IBM InfoSphere Federation Server, Version 10.1

Developing a user mapping plug-in (Java programming language)

Use the sample code as a starting point to develop a Java™ plug-in that retrieves user mappings from an external repository. The sample code retrieves mappings from an LDAP repository, but you can modify the code to access any external repository.

Before you begin

Verify the following:
  • The Java Development Kit (JDK) version 1.4 or later is installed.
  • The db2umplugin.jar file. This Java Archive (JAR) file is installed as part of the DB2® server installation or the DB2 client installation.
  • The sample user mapping plug-in files are installed. These files, which are installed as part of the DB2 client installation, are in the sqllib/samples/federated/umplugin/ldap/ directory.
  • The java_heap_sz parameter is set to 2048.

About this task

The plug-in that you develop must be able to connect to the external repository, retrieve user mappings, and decrypt remote passwords. The repository that you use determines how you code the plug-in. For example, if you use an LDAP repository that stores encrypted passwords, the plug-in must contain the encryption schema and the secret key that is required to decode the passwords.

Be aware that as you develop and use the plug-in, you send sensitive user IDs and passwords between multiple sources. To protect this information, restrict access to the plug-in source code, and configure the db2audit facility to capture a VALIDATE record in the diagnostic log file, db2diag.log, each time that the federated server uses the plug-in. The diagnostic log file is useful not only for tracking usage but also for troubleshooting any problems that occur.

To develop a plug-in, complete these tasks:

  1. Modifying the sample user mapping plug-in files (Java programming language)
    The sample Java plug-in retrieves user mappings from an LDAP server. You can modify the plug-in to retrieve user mappings from other types of external repositories. Use the sample plug-in as the starting point for developing a customized plug-in that works with your specific external repository.
  2. Modifying the UserMappingCryptoLDAP sample file (Java programming language)
    To implement the security methods that the LDAP server uses, modify functions that encrypt, decrypt, encode, and decode remote passwords.
  3. Modifying the UserMappingRepositoryLDAP sample file (Java programming language)
    The UserMappingRepositoryLDAP.java file for the Java plug-in contains the functions for connecting to the LDAP server, retrieving user mappings, and disconnecting. Modify the sample code to match the object classes that are defined in the directory structure of your LDAP server.
  4. Compiling the files for the user mapping plug-in (Java programming language)
    After you modify the source files for the Java plug-in, you must compile them.
  5. Creating the configuration file for the user mapping plug-in (Java programming language)
    The configuration file stores the connection information that the Java plug-in uses to connect to the LDAP server.
  6. Testing the user mapping plug-in (Java programming language)
    To test the Java plug-in outside of the federated server, develop an application that connects to and retrieves user mappings from the external repository.
  7. Deploying the user mapping plug-in files (Java programming language)
    After you compile and test the Java plug-in, deploy the files on the federated server.
  8. Configuring access to the user mapping plug-in (Java programming language)
    Set the DB2_UM_PLUGIN option to configure the federated server to use a Java plug-in to retrieve user mappings.
Parent topic: User mapping plug-in (Java programming language)
Related concepts:
User mapping plug-in (Java programming language)
Sample user mapping plug-in (Java programming language)
Related reference:
Classes for the user mapping plug-in (Java programming language)

Feedback

Update icon Last updated: 2012-05-18