Map attributes on AIX in a clustered environment
Overview
Path...
- Install LDAP user registry
- Query defined attributes
- Map attributes to match configured LDAP servers.
For multiple LDAP servers, perform these steps for each LDAP server:
Map attributes on AIX in a clustered environment
- Edit...
WP_PROFILE/ConfigEngine/properties/wkplc.properties
.and set..
Repository Parameters Standalone standalone.ldap.id
standalone.ldap.host
standalone.ldap.port
standalone.ldap.sslEnabled
standalone.ldap.bindDN
standalone.ldap.bindPassword
standalone.ldap.baseDNFederated federated.ldap.id
federated.ldap.host
federated.ldap.port
federated.ldap.sslEnabled
federated.ldap.bindDN
federated.ldap.bindPassword
federated.ldap.baseDN
- Check that all defined attributes are available in the LDAP user registry:
Repository Task Standalone cd WP_PROFILE/ConfigEngine
./ConfigEngine.sh wp-validate-standalone-ldap-attribute-config -DWasPassword=fooFederated cd WP_PROFILE/ConfigEngine
./ConfigEngine.sh wp-validate-federated-ldap-attribute-config -DWasPassword=foo
- Review output for PersonAccount and Group entity type in...
WP_PROFILE/ConfigEngine/log/ConfigTrace.log
For attributes defined in WebSphere Portal but not in the LDAP server: Flag as unsupported attributes that you do not plan to use.
Map attributes you plan to use to attributes that exist in the LDAP, including...
- uid
- cn
- firstName
- sn
- preferredLanguage
- ibm-primaryEmail
For attributes flagged as required in the LDAP server but not in WebSphere Portal: Flag these attributes as required within portal.
For attributes that have a different data type in WebSphere Portal and in the LDAP server: The attributes might be ignoed by portal.
- Edit...
WP_PROFILE/ConfigEngine/properties/wkplc.properties
.and correct any issues found in the config trace file...
Repository Parameters Standalone standalone.ldap.id
standalone.ldap.attributes.nonSupported
standalone.ldap.attributes.nonSupported.delete
standalone.ldap.attributes.mapping.ldapName
standalone.ldap.attributes.mapping.portalName
standalone.ldap.attributes.mapping.entityTypesFor example, to...
- flag certificate and members as unsupported attributes
- map ibm-primaryEmail to mail and ibm-jobTitle to title
.set...
standalone.ldap.attributes.nonSupported=certificate, members
standalone.ldap.attributes.nonSupported.delete=
standalone.ldap.attributes.mapping.ldapName=mail, title
standalone.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle
standalone.ldap.attributes.mapping.entityTypes=PersonAccount, GroupFederated federated.ldap.attributes.nonSupported
federated.ldap.attributes.nonSupported.delete
federated.ldap.attributes.mapping.ldapName
federated.ldap.attributes.mapping.portalName
federated.ldap.attributes.mapping.entityTypesFor example, to...
- Flag certificate and members as unsupported attributes
- Map ibm-primaryEmail to mail
- Map ibm-jobTitle to title
.set...
federated.ldap.attributes.nonSupported=certificate, members
federated.ldap.attributes.nonSupported.delete=
federated.ldap.attributes.mapping.ldapName=mail, title
federated.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle
federated.ldap.attributes.mapping.entityTypes=PersonAccount, Group
- Save changes to wkplc.properties.
- Update the LDAP user registry configuration with the list of unsupported attributes...
Repository Task Standalone cd WP_PROFILE/ConfigEngine
./ConfigEngine.sh wp-update-standalone-ldap-attribute-config -DWasPassword=fooFederated cd WP_PROFILE/ConfigEngine
./ConfigEngine.sh wp-update-federated-ldap-attribute-config -DWasPassword=foo
- Stop and restart the appropriate servers to propagate the changes.
- To flag an attribute as either unsupported or required for the entire WebSphere Portal environment instead of just for the specified LDAP, edit wkplc.properties and set...
user.attributes.required
user.attributes.nonsupported.then run...
cd WP_PROFILE/ConfigEngine
./ConfigEngine.sh wp-update-attribute-config -DWasPassword=foo
- Stop and restart all necessary servers to propagate changes.
- For clusters, on the secondary node, run the task...
Parent
Adapt the attribute configuration
Previous
Add attributes on AIX in a clustered environment
Next topic
Remove attributes
Related tasks
Start and stop servers, dmgrs, and node agents
Enable LDAP security after cluster creation