Operating Systems: i5/OS
             Personalize the table of contents and search results

 

Configure supported entity types in a federated repository configuration

 

Follow this task to configure supported entity types for user and group management.

 

Overview

You must configure the supported entity types before you can manage this account with Users and Groups in the administrative console. The supported entity types are Group, OrgContainer, and PersonAccount. A Group entity represents a simple collection of entities that might not have any relational context. An OrgContainer entity represents an organization, such as a company or an enterprise, a subsidiary, or an organizational unit, such as a division, a location, or a department. A PersonAccount entity represents a human being. You cannot add or delete the supported entity types, because these types are predefined.The Base entry for the default parent determines the repository location where entities of the specified type are placed on write operations by user and group management.

Note: To manage users and groups, click Users and Groups in the console navigation tree. Click either Manage Users or Manage Groups.

 

Procedure

  1. In the administrative console, click Security > Secure administration, applications, and infrastructure.

  2. Under User account repository, select Federated repositories from the Available realm definitions field and click Configure.

  3. Click Supported entity types to view a list of predefined entity types.

  4. Click the name of a predefined entity type to change its configuration.

  5. Supply the distinguished name of a base entry in the repository in the Base entry for the default parent field. This entry determines the default location in the repository where entities of this type are placed on write operations by user and group management.

  6. Supply the relative distinguished name (RDN) properties for the specified entity type in the Relative Distinguished Name properties field. Possible values are cn for Group, uid or cn for PersonAccount, and o, ou, dc, and cn for OrgContainer. Delimit multiple properties for the OrgContainer entity with a semicolon (;). The following list outlines known requirements and limitations that apply to specific Lightweight Directory Access Protocol (LDAP) servers:

    Using Microsoft Active Directory as the LDAP server

    • Unless you modify the LDAP schema to use uid, specify cn in the Relative Distinguished Name (RDN) properties field for the PersonAccount entity type.

    • Secure Sockets Layer communications must be enabled to create users with passwords. To select the Require SSL communications option, see the topic Configuring Lightweight Directory Access Protocol in a federated repository configuration.

    • Typically the value of user is specified as the value in the Object classes field for the PersonAccount entity type and the value of group is specified as the value in the Object classes field for the Group entity type.

    Using a Lotus Domino Enterprise Server as the LDAP server

    • Typically, the value of cn is specified in the Relative Distinguished Name (RDN) properties field for the PersonAccount entity type. The value of uid is also acceptable.

    • Typically, both inetOrgPerson and dominoPerson are used as values in the Object classes field for the PersonAccount entity type.

    Using Sun ONE Directory Server as the LDAP server

    • Typically, groupOfUniqueNames is specified as the value in the Object classes field for the Group entity type.

  7. Click OK.

 

Results

After completing these steps, your federated repository configuration, which uses supported entity types, is configured.

 

What to do next

  1. After configuring the federated repositories, click Security > Secure administration, applications, and infrastructure to return to the Secure administration, applications, and infrastructure panel. Verify that Federated repositories is identified in the Current realm definition field. If Federated repositories is not identified, select Federated repositories from the Available realm definitions field and click Set as current. To verify the federated repositories configuration, click Apply on the Secure administration, applications, and infrastructure panel. If Federated repositories is not identified in the Current realm definition field, your federated repositories configuration is not used by WebSphere Application Server.

  2. If you are enabling security, complete the remaining steps as specified in Enabling security for the realm. As the final step, validate this setup by clicking Apply in the Secure administration, applications, and infrastructure panel.

  3. Save, stop, and restart all the product servers (deployment managers, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.




}
Supported entity types collection

Supported entity types settings


  Â