Content Platform Engine, Version 5.2

Configure Content Platform Engine to use email or UPN for login

Use this procedure to assign the directory server's email attribute or, for Active Directory, the userPrincipalName (UPN) to be the user short name used for login.

About this task

Restriction: This topic applies only to new installations of Content Platform Engine. Do not perform this procedure on existing production installations, because of problems that might arise when changing from one short name attribute to another. For example, this procedure does not change the values of short names that are already persisted in Content Platform Engine or other applications, including workflows.

Important: Do not assign email as the short name for groups. The best practice for group short name is to use sAMAccountName.

Attention: Do not restart the application server until the following procedure tells you to.

The following steps are not a complete list of things to do to configure Content Platform Engine using Configuration Manager. For the complete procedure, refer to Installing or upgrading FileNet P8 > Installing a distributed FileNet P8 system > Installing and configuring Content Platform Engine.

Procedure

To configure Content Platform Engine to use email or UPN for login:

Open Configuration Manager's Configure LDAP task.

To use email for the short name:

Depending on your application server type, set the following properties to configure the short name for email:

Table of attributes and values to configure for email for the listed application server types.

Application Server type	Configuration Manager attributes and values to set for email (all directory server types)
WebSphere Stand-alone LDAP registry	Active Directory User Filter: `(&(mail=%v)(objectClass=user))` User ID map: `user:mail` All other directory servers User Filter: `(&(mail=%v)(objectClass=person))` User ID map: `person:mail`
WebSphere Federated Repositories	Login Properties: `uid`
WebLogic	Active Directory User from name filter: `(&(mail=%u)(objectclass=user))` User name attribute: `mail` All other directory servers User from name filter: `(&(mail=%u)(objectclass=person))` User name attribute: `mail`
JBoss To configure multiple JBoss Authentication Providers, refer to Configure multiple realms to modify each Authentication Provider entry.	All directory servers Base Filter: `(mail={0})`

Use Configuration Manager to Save and Run the Configure LDAP task.
(Websphere Federated Repositories only) Search the WebSphere application server profile for wimconfig.xml. Edit wimconfig.xml in the following way:
1. Search for the propertyName="uid" entry (samAccountName in the example is for Active Directory; other directory servers have values such as cn or uid). (If the search does not find this entry, you might have to create the following):
```
<config:attributes name="samAccountName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
```
2. Modify the propertyName="uid" entry for mail attribute:
```
<config:attributes name="mail" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
```
3. Save wimconfig.xml.

(Active Directory only) To use UPN for the short name:

Depending on your application server type, set the following properties to configure the short name for UPN:

Table of attributes and values to set for UPN for the listed Application Server types.

Application Server type	Configuration Manager attributes and values to set for UPN (Active Directory only)
WebSphere Stand-alone LDAP registry	User Filter: `(&(userPrincipalName=%v)(objectClass=user))` User ID map: `user:userPrincipalName`
WebSphere Federated Repositories	Login Properties: `uid`
WebLogic	User from name filter: `(&(userPrincipalName=%u)(objectClass=user))` User name attribute: `userPrincipalName`
JBoss To configure multiple JBoss Authentication Providers, refer to Configure multiple realms to modify each Authentication Provider entry.	Base Filter: `(userPrincipalName={0})`

Use Configuration Manager to Save and Run the Configure LDAP task.
(Websphere Federated Repositories only) Search the WebSphere application server profile for wimconfig.xml. Edit wimconfig.xml in the following way:
1. Search for the propertyName="uid" entry (If the search does not find this entry, you might have to create the following):
```
<config:attributes name="samAccountName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
```
2. Modify the propertyName="uid" entry for userPrincipalName attribute:
```
<config:attributes name="userPrincipalName" propertyName="uid"> 
   <config:entityTypes>PersonAccount </config:entityTypes>
</config:attributes>
```
3. Save wimconfig.xml.

Open Configuration Manager's Configure Bootstrap Properties task. Set Bootstrap Operation to Configure New.
Confirm that the Bootstrapped EAR file property contains the path to the bootstrap file you need to edit.
Set the Bootstrap user name. The user name should be in this form: name@domain.com.
Use Configuration Manager to Save the task.
Run Configuration Manager's Deploy Application task.
Manually restart the application server.
Log in to Administration Console for Content Platform Engine using the Bootstrap user name and password. Administration Console for Content Platform Engine prompts for a P8 domain name and then starts the Directory Configuration Wizard. If the P8 domain has already been created and the Directory Configuration Wizard does not start automatically, click the domain root node and select the Directory Configuration tab. Then click Add to add a new configuration or select an existing entry to edit an existing configuration.

Depending on which attribute you want to set and your application server type, set the properties described in the following table.

Table of properties to set when running the Directory Configuration wizard for either email or UPN.

If running the Directory Configuration wizard for this attribute ... ... set these properties for the short name

If running the Directory Configuration wizard for this attribute ...	... set these properties for the short name
email	Active Directory User Short Name Attribute: `mail` User Search Filter: `(&(mail={0})(objectClass=user))` All other directory servers User Short Name Attribute: `mail` User Search Filter: `(&(mail={0})(objectClass=person))`
UPN (Active Directory only)	In the third page of the wizard, set the property Allow UPN Short Names to True. If you have more than one Active Directory configuration, you must set Allow UPN Short Names to True for all of them. (Allow UPN Short Names is Enterprise Manager's display name for the AllowEmailOrUPNShortNames property.) User Short Name Attribute: `userPrincipalName` User Search Filter: `(&(userPrincipalName={0})(objectClass=user))`

Active Directory

User Short Name Attribute:

     mail

User Search Filter:

     (&(mail={0})(objectClass=user))

All other directory servers

User Short Name Attribute:

     mail

User Search Filter:

     (&(mail={0})(objectClass=person))

UPN (Active Directory only)

In the third page of the wizard, set the property Allow UPN Short Names to True.

If you have more than one Active Directory configuration, you must set Allow UPN Short Names to True for all of them. (Allow UPN Short Names is Enterprise Manager's display name for the AllowEmailOrUPNShortNames property.)

User Short Name Attribute:

     userPrincipalName

User Search Filter:

     (&(userPrincipalName={0})(objectClass=user))

Repeat #11 for any additional directory configurations that are required by your installation.
Save your new settings.