Overview of user registry options


Overview

General security options...

Security option Explanation
Standalone LDAP Single LDAP security option. Similar to the LDAP security option provided in the past. With this option, you can...

  • Create Virtual Portals with a single realm
  • Store users and groups in a single LDAP server
Federated Single realm support option. With this option, you can...

  • Create Virtual Portals with multiple realms
  • Use multiple repositories (LDAP, database, custom)
  • Add Application Groups to system

This option enables merging of multiple LDAP servers into one cohesive structure.

Take care that there are no duplicate names between the various repositories. For example, if you installed the product with a Portal Administrator of "wpsadmin", then the user "wpsadmin" should not exist in the corporate LDAP server.

Custom Write a full controlled WebSphere Security environment by providing a Custom User Registry and a Custom Member Adapter for Virtual Member Manager (VMM). The abilities of this option will depend on implementation.


Standalone LDAP security

Out-of-the-box, WebSphere Portal is configured with the default federated repository with a built-in file repository. Therefore, run the wp-modify-ldap.security task to switch to a standalone LDAP user registry. In order to ensure that LDAP user registry runs properly with WebSphere Portal, then adapt the attribute configuration to match the configured LDAP server and business needs. After completing the steps for these tasks, security is ready for production.

After using standalone LDAP user registry, you may need to manage user registry; you can perform any of the following optional tasks to fine-tune standalone LDAP user registry:

Task Explanation
Update the standalone LDAP user registry You can update certain parameters such as bind ID and password to fix issues with LDAP user registry.

Property extension database

Choose this option to store additional attributes inside the VMM property extension instead of within the LDAP user registry. Some applications, such as Common Mail portlet and IBM Web Content Manager use the property extension database to store additional attributes. After you enable the property extension database, you can add attributes to meet business needs.

Create the entity type

Choose this option if you want to use an entity type that exists in WebSphere Portal but not within LDAP user registry. This option creates the entity type in user registry and adds the relative distinguished name (RDN) to map the entity type between WebSphere Portal and user registry.

Update an existing entity type

Choose this option to update the default parent of an existing, single entity type; for example, if you deleted a repository and the entity type points to the deleted repository, you will need to update the information to point to a new repository.


Federated security

Out-of-the-box, WebSphere Portal is configured with the default federated repository with a built-in file repository. The federated repository offers you the richest amount of options to meet business needs and to allow you to expand business as needs grow. For example, if company acquires a new business that has an existing LDAP user registry, you can just add that LDAP server to federated repository. Choose one of the following tasks to enable a production repository:

Task Description
Add a federated LDAP repository to the VMM configuration Add an LDAP server to the federated repository. This task does not change the current security assignment; therefore, the administrative user defined during installation is still active.
Add a federated database repository to the VMM configuration Add a database to the federated repository. This task does not change the current security assignment; therefore, the administrative user defined during installation is still active.
Add a federated custom user registry Add a custom user registry that company created to the federated repository. This task does not change the current security assignment; therefore, the administrative user defined during installation is still active.

After you add initial LDAP user registry, database user registry, or custom user registry, you can add additional user registries to the repository to create a multiple user registry configuration. After configuring repository, remove the default file-based repository unless this is a development environment. The following tasks are required to remove the default file-based repository:

Task Description
Change the user registry where users and groups are stored This task changes the default repository where new users and groups are stored.
Change WAS administrator This task changes the WAS administrator user ID and password from what was defined during installation to the new user ID and password required for clustered or standalone production environment.
Change WebSphere Portal Server administrator This task changes the WebSphere Portal administrator user ID and password from what was defined during installation to the new user ID and password required for clustered or standalone production environment.
Delete a federated repository from the VMM configuration This task deleted the default file-based repository from configuration.

After using federated repository, you may need to manage user registry; you can perform any of the following optional tasks to fine-tune federated repository:

Task Description
Update the federated LDAP user registry Choose this option to update certain parameters such as bind ID and password to fix issues with LDAP user registry.
Update the federated database user registry Choose this option to update certain parameters such as the data source name, database URL, and database type to fix issues with database user registry.
Create a new realm Choose this option to create a realm, which is a group of users from one or more user registries that form a coherent group within WebSphere Portal. Realms allow flexible user management with various configuration options. A realm must be mapped to a Virtual Portal to allow the defined users to log in to the Virtual Portal. In a federated repository, you can create multiple realms.
Property extension database Choose this option to store additional attributes inside the VMM property extension instead of within the LDAP user registry. Some applications, such as Common Mail portlet and IBM Web Content Manager use the property extension database to store additional attributes. After you enable the property extension database, you can add attributes to meet business needs.
Create the entity type Choose this option if you want to use an entity type that exists in WebSphere Portal but not within LDAP user registry. This option creates the entity type in user registry and adds the relative distinguished name (RDN) to map the entity type between WebSphere Portal and user registry.
Update an existing entity type Choose this option to update the default parent of an existing, single entity type; for example, if you deleted a repository and the entity type points to the deleted repository, you will need to update the information to point to a new repository.


Parent

User registry considerations

 


+

Search Tips   |   Advanced Search