Configuring additional properties for users and groups
You can configure additional properties for users and groups of federated repositories. To enable schema or property extensions, ensure that the property can be read from and written to the underlying repositories.
You can specify the following additional property information in the
server.xml file to enable schema or property extension.
The following sample shows the configuration in server.xml:
- Extended Property Name – The name of the extended property. Ensure that the name specified is unique and does not match with an existing property name.
- Data type – The data type of the extended property. The possible values are Integer, Long, String, Boolean, Date, Double, BigInteger, BigDecimal.
- Entity type – The entity to which the property applies. The possible values are PersonAccount or
Single or multi-valued - You can set the value of the property to be either single or multi-valued. A default value can also be set for the property. When an entity is created and no value is specified for the property, the default value is used. For a multi-valued property, you can add an extended property named
assetIdfor storing assets assigned to a user. If each user can be assigned more than one assets then the
assetIdneeds to be multi-valued. You must ensure that the attribute to which the
assetIdis mapped is also a multi-valued attribute in the back-end LDAP .
<federatedRepository> <primaryRealm name="WIMRegistry"> <participatingBaseEntry name="o=ibm,c=us"/> </primaryRealm> <extendedProperty dataType="String" name="extendedProperty" entityType="PersonAccount"> </extendedProperty> </federatedRepository>
To use the extended property in the code, you must use the generic getter/setter methods as
shown in the following example:
PersonAccount person = new PersonAccount(); ... person.set("extendedProperty", "xyz"); ... String value = (String)person.get("extendedProperty");
To ensure that property can be read from and written to the LDAP, you have the following two
- Pass-through: If the name of the extended property is same as the name of the LDAP attribute, then the property is passed through and read from and written to the attribute.
- Property Mapping: If the name of the extended property is different from the name of the LDAP
attribute, then the property needs to be mapped by using attribute mapping.
The following sample configuration shows the mapping of the extended property to an attribute named extendedAttribute.
<attributeConfiguration> <attribute name="extendedAttribute" propertyName="extendedProperty" syntax="String" entityType="PersonAccount"></attribute> </attributeConfiguration>