Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository
Configure supported entity types in a federated repository
Supported entity types...
Group Simple collection of entities that might not have any relational context. OrgContainer Organization, such as a company or an enterprise, a subsidiary, or an organizational unit, such as a division, a location, or a department. PersonAccount A human being. We cannot add or delete the supported entity types, because these types are predefined.
The Base entry for the default parent determines the repository location where entities of the specified type are placed on write operations by user and group management.
To manage users and groups, click...
Users and Groups | [Manage Users|Manage Groups]
To manage users and groups for a specific domain in a multiple security domain environment, click...
Security | Global security | Security Domains | domain_name | Security Attributes | User Realm | Customize for this domain | Federated repositories | domain_name | Save | User realm | [Manage Users|Manager Groups]
Links to manage users and groups for a specific domain are displayed only after you save the federated repositories configuration for the domain.
Restart the server or dmgr if the federated repository has changed before using the Manage Users option. Otherwise, user or group changes made to the repository could be lost after restart.
Procedure
- In the console, click...
Security | Global security | User account repository | Available realm definitions | Federated repositories | Configure
To configure for a specific domain in a multiple security domain environment, click...
Security domains | domain_name | Security Attributes | User Realm | Customize for this domain | Realm type | Federated repositories | Configure
- Click Supported entity types to view a list of predefined entity types.
- Click the name of a predefined entity type to change its configuration.
- Supply the distinguished name of a base entry in the repository in the Base entry for the default parent field. This entry determines the default location in the repository where entities of this type are placed on write operations by user and group management.
- Supply the relative distinguished name (RDN) properties for the specified entity type in the Relative Distinguished Name properties field.
Possible values are cn for Group, uid or cn for PersonAccount, and o, ou, dc, and cn for OrgContainer. Delimit multiple properties for the OrgContainer entity with a semicolon (;).
The following list outlines known requirements and limitations that apply to specific LDAP servers:
- Use Microsoft Active Directory as the LDAP server
Unless you modify the LDAP schema to use uid, specify cn in the RDN properties field for the PersonAccount entity type. SSL communications must be enabled to create users with passwords. Typically the value of user is specified as the value in the Object classes field for the PersonAccount entity type and the value of group is specified as the value in the Object classes field for the Group entity type.
- Use a Lotus Domino Enterprise Server as the LDAP server
Typically, the value of cn is specified in the RDN properties field for the PersonAccount entity type. The value of uid is also acceptable. Typically, both inetOrgPerson and dominoPerson are used as values in the Object classes field for the PersonAccount entity type.
- Use Sun ONE Directory Server as the LDAP server
Typically, groupOfUniqueNames is specified as the value in the Object classes field for the Group entity type.
- Click OK.
Results
After completing these steps, your federated repository, which uses supported entity types, is configured.
What to do next
- After configuring the federated repositories, click...
Security | Global security
...to return to the Global security panel.
Verify that Federated repositories is identified in the Current realm definition field. If Federated repositories is not identified, select Federated repositories from the Available realm definitions field and click Set as current.
To verify the federated repositories configuration, click Apply on the Global security panel. If Federated repositories is not identified in the Current realm definition field, your federated repositories configuration is not used by WAS.
- If you are enabling security, Enable security for the realm complete the remaining steps.
As the final step, validate this setup by clicking Apply on the Global security panel.
- Save, stop, and restart all the product servers (dmgrs, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.
Related
Supported entity types collection
Supported entity types settings