Switching the user registry to which user credentials are written

You can change the user registry to which the credentials of new users and user groups are written. Perform this task after you remove a user registry from the realm, for example, if you are removing an ObjectServer to replace it with an LDAP directory. If you do not perform this task, users and groups are written to the default file-based repository.

About this task

You can select only one user registry to which users and groups are written when they are created.

Procedure

To switch to a different write-registry:

  1. Click Settings > WebSphere Administration Console. Then, click Launch WebSphere Administration console.
  2. Click Security > Global security.
  3. From the Available realms definition list, select Federated repositories and click Configure.
  4. Under Additional Properties, click Supported entity types.
  5. In the table, click the Group entity type and replace the properties in the Base entry for the default parent field and the Relative Distinguished Name properties field.
  6. Click OK and then click Save directly to the master configuration, which is at the top of the page.
  7. Repeat steps 5 and 6 for the OrgContainer and PersonAccount entity types, and any other entity types that are defined.

What to do next

If you replaced an ObjectServer with an LDAP server, enable the synchronization of user credentials between the LDAP server and the ObjectServer.