Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Configure virtual member manager > Adapters > Database adapter


Configure the database adapter

The database adapter is configured using the wsadmin commands.


About this task

If the repositoriesForGroups parameter is not specified, the groups in the repository only accept members from this same repository. The groups in a repository always support members from that same repository. The repositoriesForGroups parameter does not need to be set for ID of the repository.

If the repository supports members from other repositories, specify the repositoriesForGroups parameter to add the unique repository IDs of those repositories to the repository. The groups in the same repository are ignored when you specify the repositoriesForGroups parameter.

Out-of-the-box, only groups in database repositories support the members from other repositories. File repositories and LDAP repositories, including Microsoft Active Directory with multiple domains, do not support members from other repositories.

For example, if you want the groups in the database repository to accept the members from an LDAP repository, you need to set the configuration parameter repositoriesForGroups of the LDAP repository to the repository ID of the database repository.

The following code sample is an example of a basic wimconfig.xml file that has been configured to use the database repository (DB1) and an LDAP repository (LDAP1). We can modify the appropriate values that are shown in italic.

<config:repositories xsi:type="config:DatabaseRepositoryType"
                    adapterClassName="com.ibm.ws.wim.adapter.db.DBAdapter"
                    id="DB1"
                    supportPaging="false"
                    databaseType="db2"
                    dataSourceName="jdbc/wimDS"
                    dbURL="jdbc:db2:wim"
                    dbAdminId="DB_ADMIN_ID"
                    dbAdminPassword="DB_PASSWORD"
                    encryptionKey="rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s"
                    entityRetrievalLimit="200"
                    saltLength="12">
<config:baseEntries name="o=default organization"/>
<config:loginProperties>uid
</config:loginProperties>
</config:repositories>

<config:repositories xsi:type="config:LdapRepositoryType" id="LDAP1" supportPaging="true"
        supportSorting="true" ldapServerType="IDS">
<config:baseEntries name="cn=users,dc=yourco,dc=com"/>
<config:baseEntries name="cn=groups,dc=yourco,dc=com"/>
<config:repositoriesForGroups>DB1
</config:repositoriesForGroups>
<config:ldapServerConfiguration>  
<config:ldapServers bindDN="cn=root" bindPassword="{xor}Nj0y" sslEnabled="false">    
<config:connections host="localhost" port="389"/>  
</config:ldapServers>
</config:ldapServerConfiguration>
<config:ldapEntityTypes name="PersonAccount">  
<config:objectClasses>inetOrgPerson
</config:objectClasses>  
<config:searchBases>cn=users,dc=yourco,dc=com
</config:searchBases>
</config:ldapEntityTypes>
<config:ldapEntityTypes name="Group">  
<config:objectClasses>groupOfNames
</config:objectClasses>  
<config:searchBases>cn=groups,dc=yourco,dc=com
</config:searchBases>
</config:ldapEntityTypes>
<config:ldapEntityTypes name="OrgContainer">  
<config:rdnAttributes name="o" objectClass="organization"/>  
<config:rdnAttributes name="ou" objectClass="organizationalunit"/>  
<config:objectClasses>organization
</config:objectClasses>  
<config:objectClasses>organizationalUnit
</config:objectClasses>
</config:ldapEntityTypes>
<config:groupConfiguration>  
<config:memberAttributes dummyMember="uid=dummy" name="member" objectClass="groupOfNames"/>  
<config:membershipAttribute name=""/>
</config:groupConfiguration>
<config:attributeConfiguration>  
<config:attributes name="userPassword" propertyName="password"/>  
<config:attributes name="cn" propertyName="displayName">    
<config:entityTypes>Group
</config:entityTypes>  
</config:attributes>  
<config:attributes name="cn" propertyName="cn">    
<config:entityTypes>Group
</config:entityTypes>  
</config:attributes>  
<config:propertiesNotSupported name="homeAddress"/>  
<config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration>
<config:contextPool enabled="true" initPoolSize="1" maxPoolSize="10"
                                  poolTimeOut="0" prefPoolSize="5"/>
<config:cacheConfiguration>  
<config:attributesCache cacheSize="4000" cacheTimeOut="1200"
            enabled="true" cacheDistPolicy="none"/>  
<config:searchResultsCache cacheSize="2000" cacheTimeOut="600"
            enabled="true" searchResultSizeLimit="1000" cacheDistPolicy="none"/>
</config:cacheConfiguration>
</config:repositories> 

Tip: We can specify a user-defined database schema where to create the federated repository tables. Use the dbSchema parameter and the tablespacePrefix parameter (tablespacePrefix is for DB2 for z/OS only) with the setupIdMgrDBTables, deleteIdMgrDBTables, createIdMgrDBRepository, and updateIdMgrDBRepository wsadmin commands.

You can also specify user-defined bufferpools when creating the federated repository tables on DB2 for z/OS. Use the tablesBufferPool, LOBtablesBufferPool, and indextablesBufferPool parameters with the setupIdMgrDBTables wsadmin command.

For more information about these commands, see the topics, IdMgrRepositoryConfig command group for the AdminTask object and Set up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands in the WAS information center.

Parent topic: Database adapter



+

Search Tips   |   Advanced Search