Operating Systems: i5/OS
             Personalize the table of contents and search results
Configure supported entity types in a federated repository configuration
Follow this task to configure supported entity types for user and
group management.
Overview
You must configure the supported entity types before you can manage
this account with Users and Groups in the administrative console. The supported
entity types are Group, OrgContainer, and PersonAccount. A Group entity represents
a simple collection of entities that might not have any relational context.
An OrgContainer entity represents an organization, such as a company or an
enterprise, a subsidiary, or an organizational unit, such as a division, a
location, or a department. A PersonAccount entity represents a human being.
You cannot add or delete the supported entity types, because these types are
predefined.The Base entry for the default parent determines the repository
location where entities of the specified type are placed on write operations
by user and group management.
Note: To manage users and groups, click Users
and Groups in the console navigation tree. Click either Manage Users or Manage
Groups.
Procedure
- In the administrative console, click Security > Secure administration,
applications, and infrastructure.
- Under User account repository, select Federated repositories from
the Available realm definitions field and click Configure.
- Click Supported entity types to view a list of predefined
entity types.
- Click the name of a predefined entity type to change its configuration.
- Supply the distinguished name of a base entry in the repository
in the Base entry for the default parent field. This entry determines
the default location in the repository where entities of this type are placed
on write operations by user and group management.
- Supply the relative distinguished name (RDN) properties for the
specified entity type in the Relative Distinguished Name properties field.
Possible values are cn for Group, uid or cn for
PersonAccount, and o, ou, dc, and cn for
OrgContainer. Delimit multiple properties for the OrgContainer entity with
a semicolon (;). The following list outlines known requirements and limitations
that apply to specific Lightweight Directory Access Protocol (LDAP) servers:
- Using Microsoft Active Directory as the LDAP server
-
- Unless you modify the LDAP schema to use uid, specify cn in
the Relative Distinguished Name (RDN) properties field for the PersonAccount
entity type.
- Secure Sockets Layer communications must be enabled to create users with
passwords. To select the Require SSL communications option, see the
topic Configuring Lightweight Directory Access Protocol in a federated repository
configuration.
- Typically the value of user is specified as the value in the
Object classes field for the PersonAccount entity type and the value of group is
specified as the value in the Object classes field for the Group entity type.
- Using a Lotus Domino Enterprise Server as the LDAP server
-
- Typically, the value of cn is specified in the Relative Distinguished
Name (RDN) properties field for the PersonAccount entity type. The value of uid is
also acceptable.
- Typically, both inetOrgPerson and dominoPerson are used
as values in the Object classes field for the PersonAccount entity type.
- Using Sun ONE Directory Server as the LDAP server
-
- Typically, groupOfUniqueNames is specified as the value in the
Object classes field for the Group entity type.
- Click OK.
Results
After completing these steps, your federated repository configuration,
which uses supported entity types, is configured.
What to do next
- After configuring the federated repositories, click Security > Secure
administration, applications, and infrastructure to return to the Secure
administration, applications, and infrastructure panel. Verify that Federated
repositories is identified in the Current realm definition field. If Federated
repositories is not identified, select Federated repositories from
the Available realm definitions field and click Set as current. To
verify the federated repositories configuration, click Apply on the
Secure administration, applications, and infrastructure panel. If Federated
repositories is not identified in the Current realm definition field, your
federated repositories configuration is not used by WebSphere Application
Server.
- If you are enabling security, complete the remaining steps as specified
in Enabling security for the realm. As the final step,
validate this setup by clicking Apply in the Secure administration,
applications, and infrastructure panel.
- Save, stop, and restart all the product servers (deployment managers,
nodes, and Application Servers) for changes in this panel to take effect.
If the server comes up without any problems, the setup is correct.
}
Supported entity types collection
Supported entity types settings
  Â