Map attributes on AIX in a clustered environment


Overview

Path...

  1. Install LDAP user registry
  2. Query defined attributes
  3. Map attributes to match configured LDAP servers.

For multiple LDAP servers, perform these steps for each LDAP server:


Map attributes on AIX in a clustered environment

  1. Edit...

      WP_PROFILE/ConfigEngine/properties/wkplc.properties

    .and set..

    Repository Parameters
    Standalone standalone.ldap.id
    standalone.ldap.host
    standalone.ldap.port
    standalone.ldap.sslEnabled
    standalone.ldap.bindDN
    standalone.ldap.bindPassword
    standalone.ldap.baseDN
    Federated federated.ldap.id
    federated.ldap.host
    federated.ldap.port
    federated.ldap.sslEnabled
    federated.ldap.bindDN
    federated.ldap.bindPassword
    federated.ldap.baseDN

  2. Check that all defined attributes are available in the LDAP user registry:

    Repository Task
    Standalone cd WP_PROFILE/ConfigEngine
    ./ConfigEngine.sh wp-validate-standalone-ldap-attribute-config -DWasPassword=foo
    Federated

      cd WP_PROFILE/ConfigEngine


    ./ConfigEngine.sh wp-validate-federated-ldap-attribute-config -DWasPassword=foo

  3. Review output for PersonAccount and Group entity type in...

        WP_PROFILE/ConfigEngine/log/ConfigTrace.log

    For attributes defined in WebSphere Portal but not in the LDAP server: Flag as unsupported attributes that you do not plan to use.

    Map attributes you plan to use to attributes that exist in the LDAP, including...

    • uid
    • cn
    • firstName
    • sn
    • preferredLanguage
    • ibm-primaryEmail

    For attributes flagged as required in the LDAP server but not in WebSphere Portal: Flag these attributes as required within portal.

    For attributes that have a different data type in WebSphere Portal and in the LDAP server: The attributes might be ignoed by portal.

  4. Edit...

      WP_PROFILE/ConfigEngine/properties/wkplc.properties

    .and correct any issues found in the config trace file...

    Repository Parameters
    Standalone

      standalone.ldap.id
      standalone.ldap.attributes.nonSupported
      standalone.ldap.attributes.nonSupported.delete
      standalone.ldap.attributes.mapping.ldapName
      standalone.ldap.attributes.mapping.portalName
      standalone.ldap.attributes.mapping.entityTypes

    For example, to...

    • flag certificate and members as unsupported attributes
    • map ibm-primaryEmail to mail and ibm-jobTitle to title

    .set...

      standalone.ldap.attributes.nonSupported=certificate, members
      standalone.ldap.attributes.nonSupported.delete=
      standalone.ldap.attributes.mapping.ldapName=mail, title
      standalone.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle
      standalone.ldap.attributes.mapping.entityTypes=PersonAccount, Group
    Federated federated.ldap.attributes.nonSupported
    federated.ldap.attributes.nonSupported.delete
    federated.ldap.attributes.mapping.ldapName
    federated.ldap.attributes.mapping.portalName
    federated.ldap.attributes.mapping.entityTypes

    For example, to...

    • Flag certificate and members as unsupported attributes
    • Map ibm-primaryEmail to mail
    • Map ibm-jobTitle to title

    .set...

      federated.ldap.attributes.nonSupported=certificate, members
      federated.ldap.attributes.nonSupported.delete=
      federated.ldap.attributes.mapping.ldapName=mail, title
      federated.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle
      federated.ldap.attributes.mapping.entityTypes=PersonAccount, Group

  5. Save changes to wkplc.properties.

  6. Update the LDAP user registry configuration with the list of unsupported attributes...

      Repository Task
      Standalone

        cd WP_PROFILE/ConfigEngine


      ./ConfigEngine.sh wp-update-standalone-ldap-attribute-config -DWasPassword=foo

      Federated

        cd WP_PROFILE/ConfigEngine


      ./ConfigEngine.sh wp-update-federated-ldap-attribute-config -DWasPassword=foo

  7. Stop and restart the appropriate servers to propagate the changes.

  8. To flag an attribute as either unsupported or required for the entire WebSphere Portal environment instead of just for the specified LDAP, edit wkplc.properties and set...

      user.attributes.required
      user.attributes.nonsupported

    .then run...

        cd WP_PROFILE/ConfigEngine


      ./ConfigEngine.sh wp-update-attribute-config -DWasPassword=foo

  9. Stop and restart all necessary servers to propagate changes.

  10. For clusters, on the secondary node, run the task...


Parent

Adapt the attribute configuration


Previous

Add attributes on AIX in a clustered environment


Next topic

Remove attributes


Related tasks


Start and stop servers, dmgrs, and node agents
Enable LDAP security after cluster creation

 


+

Search Tips   |   Advanced Search