Default LDAP configuration mapping based on LDAP server type
Virtual member manager configuration CLIs and WebSphere federated repository LDAP configuration GUI set default values in the wimconfig.xml file, based on the selected LDAP server type.
Default values are set for following properties:
- External identifier:
- The name of the LDAP attributes that is used as external ID. For example, "ibm-entryUUID",
"objectGUID". A special name "distinguishedName" indicates that the DN of the entity is used as the
external ID.
The following table lists the default external ID assignments.
Table 1. Default external ID assignments. The default values for external identifiers. LDAP type External ID Syntax IBM Tivoli Directory Server ibm-entryUUID String Microsoft Active Directory objectGUID octetString Novell eDirectory GUID octetString IBM Domino Server dominoUNID String SunOne Directory Server nsuniqueId String Custom Distinguished Name (DN) String <config:attributeConfiguration> <config:externalIdAttributes name="dominounid"/> ... </config:attributeConfiguration>
- Entity types:
- Maps the entity type to an objectClass.
<config:ldapEntityTypes name="PersonAccount" searchFilter=""> <config:objectClasses>dominoPerson</config:objectClasses> </config:ldapEntityTypes>
- RDN attribute types:
- If there is more than one RDN attribute for an entity, maps the RDN property to the
objectClass.
<config:ldapEntityTypes name="OrgContainer"> <config:rdnAttributes name="o" objectClass="organization"/> <config:rdnAttributes name="ou" objectClass="organizationalUnit"/> ... </config:ldapEntityTypes>
- Member attribute types:
- Specifies the Member attribute of the group
objects
<config:groupConfiguration> <config:memberAttributes dummyMember="uid=dummy" name="member" objectClass="groupOfNames" scope="direct"/> </config:groupConfiguration>
- Attribute types:
- Maps the virtual member manager property name to the LDAP attribute name (globally or per entity
type).
<config:attributeConfiguration> <config:externalIdAttributes name="dominounid"/> <config:attributes name="userPassword" propertyName="password"/> <config:attributes name="cn" propertyName="displayName"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes> <config:attributes name="cn" propertyName="cn"> <config:entityTypes>Group</config:entityTypes> </config:attributes> <config:propertiesNotSupported name="businessAddress"/> </config:attributeConfiguration>
- Unsupported properties:
- Maps properties that are not supported by the
LDAP.
<config:attributeConfiguration> ... <config:propertiesNotSupported name="businessAddress"/> </config:attributeConfiguration>
- Context pool and cache:
-
<config:contextPool enabled="true" initPoolSize="1" maxPoolSize="0" poolTimeOut="0" poolWaitTime="3000" prefPoolSize="3"/> <config:cacheConfiguration cachesDiskOffLoad="false"> <config:attributesCache attributeSizeLimit="2000" cacheSize="4000" cacheTimeOut="1200" enabled="true" cacheDistPolicy=
"none"
/> <config:searchResultsCache cacheSize="2000" cacheTimeOut="600" enabled="true" searchResultSizeLimit="1000" cacheDistPolicy="none"
/> </config:cacheConfiguration>
Active Directory
External identifier: objectguid
- Entity types
-
- Group
- objectClasses: group SearchFilter: (ObjectCategory=Group)
- OrgContainer
- objectClasses: organization, organizationalUnit, domain, container
- PersonAccount
- objectClasses: user SearchFilter: (ObjectCategory=User)
- RDN attribute types for OrgContainer
-
- o
- objectClass: organization
- ou
- objectClass: organizationalUnit
- dc
- objectClass: domain
- cn
- objectClass: container
- Member attribute types:
- Specifies the member attribute of the group objects, which is used when searching for members of
a group.
- member
- name: member objectClass: group scope: direct
- Membership attribute types:
- Specifies the membership attribute of the user objects, which is used when searching for groups
to which a user belongs.
