Mapping user attributes to fields in LDAP

Each user of the solution has user attributes that can be edited using the Profile Settings view. If you want to retrieve values from your Lightweight Directory Access Protocol (LDAP) user registry for particular user attributes, rather than the solution database, you must map the attributes to fields in your LDAP user registry. Any changes that you make affect all users of the solution.

Before you begin

Some user attributes have default mappings that you must map to fields in your LDAP user registry. The following user attributes have default mappings:
EMAIL
EXTERNALID
FIRSTNAME
FUNCTION
LASTNAME
MOBILE
PASSWORD
PREFERREDLANGUAGE
TIMEZONE
UID

About this task

Complete the following instructions to map user attributes to fields in LDAP.

Procedure

  1. Log on to the solution as sysadmin.
  2. Select Edit Profile from the list that is next to your user name at the top of the view.
  3. Click Administration Settings. A list of user attributes is displayed.
  4. For each item that you want to map to a field in the LDAP user registry, complete the following steps:
    1. Click the title to expand the attribute details.
    2. Enter a value in the LDAP mapping field.
      Note: Values are case-sensitive.
    3. Save your changes.

What to do next

Map the attributes to fields in your LDAP user registry. For example, if you are using IBM® Security Directory Server, you might complete the following steps to map the EXTERNALID attribute to a field that is named externalId in LDAP.
  1. Log on to the LDAP server as a root user.
  2. Create an LDAP data interchange format (LDIF) file in the /tmp directory with content similar to the following sample: 
    dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (1.3.6.1.4.1.1466
NAME ('externalId')
DESC 'The external ID for the user.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25
SINGLE-VALUE )
  3. Enter the following command to use the LDIF file to map the attribute to an LDAP field, where ldap_install_path is the LDAP installation path, ldap_passwd is the password for your LDAP server, and filename.ldif is the name of your LDIF file:
    ldap_install_path/bin/idsldapmodify -D 'cn=root' -w ldap_passwd -i  /tmp/filename.ldif
  4. Enter the following command to restart IBM Security Directory Server, where ldap_install_path is the LDAP installation path and instance_name is the LDAP instance name: 
    ldap_install_path/sbin/ibmslapd -I instance_name
    For example, 
    /opt/ibm/ldap/V6.4/sbin/ibmslapd/sbin/ibmslapd -I dsrdb1
  5. Restart the WebSphere® Application Server Liberty Profile server. For more information, see the related link.