Use this procedure to assign the directory server's email
attribute or, for Active Directory, the userPrincipalName (UPN) to
be the user short name used for login.
About this task
Restriction: This topic applies only to new
installations of Content Platform Engine.
Do not perform this procedure on existing production installations,
because of problems that might arise when changing from one short
name attribute to another. For example, this procedure does not change
the values of short names that are already persisted in Content Platform Engine or other applications,
including workflows.
Important: Do not assign
email as the short name for groups. The best practice for group short
name is to use sAMAccountName.
Attention: Do not
restart the application server until the following procedure tells
you to.
The following steps are not a complete list of things
to do to configure Content Platform Engine using
Configuration Manager. For the complete procedure, refer to Installing and configuring Content Platform Engine.
Procedure
To configure Content Platform Engine to
use email or UPN for login:
- Open Configuration Manager Configure LDAP task.
- To use email for the short name:
- Depending on your application server type, set the following
properties to configure the short name for email:
Table of attributes and
values to configure for email for the listed application server types.
Application Server type |
Configuration Manager attributes and values to set for email
(all directory server types) |
WebSphere Stand-alone LDAP registry |
- Active Directory
- User Filter:
(&(mail=%v)(objectClass=user))
- User ID map:
user:mail
- All other directory servers
- User Filter:
(&(mail=%v)(objectClass=person))
- User ID map:
person:mail
|
WebSphere Federated Repositories |
- Login Properties:
uid
|
WebLogic |
- Active Directory
- User from name filter:
(&(mail=%u)(objectclass=user))
- User name attribute:
mail
- All other directory servers
- User from name filter:
(&(mail=%u)(objectclass=person))
- User name attribute:
mail
|
- Use Configuration Manager to Save and Run the Configure
LDAP task.
- (Websphere Federated Repositories only) Search the WebSphere
application server profile for wimconfig.xml.
Edit wimconfig.xml in the following way:
Search for the propertyName="uid"
entry (samAccountName
in
the example is for Active Directory; other directory servers have
values such as cn
or uid
). (If the
search does not find this entry, you might have to create the following):
<config:attributes name="samAccountName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
Modify the propertyName="uid"
entry for mail
attribute:
<config:attributes name="mail" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
Save wimconfig.xml.
- (Active Directory only) To use UPN for the short name:
- Depending on your application server type, set the following
properties to configure the short name for UPN:
Table of attributes and
values to set for UPN for the listed Application Server types.
Application Server type |
Configuration Manager attributes and values to set for UPN
(Active Directory only) |
WebSphere Stand-alone LDAP registry |
User Filter: (&(userPrincipalName=%v)(objectClass=user))
User
ID map: user:userPrincipalName
|
WebSphere Federated Repositories |
Login Properties: uid
|
WebLogic |
User from name filter: (&(userPrincipalName=%u)(objectClass=user)) User
name attribute: userPrincipalName
|
- Use Configuration Manager to Save and Run the Configure
LDAP task.
- (Websphere Federated Repositories only) Search the WebSphere
application server profile for wimconfig.xml.
Edit wimconfig.xml in the following way:
- Search for the
propertyName="uid"
entry (If the
search does not find this entry, you might have to create the following): <config:attributes name="samAccountName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
- Modify the
propertyName="uid"
entry for userPrincipalName
attribute: <config:attributes name="userPrincipalName" propertyName="uid">
<config:entityTypes>PersonAccount </config:entityTypes>
</config:attributes>
Save wimconfig.xml.
- Open Configuration Manager's Configure Bootstrap Properties
task. Set Bootstrap Operation to Configure New.
- Confirm that the Bootstrapped EAR file property contains
the path to the bootstrap file you need to edit.
- Set the Bootstrap user name. The user name should be in
this form: name@domain.com.
- Use Configuration Manager to Save the task.
- Run Configuration Manager's Deploy Application task.
- Manually restart the application server.
- Log in to Administration Console for Content Platform Engine using
the Bootstrap user name and password.
Administration Console for Content Platform Engine prompts for a P8 domain
name and then starts the Directory Configuration Wizard. If the P8
domain has already been created and the Directory Configuration Wizard
does not start automatically, click the domain root node and select
the Directory Configuration tab. Then click Add to
add a new configuration or select an existing entry to edit an existing
configuration.
- Depending on which attribute you want to set and your application
server type, set the properties described in the following table.
Table of properties
to set when running the Directory Configuration wizard for either
email or UPN.
If running the Directory Configuration wizard for this attribute
... |
... set these properties for the short name |
email |
- Active Directory
- User Short Name Attribute:
mail
- User Search Filter:
(&(mail={0})(objectClass=user))
- All other directory servers
- User Short Name Attribute:
mail
- User Search Filter:
(&(mail={0})(objectClass=person))
|
UPN (Active Directory only) |
In the third page of the wizard, set the property Allow
UPN Short Names to True.
If
you have more than one Active Directory configuration, you must set Allow
UPN Short Names to True for all
of them. (Allow UPN Short Names is the display
name for the AllowEmailOrUPNShortNames property.)
User
Short Name Attribute: userPrincipalName
User
Search Filter: (&(userPrincipalName={0})(objectClass=user))
|
-
Repeat the previous step for any additional directory configurations that are required by your
installation.
- Save your new settings.