Using Virtual Member Manager: Customizing the date format for LDAP adapters in WebSphere Application Server

This article explains how various date formats for LDAP adapters can be customized in the IBM® WebSphere® Application Server's Virtual Member Manager. If you want to use a date format that Virtual Member Manager does not support by default, you can now use that date format with the underlying LDAP instead. This article describes how this customization can be achieved in Virtual Member Manager.

Rohan Zunzarrao (rzunzarr@in.ibm.com ), Senior Developer, IBM

Rohan Zunzarrao works as a Senior Developer in IBM. He has been working on the Virtual Member Manager team for WebSphere Application Server for the last three years.



Ankit Jain (ankit_jain@in.ibm.com), Developer, IBM

Ankit Jain works as a Developer in IBM. He has been working on the Virtual Member Manager team for WebSphere Application Server for more than three years.



Chandrajit G. Joshi (chanjosh@in.ibm.com), Architect, IBM

Chandrajit G Joshi is a Master Investor and is working as an Architect on the Tivoli Director Server team. He is been with IBM from more than 5 years.



13 March 2013

Also available in Chinese

Introduction

The Virtual Member Manager is a component of IBM WebSphere Application Server that incorporates some of the existing capabilities in the WebSphere Application Server registry, the WebSphere Member Manager (from IBM WebSphere Portal), and a subset of the secure administration functions. The purpose of the Virtual Member Manager is to:

  • Provide a repository-independent programming interface.
  • Support various pluggable repositories.
  • Provide the ability for you to achieve a single view of your own multiple repositories in a federated model.

Virtual Member Manager also enables you to achieve a single view of your own customer registries. A typical organization provides numerous ways to interact with customers that can result in customer data being distributed among various repositories. To help you retain, improve, and increase relationships with your customers, the distributed data must be harnessed into a single customer view. Virtual Member Manager makes it much easier to use multiple repositories because this capability is achieved through configuration rather than development.

Virtual Member Manager provides the ability to map entries from multiple individual user repositories into a single virtual repository. The federated repository consists of a single named realm, which is a set of independent user repositories. Each repository can be an entire external repository or, in the case of LDAP, a subtree within that repository. One of the goals and benefits of Virtual Member Manager is to assist the realization of this single customer view. Virtual Member Manager offers applications the capability to share user profile definitions and consolidate the number of application specific user registries that a customer is required to manage.

Virtual Member Manager supports all LDAP V3 compliant repositories as its backend repository. Some LDAP V3 repositories are supported out of the box. These include:

  • IBM Tivoli® Directory Server
  • Active Directory
  • Sun™ One LDAP
  • Novell eDirectory

For these, special considerations have been taken in the Virtual Member Manager configuration to handle LDAP specific configurations. This means that when an out-of-the-box LDAP repository is configured as a back end repository, Virtual Member Manager knows which LDAP it is and hence assumes certain things that are specific to the LDAP repository in question. All other V3 compliant LDAP repositories can be configured as a custom LDAP repository.

See the WebSphere Application Server Information Center for documentation on the supported timestamp formats for different LDAP types.

Virtual Member Manager assumes a certain timestamp format based on the underlying LDAP repository type. This works well with the out-of-the-box LDAP repositories, where the timestamps supported by the LDAP repository are known. However, when a directory server is configured as a custom LDAP repository for which the supported timestamp is not known to Virtual Member Manager, a couple of fixed hardcoded formats are assumed. These are:

  • yyyyMMddHHmmss.SZ
  • yyyyMMddHHmmssZ

The selection of the format is made based on whether or not the timestamp value read from the repository contains a dot (“.”).

This above approach poses a problem because if the timestamp format supported by the custom LDAP repository is different from what is assumed, then while parsing the timestamp value read from the server, Virtual Member Manager throws an exception.


Custom property for configuring timestamp format

Virtual Member Manager enables you to configure custom properties for repositories that you have configured. The challenge discussed above is resolved with the addition of a custom property named ldapTimestampFormat in WebSphere Application Server V8.0.0.2 and later. The property can be used to configure the supported timestamp format for the underlying custom LDAP repository. You must add this predefined custom property to the custom LDAP adapter configuration to specify the timestamp using an existing CLI command. The value of the property should be set to the timestamp format supported by the LDAP repository.

The LDAP adapter reads the configured timestamp format, then uses it to parse the timestamp read from the repository and convert it into the one used to populate the return data object. This provides you with the flexibility to configure a timestamp format that is supported by the underlying custom LDAP repository.

Custom property behavior

If the configured timestamp format is a valid format, as supported by Java™, and is also supported by the underlying custom LDAP repository, then Virtual Member Manager uses the specified format to process the timestamp attribute and returns the timestamp value in the proper format.

If the configured string is not valid, as per Java specifications, a new exception indicating the cause of failure is thrown.

In cases where the configured timestamp format does not match with the format supported by LDAP repositories, an exception is thrown at run time when a user tries to get a timestamp value from the repository. If the property is not configured, Virtual Member Manager falls back to the earlier behavior, which is to assume a specific fixed format for all custom LDAP repositories.

Setting the custom property

To set the ldapTimestampFormat custom property for a custom LDAP repository, you must use an existing command, setIdMgrCustomProperty, and run it from the wsadmin command prompt. After setting the property, restart the server to put the property into effect.

Here is example syntax showing how you can set this property:

$AdminTask setIdMgrCustomProperty { -id <ldap repository id > -ldapTimestampFormat <valid timestamp format value> }

For example:

  • If you want to use a timestamp format like YYYYMMDDhhmmss.SSS, then the value you need to set for the custom property is:

    $AdminTask setIdMgrCustomProperty { -id Ldap1 -ldapTimestampFormat YYYYMMDDhhmmss.SSS }

    (Repository ID here is assumed to be Ldap1.)

  • If the timestamp format is YYYYMMDDhhmmss.SSSSSS, then the value that you need to set for the custom property is:

    $AdminTask setIdMgrCustomProperty { -id Ldap1 -ldapTimestampFormat YYYYMMDDhhmmss.SSSSSS }

To unset the property, run same CLI as above, except the value of the ldapTimestampFormat argument will be empty:

$AdminTask setIdMgrCustomProperty { -id Ldap1 -ldapTimestampFormat }

Remember to restart the server after making any of these changes.


Conclusion

With the help of a custom property, Virtual Member Manager provides the flexibility to customize the various date formats for a configured LDAP that is otherwise not supported by default.

Resources

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into WebSphere on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=WebSphere, Mobile development
ArticleID=861257
ArticleTitle=Using Virtual Member Manager: Customizing the date format for LDAP adapters in WebSphere Application Server
publish-date=03132013