Specify a custom ID attribute for users or groups
Specify custom global unique ID attributes to identify users and groups in the LDAP directory.
Before starting
This is an optional task.By default, IBM Connections looks for LDAP attributes to use as the global unique IDs (guids) to identify users and groups in the LDAP directory. The identifiers assigned by LDAP directory servers are usually unique for any LDAP entry instance. If the user information is deleted and re-added, or exported and imported into another LDAP directory, the guid changes. Changes like this are usually implemented when employees change status, a directory record is deleted and added again, or when user data is ported across directories.
When the guid of a user changes, synchronize the LDAP with the Profiles database before that user logs in again. Otherwise, the user will have two accounts in IBM Connections and the user's previous content will appear to be lost as it is associated with the previous guid. If you assign a fixed attribute to each record, you can minimize the possibility of accidentally introducing dual accounts for a user in IBM Connections.
The wimconfig.xml file governs a single ID attribute for all supported objects such as users, groups, and organizations in WAS. You can use the LotusConnections-config.xml file to override the ID attribute in the wimconfig.xml file. For example, you could use the wimconfig.xml file to specify the ibm-entryUUID attribute as the ID Key attribute for users and groups in all applications running on WAS, and then modify the LotusConnections-config.xml file to specify the employeeID as the ID Key attribute for IBM Connections applications.
About this task
You can change the default setting to use a custom ID to identify users and groups in the directory.A custom ID must meet the following requirements:
- The ID must be static and unique. It must not be reassigned across users and groups in the directory.
- The ID must not exceed 256 characters in length. To achieve faster search results, use a fixed-length attribute for the ID.
Note: If you are planning to install the Files or Wikis application, the ID cannot exceed 252 characters in length.
- The ID must have a one-to-one mapping per directory object. You cannot use an attribute with multiple values as a unique ID.
To specify a custom attribute as the unique ID for users or groups...
Procedure
- From the VMM_HOME/model directory, open the wimxmlextension.xml file. If no file with this name exists, create one.
VMM_HOME is the directory where the Virtual Member Manager files are located. This location is set to either the wim.home system property or the user.install.root/config/cells/local.cell/wim directory.
- Add the definitions of the new property types and the entity types to which they apply. Ensure that the XML is well-formed and conforms to the schema defined in wimschema.xsd.
- To select a single ID attribute for both users and groups, use the following sample XML, which defines a new property type called enterpriseID and adds this property type to the PersonAccount and Group entity types:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:sdo="commonj.sdo" xmlns:wim="http://www.example.com/websphere/wim"> <wim:schema> <wim:propertySchema nsURI="http://www.example.com/websphere/wim" dataType="STRING" multiValued="false" propertyName="enterpriseID"> <wim:applicableEntityTypeNames>PersonAccount </wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.example.com/websphere/wim" dataType="STRING" multiValued="false" propertyName="enterpriseID"> <wim:applicableEntityTypeNames>Group </wim:applicableEntityTypeNames> </wim:propertySchema> </wim:schema> </sdo:datagraph>
- To use two different ID attributes, one for users and a different one for groups, use the following sample XML, which defines a property type called customUserID and adds it to the PersonAccount entity type, and also defines a property type called customGroupID and adds it to the Group entity type:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:sdo="commonj.sdo" xmlns:wim="http://www.example.com/websphere/wim"> <wim:schema> <wim:propertySchema nsURI="http://www.example.com/websphere/wim" dataType="STRING" multiValued="false" propertyName="customUserID"> <wim:applicableEntityTypeNames>PersonAccount </wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.example.com/websphere/wim" dataType="STRING" multiValued="false" propertyName="customGroupID"> <wim:applicableEntityTypeNames>Group </wim:applicableEntityTypeNames> </wim:propertySchema> </wim:schema> </sdo:datagraph>
Note: The customUserID and customGroupID properties are not related to the properties of the login ID.
- Add the new property types to each repository adapter. Open the wimconfig.xml file in a text editor.
Option Description AIX /usr/IBM/WebSphere/AppServer/profiles/<profile_name>/config/cells/<cell_name>/wim/config Linux™ /opt/IBM/WebSphere/AppServer/profiles/<profile_name>/config/cells/<cell_name>/wim/config Microsoft™ Windows™ C:\IBM\WebSphere\AppServer\profiles\<profile_name>\config\cells\<cell_name>\wim\config
- Find and edit the <config:attributeConfiguration> element, adding one of the following texts:
- To use a single ID attribute for both users and groups, using a string called enterpriseid, add the following text:
<config:attributeConfiguration> <config:externalIdAttributes name="enterpriseID" syntax="String"/> </config:attributeConfiguration>
- To use two different ID attributes, one for users and the other for groups, add the following text:
<config:attributeConfiguration> <config:attributes name="userPassword" propertyName="password"/> <config:attributes name="customUserID" propertyName="customUserID"/> <config:attributes name="customGroupID" propertyName="customGroupID"/> <config:propertiesNotSupported name="homeAddress"/> <config:propertiesNotSupported name="businessAddress"/> </config:attributeConfiguration>
- Save and close the wimconfig.xml file.
What to do next
If you specified different ID attributes for users and groups, complete the steps in the Configure the custom ID attribute for users or groups topic in the Post-installation tasks section of the product documentation. The steps in that task configure IBM Connections to use the custom ID attributes that you specified in this task.When you map fields in the Profiles database, ensure that you add the custom ID attribute to the PROF_GUID field in the EMPLOYEE table. See the Mapping fields manually topic.
Parent topic
Preparing to configure the LDAP directoryRelated concepts
Choosing login values
Specify the global ID attribute for users and groups
Related tasks
Configure the custom ID attribute for users or groups
Mapping fields manually
});