Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository
Configure a property extension repository in a federated repository configuration
Overview
A property extension repository stores attributes that cannot be stored in an LDAP server.
For example, For security and business reasons, you might want to prohibit write operations, yet applications calling the LDAP might need to store additional properties. The property extension repository database provides a propertylevel join configuration.
For example, a company that uses...
- LDAP directory for internal employees
- Database for external customers and business partners
...might not allow write access to its LDAP and its database. The company can use the property extension repository in a federated repository to store additional properties for the people in those repositories, excluding the user ID. The federated repository transparently joins the properties of the person that is retrieved from either the LDAP or the customer's database with the properties of the person that is retrieved from the property extension repository into a single logical person entry.
To configure a property extension repository, supply...
- A valid data source
- A direct connection configuration
- Both
The system first tries to connect by way of the data source. If the data source is not available, then the system uses the direct access configuration.
You cannot configure a property extension repository in a mixed version dmgr cell.
Configure property extension repository
- Configure the WAS data source.
- If you are adding new properties (including properties that are stored in the property extension repository) to the schema, do the following before you create the property extension repository.
- On the dmgr host, edit...
$PROFILE_ROOT/config/cells/cell_name/wim/model/wimxmlextension.xml
- Add the schema definition of the new property.
The following adds a new property called ibm-otherEmail to both the Person and PersonAccount entity types. This new property type is "String" and it is multiplevalued.
<sdo:datagraph xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim"> <wim:schema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-otherEmail"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-personalTitle"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-middleName"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-generationQualifier"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount </wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-regionalLocale"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-timeZone"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-preferredCalendar"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-alternativeCalendar"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-firstDayOfWeek"> <wim:applicableEntityTypeNames>Person </wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-firstWorkDayOfWeek"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="false" propertyName="ibm-gender"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> <wim:propertySchema nsURI="http://www.ibm.com/websphere/wim" dataType="String" multiValued="true" propertyName="ibm-hobby"> <wim:applicableEntityTypeNames>Person</wim:applicableEntityTypeNames> <wim:applicableEntityTypeNames>PersonAccount</wim:applicableEntityTypeNames> </wim:propertySchema> </wim:schema> </sdo:datagraph>Available data types are defined in com.ibm.websphere.wim.SchemaConstants. For example:
/** Instance Class: java.lang.String */ String DATA_TYPE_STRING = "String"; /** Instance Class: int */ String DATA_TYPE_INT = "Int"; /** Instance Class: java.lang.Object */ String DATA_TYPE_DATE = "Date"; /** Instance Class: dobjava.lang.Object */ String DATA_TYPE_ANY_SIMPLE_TYPE = "AnySimpleType"; /** Instance Class: java.lang.String */ String DATA_TYPE_ANY_URI = "AnyURI"; /** Instance Class: java.lang.boolean */ String DATA_TYPE_BOOLEAN = "Boolean"; /** Instance Class: long */ String DATA_TYPE_LONG = "Long"; /** Instance Class: double */ String DATA_TYPE_DOUBLE = "Double"; /** Instance Class: short */ String DATA_TYPE_SHORT = "Short";
- The schema file for wimlaproperties.xml is wimdbproperty.xsd.
- Run setupIdMgrPropertyExtensionRepositoryTables.sh to create the property extension repository and to add the new properties.
- Set up the property extension repository using wsadmin
Ignore the "Before you begin" options.
- Configure the property extension repository...
- In the console, click...
Security | Global security | User account repository | Federated repositories | Configure
To configure for a specific domain in a multiple security domain environment, click...
Security domains | domain_name | Security Attributes | User Realm | Customize for this domain | Realm type | Federated repositories | Configure | Property extension repository
- Supply the name of the data source in the Data source name field.
- Select the type of database used for the property extension repository.
- Supply the name of the Java database connectivity (JDBC) driver in the JDBC driver field.
DB2 com.ibm.db2.jcc.DB2Driver Oracle oracle.jdbc.driver.OracleDriver Informix com.informix.jdbc.IfxDriver Microsoft SQL Server com.microsoft.jdbc.sqlserver.SQLServerDriver Derby org.apache.derby.jdbc.EmbeddedDriver
- Supply the database URL used to access the property extension repository with JDBC in the Database URL field. Use an alphanumeric text string that conforms to the standard JDBC URL syntax.
DB2 jdbc:db2://<hostname>:<port>/<DB2location> Oracle jdbc:oracle:thin:@ <hostname>:<port>:<dbname> Derby jdbc:derby:c:\derby\wim Microsoft SQL Server jdbc:microsoft:sqlserver://<hostname>:1433;databaseName=wim;selectmethod=cursor; Informix jdbc:informixsqli://<hostname>:1526/wim:INFORMIXSERVER=<IFXServerName>;
- Supply the user name of the database administrator in the Database administrator user name field.
- Supply the password of the database administrator in the Password field.
- Specify the entity retrieval limit in the Entity retrieval limit field. The entity retrieval limit is the maximum number of entities that the system can retrieve from the property extension repository with a single database query. The default value is 200.
- Click OK.
Results
After completing these steps, your federated repository, which includes a property extension repository, is configured.
What to do next
- If you are enabling security, complete the remaining steps as specified in Enable security for the realm. As the final step, validate this setup by clicking Apply on the Global security panel.
- Save, stop, and restart all the product servers (dmgrs, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.
Related
Property extension repository settings
Set up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin
Configure the WAS data source