Federated, unclustered server: Adapting the attribute configuration

After installing IBM® WebSphere® Portal and configuring your LDAP user registries, you will need to adapt the attribute configuration to match the configured LDAP server(s) and your business needs.

About this task

After installation, WebSphere Portal has a predefined set of attributes for users and groups. Your LDAP server may have a different set of predefined user and group attributes. To ensure proper communication between WebSphere Portal and your LDAP server, you can configure additional attributes and flag existing attributes as required or unsupported on a per repository basis or for all configure repositories. Therefore after installing WebSphere Portal and configuring your LDAP user registry, you will need to manage the attributes between the two servers to ensure proper communication.

LDAP servers can only handle attributes that are explicitly defined in their schema. The LDAP server's schema is different from the WebSphere Portal schema but the two schemas should match for proper communication between WebSphere Portal and the LDAP server. The task to add the LDAP user registry does some basic attribute configurations depending on the type of LDAP server that you choose. You may, however, still need to adapt the WebSphere Portal configuration to match the LDAP schema; for example, if an attribute is defined in WebSphere Portal but not in the LDAP server, you will need to perform one of the following tasks to resolve this mismatch
  • Flag the attribute as unsupported for the LDAP server
  • Introduce an attribute mapping that maps the WebSphere Portal attribute to an attribute defined in the LDAP schema

Perform the following tasks to adapt the attribute configuration to match the configured LDAP server(s) and your business needs:

  1. Federated, unclustered server: Querying attributes
    First, install IBM WebSphere Portal and configure your LDAP user registries. Then, query the defined attributes to see what attributes are flagged as unsupported or mapped to a different LDAP attribute.
  2. Federated, unclustered server: Validating attributes
    After querying your LDAP for a list of attributes within your user registry, you must validate the attributes defined within your user registry with the attributes defined within IBM WebSphere Portal.
  3. Federated, unclustered server: Adding attributes
    The VMM is configured with a default attribute schema that might not be compatible with your LDAP server. If so, extend the VMM attribute schema by adding new attributes that you can map between IBM WebSphere Portal and your user registry.
  4. Federated, unclustered server: Mapping attributes
    First, install and configure your LDAP user registry and query the defined attributes. Then, map the attributes so they match the configured LDAP servers and your business needs.
  5. Federated, unclustered server: Removing attributes
    Due to a Virtual Member Manager (VMM) limitation, there is currently no task to update an attribute. Therefore, if you added an attribute to your property extension database or when adapting attributes to match your LDAP server that were spelled incorrectly or already added due to migration, you must remove the attribute from the database. Use caution when performing these steps.
  • Parent topic: Federated, unclustered server: Configuring WebSphere Portal to use a user registry