Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Component overview > Multiple repository support
Supported aggregation configurations
Virtual member manager supports entry level join and property level join configurations that can be enabled and disabled independently.
An entry level join means that virtual member manager can use multiple repositories simultaneously and recognizes the entries in the different repositories as entries representing distinct entities. For example, a company might have an LDAP directory containing entries for its employees and a database containing entries for business partners and customers. Virtual member manager can be configured to use both the LDAP and the database at the same time. Virtual member manager hierarchy and constraints for virtual member manager identifiers provide the aggregated namespace for both of those repositories and prevent identifiers from colliding.
For security and business reasons customers might not want to not allow virtual member manager to write to their repositories. However, applications calling virtual member manager might have a need to store additional properties for the entities. Virtual member manager provides a property-extension repository, which is a database regardless of the type of main profile repositories, for a property level join configuration. For example, a company that uses an LDAP directory for its internal employees and a database for external customers and business partners might not allow virtual member manager to write to its LDAP and its database. The company can use virtual member manager to store additional properties for the people in those repositories. Virtual member manager can store the additional properties into the property-extension repository. When an application asks virtual member manager to retrieve an entry for a person, virtual member manager transparently joins the properties of the person retrieved from either the LDAP or the customer database with the properties of the person retrieved from the property-extension repository into a single logical person entry.
The entry level join and property level join features can be enabled and disabled independently resulting in four different combinations:
Combination for entry level join and property level join
Entry level join enabled Entry level join disabled Property level join enabled
- Multiple main repositories, each storing some of the entries.
- Property-extension repository (a database) stores properties that cannot be stored in main profile repositories.
There is only one property-extension repository, therefore it is shared by the various main profile repositories.
- One main repository
- Property-extension repository (a database) stores properties not in the main repository.
Property level join disabled Multiple main repositories, each storing some of the entries. One main repository. No database is needed by virtual member manager. After the initial configuration, switching from enabled to disabled, whether for entry level join or for property level join, requires careful consideration because virtual member manager does not support automatic cleanup of data. This consideration also applies if a repository is removed when entry level join is enabled. Applications that are dependent on the data in the repositories that have been removed might not function correctly.
Parent topic: Multiple repository support
Configure a property extension repository adapter