Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository


Manually configure an LDAP repository in a federated repository


  1. Gather prerequisite LDAP repository information...

  2. Map federated repository entity types to LDAP object classes.

    1. Configure the LDAP repository to match the current in-place LDAP object class for users.

      1. In the console, click...

          Security | Global security | User account repository | Federated repositories | Available realm definitions | Configure

        To configure for a specific domain in a multiple security domain environment, click...

      2. Insert the objectclass name used in our LDAP server, for example...

          inetOrgPerson

      3. Click: Apply | Save

    2. Configure the LDAP repository to match the current in-place LDAP objectclass for groups

      1. In the console, click...

          Security | Global security | User account repository | Available realm definitions | Federated repositories | Configure

        To configure for a specific domain in a multiple security domain environment, click...

      2. Insert the objectclass name used for the LDAP server, for example...

          groupOfUniqueNames

      3. Click: Apply | Save

  3. Map the federated repository property names to the LDAP attribute names.

    1. Configure the supported LDAP repository attributes.

      1. In the console, click...

          Security | Global security | User account repository | Available realm definitions | Federated repositories | Configure

        To configure for a specific domain in a multiple security domain environment, click...

          Security domains | domain_name | Security Attributes | User Realm | Customize for this domain | Realm type | Federated repositories | Configure | Related items | Manage repositories | repository_ID | Additional properties | LDAP attributes

      2. If the attribute mapping exists, first delete the existing mapping for the LDAP attribute, and then add a new mapping for the attribute. Select the checkbox next to the LDAP attribute name and click Delete

      3. To add an attribute mapping, click Add, and select Supported

      4. Enter the LDAP attribute name in the Name field, the federated repositories property name in the Property name field, and the entity type which applies the attribute mapping in the Entity types field.

      For all given federated repository properties, a one-to-one mapping is assumed. If no explicit mapping of the above type is defined, for example the federated repository property departmentNumber, the underlying LDAP attribute name, departmentNumber is assumed.

    2. Configure the unsupported properties of the federated repository.

      To indicate that a given federated repository property, such as departmentNumber is not supported by any LDAP attributes, you need to define an unsupported property.

      1. On the LDAP attributes panel, click Add, and select Unsupported from the drop-down menu.

      2. Enter the federated repositories property name in the Property name field, and the entity type in the Entity types field.

      3. Click: Apply | Savep>

      4. Configure the LDAP repository to match the current in-place LDAP attributes for a user.

        1. Edit WAS_HOME\profiles\{profileName}\config\cells\{cellName}\wim\config\wimconfig.xml

        2. Look for the section in this file containing the LDAP repository configuration, For example,

          <config:repositories xsi:type="config:LdapRepositoryType"
                               adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter"
                               id="repository01"
                               ...>
          
              <config:attributeConfiguration>
                 ...
          
          
                 <config:attributes name="anLDAPattribute"
                                    propertyName="aVMMattribute"/>
          
              <config:attributeConfiguration>
          

        3. Add an element of type config:attributes to define the mapping between a given federated depository property name, such as departmentNumber, to a desired LDAP attribute name, such as warehouseSection.

          For all given federated depository properties, a one-to-one mapping is assumed. If no explicit mapping of the above type is defined, for example the federated repository property departmentNumber, the underlying LDAP attribute name, departmentNumber is assumed.

      5. Configure the unsupported properties of the federated repository.

        To indicate that a given federated repository property, such as departmentNumber is not supported by any LDAP attributes, define the following type of element:

        <config:repositories xsi:type="config:LdapRepositoryType"
                             adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter"
                             id="repository01" ...>
        
            <config:attributeConfiguration>
                ...
                <config:propertiesNotSupported name=" departmentNumber"/>
                ...
            <config:attributeConfiguration>
        

      6. Configure the LDAP repository to match the current in-place LDAP user membership attribute in the groups.

        1. In the console, click...

            Security | Global security | User account repository | Available realm definitions | Federated repositories | Configure

          To configure for a specific domain in a multiple security domain environment, click...

        2. Check if the LDAP attributes (for example, uniqueMember) is specified forthe LDAP objectclass (for example, groupOfUniqueNames).

          • If not specified, click New and add the pair (objectclass / member attribute name) that applies tothe LDAP schema (for example, uniqueMember / groupOfUniqueNames

          • If specified, proceed.

        3. Click: Apply | Save

    3. Map other LDAP settings by configuring a new base entry for the new LDAP repository. In the console, click...

        Security | Global security | User account repository | Available realm definitions | Federated repositories | Configure

      To configure for a specific domain in a multiple security domain environment, click...

    4. Click Add Base Entry to Realm

    5. Select repository01

    6. Specifiy:

        Base entry Example
        base entry within the federated repository realm o=Default Organization
        base entry within the LDAP repository o=Default Organization

    7. Click: Apply | Save

After completing these steps, your federated repository matches the LDAP server settings.


Related

Manage realms in a federated repository
LDAP repository configuration settings
Infocenter - LDAP

+

Search Tips   |   Advanced Search