- membership
- name: memberOf scope: direct
- Attribute Type
-
- userAccountControl
- DefaultValue: 544 EntityTypes: PersonAccount
- samAccountName
- DefaultValue: uid EntityTypes: PersonAccount
- samAccountName
- DefaultValue: cn EntityTypes: Group
- groupType
- DefaultValue: 8 EntityTypes: Group
- unicodePwd
- PropertyName: password Syntax: unicodePwdNote: ADAM does not use samAccountName. The following are the mappings for ADAM
- uid
- DefaultValue: uid EntityTypes: PersonAccount
- cn
- DefaultValue: cn EntityTypes: Group
- description
- jpegPhoto
- labeledURI
- carLicense
- pager
- roomNumber
- localityName
- stateOrProvinceName
- countryName
- employeeNumber
- employeeType
- businessCategory
- departmentNumber
- homeAddress
- businessAddress
IBM Directory Server and z/OS Directory Server
External identifier: ibm-entryuuid
- Entity types
-
- Group
- objectClasses: groupOfNames
- OrgContainer
- objectClasses: organization, organizationalUnit, domain, container
- PersonAccount
- objectClasses: inetOrgPerson
- RDN attribute types
-
- o
- objectClass: organization
- ou
- objectClass: organizationalUnit
- dc
- objectClass: domain
- cn
- objectClass: container
- Member attribute type
-
- member
- objectClass: groupOfNames DummyMember: uid=dummy scope: direct
- Attribute type
-
- userPassword
- PropertyName: password
- homeAddress
- businessAddress
Domino Server
External identifier: dominounid (not set by the CLI because it is not defined by default
in all of the Domino LDAP schema)
- Entity types
-
- Group
- objectClasses: groupOfNames
- OrgContainer
- objectClasses: organization, organizationalUnit, domain, container
- PersonAccount
- objectClasses: inetOrgPerson
- RDN attribute types
-
- o
- objectClass: organization
- ou
- objectClass: organizationalUnit
- dc
- objectClass: domain
- cn
- objectClass: container
- Member attribute type
-
- member
- objectClass: groupOfNames DummyMember: uid=dummy scope: direct
- Attribute type
-
- userPassword
- PropertyName: password
- homeAddress
- businessAddress
Novell Directory Services, Sun ONE and Sun Java System Directory Servers
External identifier: guid (NDS), nsuniqueid (Sun)
- Entity types
-
- Group
-
- NDS: objectClass: groupOfNames
- Sun: objectClass: groupOfUniqueNames
- OrgContainer
- objectClasses: organization, organizationalUnit, domain, container
- PersonAccount
- objectClasses: inetOrgPerson
- RDN attribute types
-
- o
- objectClass: organization
- ou
- objectClass: organizationalUnit
- dc
- objectClass: domain
- cn
- objectClass: container
- Member attribute type
-
- member
-
- NDS: Name: member objectClass: groupOfNames scope: direct
- Sun: Name: uniquemember objectClass: groupOfUniqueNames scope: direct
- Attribute type
-
- userPassword
- propertyName: password
- homeAddress
- businessAddress
Context pool and cache configuration for all directory servers
- Context pool
-
- enabled: true
- initPoolSize: 1
- maxPoolSize: 0
- prefPoolSize: 3
- poolTimeout: 0
- poolWaitTime: 3000
- Attributes Cache
-
- enabled: true
- cacheSize: 4000
- cacheTimeOut: 1200
- attributeSizeLimit: 2000
- cacheDistPolicy: none
- Search cache
-
- enabled: true
- cacheSize: 2000
- cacheTimeOut: 600
- searchResultSizeLimit: 1000
- cacheDistPolicy: none
Default LDAP datetime format based on LDAP server type
- Active Directory
- Format: yyyyMMddHHmmss.SZ
- Tivoli Directory Server
- Format: yyyyMMddHHmmss[.fraction]Z (Fraction of the second is optional.)
- SunONE
- Format: yyyyMMddHHmmssZ
- Domino
- Format: yyyyMMddHHmmssZ
- Novell Directory Server
- Format: yyyyMMddHHmmssZ
- Custom
- Custom LDAP adapter supports the following formats:
- Format: yyyyMMddHHmmss.SZ (for example, 20040708135722.0Z)
- Format: yyyyMMddHHmmssZ (for example, 20060120153334Z)