Default LDAP configuration mapping based on LDAP server type

Virtual member manager configuration CLIs and WebSphere federated repository LDAP configuration GUI set default values in the wimconfig.xml file, based on the selected LDAP server type.

Default values are set for following properties:

External identifier:
The name of the LDAP attributes that is used as external ID. For example, “ibm-entryUUID”, “objectGUID”. A special name “distinguishedName” indicates that the DN of the entity is used as the external ID.
<config:attributeConfiguration>
       <config:externalIdAttributes name="dominounid"/>
... 
</config:attributeConfiguration>
Entity types:
Maps the entity type to an Objectclass.
<config:ldapEntityTypes name="PersonAccount" searchFilter="">
<config:objectClasses>dominoPerson</config:objectClasses>
</config:ldapEntityTypes>
RDN attribute types:
If there is more than one RDN attribute for an entity, maps the RDN property to the objectclass.
<config:ldapEntityTypes name="OrgContainer">
  <config:rdnAttributes name="o" objectClass="organization"/>
  <config:rdnAttributes name="ou" objectClass="organizationalUnit"/>
...
</config:ldapEntityTypes>
Member attribute types:
Specifies the Member attribute of the group objects
<config:groupConfiguration>
  <config:memberAttributes dummyMember="uid=dummy" name="member" 
  objectClass="groupOfNames" scope="direct"/>
</config:groupConfiguration>
Attribute types:
Maps the vmm property name to the LDAP attribute name (globally or per entity type).
<config:attributeConfiguration>
  <config:externalIdAttributes name="dominounid"/>
  <config:attributes name="userPassword" propertyName="password"/>
  <config:attributes name="cn" propertyName="displayName">
    <config:entityTypes>Group</config:entityTypes>
  </config:attributes>
  <config:attributes name="cn" propertyName="cn">
    <config:entityTypes>Group</config:entityTypes>
  </config:attributes>
  <config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration>
Unsupported properties:
Maps properties that are not supported by the LDAP.
<config:attributeConfiguration>
  ...
  <config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration>
Context pool and cache:
<config:contextPool enabled="true" initPoolSize="1" maxPoolSize="0" 
  poolTimeOut="0" poolWaitTime="3000" prefPoolSize="3"/>
<config:cacheConfiguration cachesDiskOffLoad="false">
  <config:attributesCache attributeSizeLimit="2000" cacheSize="4000" 
    cacheTimeOut="1200" enabled="true"/>
  <config:searchResultsCache cacheSize="2000" cacheTimeOut="600" 
    enabled="true" searchResultSizeLimit="1000"/>
</config:cacheConfiguration>

Active Directory

External identifier: objectguid
Entity types
Group
ObjectClasses: group SearchFilter: (ObjectCategory=Group)
OrgContainer
ObjectClasses: organization, organizationalUnit, domain, container
PersonAccount
ObjectClasses: user SearchFilter: (ObjectCategory=Person)
RDN attribute types for OrgContainer
o
ObjectClass: organization
ou
ObjectClass: organizationalUnit
dc
ObjectClass: domain
cn
ObjectClass: container
Attribute Type
userAccountControl
DefaultValue: 544 EntityTypes: PersonAccount
samAccountName
DefaultValue: uid EntityTypes: PersonAccount
samAccountName
DefaultValue: cn EntityTypes: Group
groupType
DefaultValue: 8 EntityTypes: Group
unicodePwd
PropertyName: password Syntax: unicodePwd
Note: ADAM does not use samAccountName. The following are the mappings for ADAM
uid
DefaultValue: uid EntityTypes: PersonAccount
cn
DefaultValue: cn EntityTypes: Group
Unsupported properties:
  • description
  • jpegPhoto
  • labeledURI
  • carLicense
  • pager
  • roomNumber
  • localityName
  • stateOrProvinceName
  • countryName
  • employeeNumber
  • employeeType
  • businessCategory
  • departmentNumber
  • homeAddress
  • businessAddress

IBM Directory Server and z/OS Directory Server

External identifier: ibm-entryuuid
Entity types
Group
ObjectClasses: groupOfNames
OrgContainer
ObjectClasses: organization, organizationalUnit, domain, container
PersonAccount
ObjectClasses: inetOrgPerson
RDN attribute types
o
ObjectClass: organization
ou
ObjectClass: organizationalUnit
dc
ObjectClass: domain
cn
ObjectClass: container
Member attribute type
member
ObjectClass: groupOfNames DummyMember: uid=dummy scope: direct
Attribute type
userPassword
PropertyName: password
Unsupported properties:
  • homeAddress
  • businessAddress

Domino Server

External identifier: dominounid (not set by the CLI because it is not defined by default in all of the Domino LDAP schema)
Entity types
Group
ObjectClasses: groupOfNames
OrgContainer
ObjectClasses: organization, organizationalUnit, domain, container
PersonAccount
ObjectClasses: inetOrgPerson
RDN attribute types
o
ObjectClass: organization
ou
ObjectClass: organizationalUnit
dc
ObjectClass: domain
cn
ObjectClass: container
Member attribute type
member
ObjectClass: groupOfNames DummyMember: uid=dummy scope: direct
Attribute type
userPassword
PropertyName: password
Unsupported properties:
  • homeAddress
  • businessAddress

Novell Diretory Services, Sun ONE and Sun Java System Directory Servers

External identifier: guid (NDS), nsuniqueid (Sun)
Entity types
Group
  • NDS: ObjectClass: groupOfNames
  • Sun: ObjectClass: groupOfUniqueNames
OrgContainer
ObjectClasses: organization, organizationalUnit, domain, container
PersonAccount
ObjectClasses: inetOrgPerson
RDN attribute types
o
ObjectClass: organization
ou
ObjectClass: organizationalUnit
dc
ObjectClass: domain
cn
ObjectClass: container
Member attribute type
member
  • NDS: Name: member ObjectClass: groupOfNames scope: direct
  • Sun: Name: uniquemember ObjectClass: groupOfUniqueNames scope: direct
Attribute type
userPassword
PropertyName: password
Unsupported properties:
  • homeAddress
  • businessAddress

Context pool and cache configuration for all directory servers

Context pool
  • Enabled: true
  • InitPoolSize: 1
  • MaxPoolSize: 0
  • PrefPoolSize: 3
  • PoolTimeout: 0
  • PoolWaitTime: 3000
Cache
  • Enabled: true
  • CacheSize: 4000
  • CacheTimeOut: 1200
  • AttributeSizeLimit: 2000
Search cache
  • Enabled: true
  • CacheSize: 2000
  • CacheTimeOut: 600
  • SearchResultSizeLimit: 1000


Terms of use | Feedback

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.wim.doc/defaultldapconfigurationmappingbasedonldapservertype.html