Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Reference > Program model > Entity DataObject
LoginAccount and PersonAccount DataObjects
Virtual member manager supports a LoginAccount entity type and a PersonAccount entity type that allow a person to have multiple login accounts and allow the schema of a person and his login accounts to be independent of each other.
A login account can have multiple principal names and passwords. Every principal name can have its own password. Multiple principal names can share the same password, and in some rare cases, a principal name or a password might have multiple values.
Virtual member manager supports Person and non-person (such as applications or programs) entities as principals. A principal is an entity that is expected to use a login account, for example, a person. However, programs, applications, and services can also be principals. Virtual member manager has partial support for non-person principals in that these principals can log in using virtual member manager using a principal name and a password. If these non-person principals have been authenticated using a certificate and a browser, the virtual member manager LDAP adapter can map the certificate to an entry in the LDAP directory. If the creation of a LoginAccount is needed for non-person principals, PersonAccount is the only kind of object that can be created.
The data graph structure of a LoginAccount data object consists of:
certificate
An X.509 certificate that can be use to authentication the owner of the PersonAccount.
identifier
is the virtual member manager uniqueName or uniqueId.
password
is the string used to authenticate the user.
principalName
is the string the user enters to logs in.
realm
is the realm that the LoginAccount is associated with.
changeType
is an optional property that is set only in response to a search for changed entities. It describes the type of change that occurred, which could be adding a new entity, modifying an existing entity, deleting an entity, or renaming an entity. The valid values and string constants of the changeType property are add (for CHANGETYPE_ADD), delete (for CHANGETYPE_DELETE), modify (for CHANGETYPE_MODIFY), and rename (for CHANGETYPE_RENAME).
PersonAccount
PersonAccount extends from LoginAccount. The PersonAccount represents an account with person properties. It is equivalent to a user concept, when the entity who uses the account is a person (as opposed to an application). PersonAccount in virtual member manager is designed to specifically support user entries in repositories that combine person and account information. Examples of such user entries are inetOrgPerson and User entries from the IBM Tivoli Directory Server and Active Directory respectively.
A person account supports multiple principal names and the various principal names share the same password. The principal names come from different properties on the PersonAccount object. The principalName property can be mapped to a list of one or more other properties. If mapping is not configured, the default repository adapters for virtual member manager provide a default mapping from principalName to the RDN property of PersonAccount.
XML schema definition
Following are the XML schema definitions for LoginAccount and its sub-types, including some of their properties:
<xsd:element name="principalName" type="xsd:string"/> <xsd:element name="realm" type="xsd:string"/> <xsd:element name="password" type="xsd:string"/> <xsd:element name="certificate" type="xsd:base64Binary"/> <xsd:complexType name="LoginAccount"> <xsd:complexContent> <xsd:extension base="Party"> <xsd:sequence> <xsd:element maxOccurs="1" minOccurs="0" ref="principalName" /> <xsd:element maxOccurs="1" minOccurs="0" ref="password" /> <xsd:element maxOccurs="1" minOccurs="0" ref="realm" /> <xsd:element maxOccurs="unbounded" minOccurs="0" ref="certificate" /> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> <xsd:complexType name="PersonAccount"> <xsd:complexContent> <xsd:extension base="LoginAccount"> <xsd:group ref="PersonPropertyGroup"/> </xsd:extension> </xsd:complexContent> </xsd:complexType>
Sample data object
Following is a sample PersonAccount data object
With real uniqueName:
<wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:groups> <wim:identifier uniqueName="cn=Managers,cn=groups,dc=yourco,dc=com"/> </wim:groups> <wim:password>KioqKg== </wim:password> <wim:uid>SalesMgr </wim:uid> <wim:cn>Sales Mgr </wim:cn> <wim:sn>SalesMgrSn </wim:sn> </wim:entities> </wim:Root>
Parent topic: Entity DataObject