Solaris stand-alone: Mapping attributes

First, install and configure your LDAP user registry and query the defined attributes. Then, map the attributes so they match the configured LDAP servers and your business needs.

About this task

Complete the following steps to map attributes between WebSphere® Portal and your LDAP server; if you have multiple LDAP servers, complete these steps for each LDAP server:

Procedure

  1. Use a text editor to open the wkplc.properties file, in the wp_profile_root/ConfigEngine/properties directory.
  2. Enter a value for one of the following sets of parameters in the wkplc.properties file to identify your LDAP server:
    Note: Make sure you use the same values that you used to configure your LDAP server.
    Table 1. Identifying your LDAP server in the wkplc.properties file.
    Repository type Parameters
    Stand-alone The following parameters are found in the LDAP attribute configuration heading:
    Note: See the properties file for specific information about the advanced parameters.
    • standalone.ldap.id
    • standalone.ldap.host
    • standalone.ldap.port
    • standalone.ldap.sslEnabled
    • standalone.ldap.bindDN
    • standalone.ldap.bindPassword
    • standalone.ldap.baseDN
    Federated The following parameters are found in the VMM Federated repository properties heading:
    Note: See the properties file for specific information about the advanced parameters.
    • federated.ldap.id
    • federated.ldap.host
    • federated.ldap.port
    • federated.ldap.sslEnabled
    • federated.ldap.bindDN
    • federated.ldap.bindPassword
    • federated.ldap.baseDN
  3. Run one of the following tasks to check that all defined attributes are available in the configured LDAP user registry:
    Table 2. Task to check that all defined attributes are available in the configured LDAP user registry.
    Repository type Task
    Stand-alone ./ConfigEngine.sh wp-validate-standalone-ldap-attribute-config -DWasPassword=password task, from the wp_profile_root/ConfigEngine directory.
    Federated ./ConfigEngine.sh wp-validate-federated-ldap-attribute-config -DWasPassword=password task, from the wp_profile_root/ConfigEngine directory.
  4. Open the ConfigTrace.log file, in the wp_profile_root\ConfigEngine\log directory to review the following output for the PersonAccount and Group entity type:
    The following attributes are defined in WebSphere Portal but not in the LDAP server
    This list contains all attributes that are defined in WebSphere Portal but not available in the LDAP. Flag attributes that you do not plan to use in WebSphere Portal as unsupported. Map the attributes that you plan to use to the attributes that exist in the LDAP; you must also map the uid, cn, firstName, sn, preferredLanguage, and ibm-primaryEmail attributes if they are contained in the list.
    The following attributes are flagged as required in the LDAP server but not in WebSphere Portal
    This list contains all attributes that are defined as "must" in the LDAP server but not as required in WebSphere Portal. You must flag these attributes as required within WebSphere Portal; see the following step about flagging an attribute as either unsupported or required.
    The following attributes have a different type in WebSphere Portal and in the LDAP server
    This list contains all attributes that WebSphere Portal might ignore because the data type within WebSphere Portal and within the LDAP server does not match.
  5. Use a text editor to open the wkplc.properties file, in the wp_profile_root/ConfigEngine/properties directory.
  6. Enter a value for one of the following sets of parameters in the wkplc.properties file to correct any issues that are found in the configuration trace file:
    Table 3. Parameters to define in the wkplc.properties file to correct any issues found in the configuration trace file.
    Repository type Parameters
    Stand-alone The following parameters are found in the LDAP attribute configuration heading:
    • standalone.ldap.id
    • standalone.ldap.attributes.nonSupported
    • standalone.ldap.attributes.nonSupported.delete
    • standalone.ldap.attributes.mapping.ldapName
    • standalone.ldap.attributes.mapping.portalName
    • standalone.ldap.attributes.mapping.entityTypes
    The following values flag certificate and members as unsupported attributes and maps ibm-primaryEmail to mail and ibm-jobTitle to title for the PersonAccount entityTypes:
    standalone.ldap.attributes.nonSupported=certificate, members
standalone.ldap.attributes.nonSupported.delete=

standalone.ldap.attributes.mapping.ldapName=mail, title
standalone.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle
standalone.ldap.attributes.mapping.entityTypes=PersonAccount
    If you want to map attributes for your groups instead of users, set the entityTypes to Group. 
    standalone.ldap.attributes.mapping.entityTypes=Group
    Federated The following parameters are found in the VMM Federated repository properties heading:
    • federated.ldap.attributes.nonSupported
    • federated.ldap.attributes.nonSupported.delete
    • federated.ldap.attributes.mapping.ldapName
    • federated.ldap.attributes.mapping.portalName
    • federated.ldap.attributes.mapping.entityTypes
    The following values flag certificate and members as unsupported attributes and maps ibm-primaryEmail to mail and ibm-jobTitle to title for the PersonAccount entityTypes:
    federated.ldap.attributes.nonSupported=certificate, members
federated.ldap.attributes.nonSupported.delete=

federated.ldap.attributes.mapping.ldapName=mail, title
federated.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle
federated.ldap.attributes.mapping.entityTypes=PersonAccount
    If you want to map attributes for your groups instead of users, set the entityTypes to Group. 
    federated.ldap.attributes.mapping.entityTypes=Group
  7. Save your changes to the wkplc.properties file.
  8. Run one of the following tasks to update the LDAP user registry configuration with the following items:
    • A list of unsupported attributes
    • The mapping between WebSphere Portal and the LDAP user registry
    Table 4. Task to update the LDAP user registry configuration with the list of unsupported attributes and the mapping between Portal and the LDAP user registry.
    Repository type Task
    Stand-alone ./ConfigEngine.sh wp-update-standalone-ldap-attribute-config -DWasPassword=password task, from the wp_profile_root/ConfigEngine directory
    Federated ./ConfigEngine.sh wp-update-federated-ldap-attribute-config -DWasPassword=password task, from the wp_profile_root/ConfigEngine directory
  9. Stop and restart the appropriate servers to propagate the changes. For specific instructions, see Starting and stopping servers, deployment managers, and node agents.
  10. Optional: Complete the following steps to flag an attribute as either unsupported or required for the entire WebSphere Portal environment instead of just for the specified LDAP:
    1. Enter a value for the following required parameters in the wkplc.properties file:
      Note: See the properties file for specific information about the advanced parameters.
      • user.attributes.required
      • user.attributes.nonsupported
    2. Save your changes to the wkplc.properties file.
    3. Run the ./ConfigEngine.sh wp-update-attribute-config -DWasPassword=password task, from the wp_profile_root/ConfigEngine directory.
    4. Stop and restart all necessary servers to propagate your changes.