attribute-config -DWasPassword=password

   This file lists the available attributes for Users (PersonAccount) and Groups parameters.

2. Open the config trace file to review the following output for the PersonAccount and Group entity type:

   The following attributes are defined in WebSphere Portal but not in the LDAP server

   This list contains all attributes that are defined in WebSphere Portal but not available in the LDAP. Flag attributes that you do not plan to use in WebSphere Portal as unsupported. Map the attributes that you plan to use to the attributes that exist in the LDAP; also map the uid, cn, firstName, sn, preferredLanguage, and ibm-primaryEmail attributes.

   The following attributes are flagged as required in the LDAP server but not in WebSphere Portal

   This list contains all attributes that are defined as "MUST" in the LDAP server but not as required in WebSphere Portal. You should flag these attributes as required within WebSphere Portal.

   The following attributes have a different type in WebSphere Portal and in the LDAP server

   This list contains all attributes that WebSphere Portal might ignore because the data type within WebSphere Portal and within the LDAP server do not match.

3. Edit wkplc.properties located in WP_PROFILE/ConfigEngine/properties.

4. Enter a value for one of the following sets of parameters in the wkplc.properties file to correct any issues found in the config trace file:

   Option	Description
   Stand-alone	The following parameters are found under the LDAP attribute configuration heading: standalone.ldap.id standalone.ldap.attributes.nonSupported standalone.ldap.attributes.nonSupported.delete standalone.ldap.attributes.mapping.portalName standalone.ldap.attributes.mapping.ldapName standalone.ldap.attributes.mapping.entityTypes For example, the following values will flag certificate and members as unsupported attributes and will map ibm-primaryEmail to mail and ibm-jobTitle to title for both the PersonAccount and Group entityTypes: standalone.ldap.attributes.nonSupported=certificate, members standalone.ldap.attributes.nonSupported.delete= standalone.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle standalone.ldap.attributes.mapping.ldapName=mail,title standalone.ldap.attributes.mapping.entityTypes=PersonAccount, Group
   Federated	The following parameters are found under the VMM Federated repository properties heading: federated.ldap.attributes.nonSupported federated.ldap.attributes.nonSupported.delete federated.ldap.attributes.mapping.ldapName federated.ldap.attributes.mapping.portalName federated.ldap.attributes.mapping.entityTypes For example, the following values will flag certificate and members as unsupported attributes and will map ibm-primaryEmail to mail and ibm-jobTitle to title for both the PersonAccount and Group entityTypes: federated.ldap.attributes.nonSupported=certificate, members federated.ldap.attributes.nonSupported.delete= federated.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle federated.ldap.attributes.mapping.ldapName=mail,title federated.ldap.attributes.mapping.entityTypes=PersonAccount, Group

5. Save changes to the wkplc.properties file.

6. Run one of the following tasks to update the LDAP user registry configuration with the list of unsupported attributes and the proper mapping between WebSphere Portal and the LDAP user registry:

   Option	Description
   Stand-alone	./ConfigEngine.sh wp-update-standalone-ldap-attribute-config -DWasPassword=wpsadmin ... from the... WP_PROFILE/ConfigEngine ...directory
   Federated	./ConfigEngine.sh wp-update-federated-ldap-attribute-config -DWasPassword=wpsadmin ... from the... WP_PROFILE/ConfigEngine ...directory

7. To propagate the security changes:

   Option	Description
   Stand-alone environment	cd WP_PROFILE/bin ./stopServer.sh server1 -username adminid -password passwd ./stopServer.sh WebSphere_Portal -username adminid -password passwd ./startServer.sh server1 ./startServer.sh WebSphere_Portal
   Clustered environment	cd dmgr_profile_root\bin ./stopManager.sh cd WP_PROFILE/bin ./stopNode.sh -username adminid -password passwd ./stopServer.sh server1 -username adminid -password passwd ./stopServer.sh WebSphere_Portal -username adminid -password passwd cd dmgr_profile_root\bin ./startManager.sh cd WP_PROFILE/bin ./startNode.sh ./startServer.sh server1 ./startServer.sh WebSphere_Portal

8. Optional

   Perform the following steps to flag an attribute as either unsupported or required for the entire WebSphere Portal environment instead of just for the specified LDAP:

   1. Enter a value for the following required parameters in the wkplc.properties file:

      • user.attributes.required

      • user.attributes.nonsupported

   2. Save changes to the wkplc.properties file.

   3. Run...

      ./ConfigEngine.sh wp-update-attribute-config -DWasPassword=wpsadmin

      ...from WP_PROFILE/ConfigEngine.

   4. Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers.

 

Parent topic

Manage attributes

Previous topic:

Adding attributes

---