WebSphere Member Manager and People Finder


IBM WebSphere Member Manager is the component of WebSphere Application Server and WebSphere Portal that provides the common schema of attributes for people, groups, organizations, and organizational units used by the People Finder.

 

Prerequisites

To understand how WebSphere Member Manager works, you should have a thorough understanding of WebSphere Portal security and authentication concepts, including user registries and user repositories. For complete information about user registries and WebSphere Member Manager, refer to the following WebSphere Portal Information Center topics:

  • Securing your portal, Security concepts, User registries
  • Manage security, Member Manager, Member Manager configuration
  • Manage security, Member Manager, Mapping LDAP attributes

 

WebSphere Member Manager data types

You can select the display format of a People Finder field if the data type of the corresponding attribute in WebSphere Member Manager is string. Attributes with data type string can have one of the following display formats:

  • String (default)

    The People Finder fields appears as text.

  • Person link

    The People Finder field appears as a person name showing online presence and a person menu of actions.

  • E-mail address

    The People Finder field appears as a mailto: link that launches an e-mail message to the person.

  • Web page link

    The People Finder fields appears as a link to a Web page

People Finder fields that correspond to WebSphere Member Manager attributes that have data types other than string appear as fixed text. You cannot choose the display format for fields that correspond to attributes with the following data types:

  • Integer, Long, Double

    Display format is always Numeric.

    Examples:

    ibm-firstDayOfWeek

    ibm-firstWorkDayOfWeek

  • MemberIdentifier

    Display format is always Member Link.

    Examples:

    manager (Employee's manager. Used to build Organization View.)

    secretary (Name of the person's secretary or assistant)

    seeAlso (Person who can be contacted when this person is not available)

  • ByteArray

    Display format is always Image.

    Example: jpegPhoto (A jpeg format photograph)

    Timestamp

    Not supported: Attributes having data type timestamp cannot be used by the People Finder.

    Object

    Display format is always Object.

 

Special attribute ibm-personAwarenessIdentity

The attribute ibm-personAwarenessIdentity is included in the WebSphere Member Manager schema that is used by the portal. The value of this special attribute ensures that unique identities are used by Collaboration Center portlets other than the People Finder to open the Person Record and Organization View from people links in those portlets when the portlets use different directory services. Application developers can use the ibm-personAwarenessIdentity attribute to store distinguished names (dn) from external directories for the portlets they are developing. Using click-to-action methods and URL addressability, the portlets can make calls to the People Finder and request the People Finder actions Show Person Record and Show in Organization View.

For more information on portlet-to-portlet interaction, see People Finder interaction with other portlets.

ibm-awarenessPerson object class

The object identifier (OID) for the ibm-awarenessPerson object class is defined as follows:

( 
1.3.18.0.2.6.571 
NAME 'ibm-awarenessPerson' 
DESC 'Object class defining awareness identities for person entry' 
AUXILIARY 
SUP top 
MAY ibm-personAwarenessIdentity 
 )

ibm-personAwarenessIdentity attribute

The object identifier (OID) for the ibm-personAwarenessIdentity attribute is defined as follows:

( 
1.3.18.0.2.4.3057 
NAME 'ibm-personAwarenessIdentity' 
DESC 'This person's Distinguished Name used by the other directory services for People Awareness'
EQUALITY distinguishedNameMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
USAGE userApplications
 )

 

Resolving problems with multiple LDAP services

If your enterprise uses an LDAP directory for Lotus Web Conferencing (Sametime) and Lotus Team Workplaces (QuickPlace) that is different from the one used for the People Finder through the portal server's Member Manager configuration, a person's DistinguishedName (dn) may be different in the different directories. If this condition exists, people links that appear in the My Lotus Team Workplaces and Lotus Web Conferencing portlets will not open the Person Record and Organization View of the found person.

To solve this problem, you may use any of these three approaches:

  • If you use a different LDAP server for People Finder from the one you use for Web Conferencing (Sametime) and Team Workplaces (QuickPlace), you can use an identical schema in the different servers, and ensure that each person's DistinguishedName (dn) is the same in the two servers.
  • If use different LDAP servers with different schemas, then you may create alias mappings between your users in the People Finder LDAP server and the same users in the other LDAP server(s). Consult your LDAP documentation for information on creating alias mappings.
  • If you cannot or do not wish to create alias mappings, you may add the ibm-personAwarenessIdentity attribute to the users in your People Finder LDAP server to identify each user's identity in the other LDAP server.

 

Extending the LDAP schema used by People Finder and WebSphere Member Manager

The ibm-personAwarenessIdentity attribute places the value of a person's DistinguishedName (dn) as it appears in the LDAP directory used by Web Conferencing (Sametime) and Team Workplaces (QuickPlace) servers into the People Finder directory on the People Finder LDAP server. The ibm-personAwarenessIdentity attribute does not enable people awareness on names that appear in the People Finder portlet. It only makes it possible to open the Person Record or Organizational View of a person whose name appears in another portlet using a different LDAP server, such as the My Lotus Team Workplaces portlet.

To use the ibm-personAwarenessIdentity attribute to extend the schema of your People Finder LDAP server, follow these steps:

  1. Use your LDAP tools to extend the LDAP schema of your People Finder LDAP server with the new object class ibm-awarenessPerson and its attribute ibm-personAwarenessIdentity.
  2. Extend the object class you use for person entities (for example, inetOrgPerson, User, or whatever your People Finder LDAP server is using) with ibm-awarenessPerson as an AUX subclass.

    For example, to extend inetOrgPerson with this new object class, you use this rule:

    ditContentRules:
    ( 
    2.16.840.1.113730.3.2.2 
    NAME 'inetOrgPerson' 
    DESC 'Defines entries representing people in an organization's enterprise network.' 
    AUX ( ibm-awarenessPerson )
    )

    This will non-destructively add ibm-personAwarenessIdentity as an optional attribute for members of the inetOrgPerson object class.

  3. For each person entry in the other LDAP directory used by Web Conferencing (Sametime) and Team Workplaces (QuickPlace), populate the person's ibm-personAwarenessIdentity attribute with the person's DistinguishedName (dn).

    For example, if a person named John Doe exists in an IBM Directory Server directory with the DistinguishedName (dn) "uid=jdoe,ou=hq,o=mycompany", and this person also exists in the Domino Directory as "John Doe" with the DistinguishedName (dn) of "CN=John Doe,OU=Headquarters,O=MyCompany", then you need to add the attribute ibm-personAwarenessIdentity to John Doe's entry in the Directory Server directory with the value of his DistinguishedName (dn) as it appears in the Domino Directory.

  4. Map the ibm-personAwarenessIdentity attribute in the wmmLDAPServerAttributes.xml file on the portal server that hosts the People Finder portlet:
  5. You can locate the file in /qibm/userdata/webas5/base/<instance_name>/portalserver5/wmm/wmmLDAPServerAttributes.xml

    ...
     <attributeMap   
    wmmAttributeName="ibm-personAwarenessIdentity"   
    pluginAttributeName="ibm-personAwarenessIdentity"   
    applicableMemberTypes="Person"
    dataType="String" 
    valueLength="1024" 		
    multiValued="false" />

  6. Map this attribute in wmmAttributes.xml file:
  7. You can locate the file in /qibm/userdata/webas5/base/<instance_name>/portalserver5/shared/app/wmm/wmm.xml

    ...
    <attribute
    	 wmmAttributeName="ibm-personAwarenessIdentity" 
    	applicableMemberTypes="Person" 
    	dataType="String"
          valueLength="1024" 
    	multiValued="true"/>


 

See also