IBM Support

How to configure security using a custom attribute in the user RDN and/or as the login attribute

Question & Answer


Question

What is the proper method for enabling security against an LDAP when you need to use a custom attribute in the relative distinguished name (RDN) of your users and/or as your login attribute for WebSphere Portal? For example, users in your LDAP contain the following information: [] DN: customid=user1,o=ibm customid=user1 . . . . [] So in this case, "customid" is the custom attribute, "customid=user1" is the RDN, and you are going to log into Portal using the value for "customid" (e.g. "user1").

Answer


When configuring Portal with an LDAP registry, you will still follow the WebSphere Portal Information Center 6.1 instructions for configuring with a standalone LDAP user registry or a federated repository. However, prior to doing so, it is important that you ensure that Portal recognizes your custom attribute. Otherwise, you will receive an error similar to the following during your configuration tasks:

Create LDAP repository - result: [com.ibm.websphere.wim.exception.WIMConfigurationException: CWWIM5015E Login properties are not valid: [customid].]



Thus, to enable security with a custom attribute, you should proceed with the following steps:

1) Add the custom attribute to the configuration. The following snippet from wkplc.properties shows an example of how you would populate the values when adding the attribute:

la.providerURL = corbaloc:iiop:localhost:10031
la.propertyName = customid
la.entityTypes = PersonAccount
la.dataType = String
la.multiValued = false
repositoryId = <leave blank since LDAP id hasn't yet been defined>

2) Choose your user registry model between standalone LDAP user registry and federated repository and configure accordingly. The following snippets from the wkplc.properties show examples of the relevant properties that will involve the custom attribute:

Standalone LDAP user registry

Used during execution of wp-modify-ldap-security

standalone.ldap.bindDN= customid=mybinduser,o=ibm


standalone.ldap.userIdMap= inetOrgPerson:customid
standalone.ldap.userFilter= (&(customid=%v)(objectclass=inetOrgPerson))
standalone.ldap.serverId= customid=myserverid,o=ibm
standalone.ldap.primaryAdminId= customid=myprimaryadminid,o=ibm
standalone.ldap.primaryPortalAdminId= customid=myprimaryportaladminid,o=ibm
standalone.ldap.personAccountRdnProperties= customid
standalone.ldap.loginProperties= customid


Federated repository

Used during execution of wp-update-entitytypes

federated.ldap.bindDN= customid=mybinduser,o=ibm


federated.ldap.loginProperties= customid

Used during execution of wp-create-ldap

personAccountRdnProperties= customid



Used during execution of wp-change-was-admin-user and wp-change-portal-admin-user

newAdminId= customid=mynewadminid,o=ibm

[{"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"6.1","Edition":"Enable;Extend;Server;Express","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

More support for:
WebSphere Portal

Software version:
6.1

Operating system(s):
AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Document number:
392375

Modified date:
03 December 2021

UID

swg21393473

Manage My Notification Subscriptions

Page Feedback