Configuring supported entity types in a federated repository configuration

Follow this task to configure supported entity types for user and group management.

About this task

You must configure the supported entity types before you can manage this account with Users and Groups in the administrative console. The supported entity types are Group, OrgContainer, and PersonAccount. A Group entity represents a simple collection of entities that might not have any relational context. An OrgContainer entity represents an organization, such as a company or an enterprise, a subsidiary, or an organizational unit, such as a division, a location, or a department. A PersonAccount entity represents a human being. You cannot add or delete the supported entity types, because these types are predefined.
The Base entry for the default parent determines the repository location where entities of the specified type are placed on write operations by user and group management.
Note: To manage users and groups, click Users and Groups in the console navigation tree. Click either Manage Users or Manage Groups.

Procedure

  1. In the administrative console, click Security > Global security.
  2. Under User account repository, select Federated repositories from the Available realm definitions field and click Configure.
  3. Click Supported entity types to view a list of predefined entity types.
  4. Click the name of a predefined entity type to change its configuration.
  5. Supply the distinguished name of a base entry in the repository in the Base entry for the default parent field. This entry determines the default location in the repository where entities of this type are placed on write operations by user and group management.
  6. Supply the relative distinguished name (RDN™) properties for the specified entity type in the Relative Distinguished Name properties field. Possible values are cn for Group, uid or cn for PersonAccount, and o, ou, dc, and cn for OrgContainer. Delimit multiple properties for the OrgContainer entity with a semicolon (;).
    The following list outlines known requirements and limitations that apply to specific Lightweight Directory Access Protocol (LDAP) servers:
    Using Microsoft® Active Directory as the LDAP server
    • Unless you modify the LDAP schema to use uid, you must specify cn in the Relative Distinguished Name (RDN) properties field for the PersonAccount entity type.
    • Secure Sockets Layer communications must be enabled to create users with passwords. To select the Require SSL communications option, see the topic Configuring Lightweight Directory Access Protocol in a federated repository configuration.
    • Typically the value of user is specified as the value in the Object classes field for the PersonAccount entity type and the value of group is specified as the value in the Object classes field for the Group entity type.
    Using a Lotus® Domino® Enterprise Server as the LDAP server
    • Typically, the value of cn is specified in the Relative Distinguished Name (RDN) properties field for the PersonAccount entity type. The value of uid is also acceptable.
    • Typically, both inetOrgPerson and dominoPerson are used as values in the Object classes field for the PersonAccount entity type.
    Using Sun ONE Directory Server as the LDAP server
    • Typically, groupOfUniqueNames is specified as the value in the Object classes field for the Group entity type.
  7. Click OK.

Results

After completing these steps, your federated repository configuration, which uses supported entity types, is configured.

What to do next

  1. After configuring the federated repositories, click Security > Global security to return to the Global security panel. Verify that Federated repositories is identified in the Current® realm definition field. If Federated repositories is not identified, select Federated repositories from the Available realm definitions field and click Set as current. To verify the federated repositories configuration, click Apply on the Global security panel. If Federated repositories is not identified in the Current realm definition field, your federated repositories configuration is not used by WebSphere® Application Server.
  2. If you are enabling security, complete the remaining steps as specified in Enabling security for the realm. As the final step, validate this setup by clicking Apply on the Global security panel.
  3. Save, stop, and restart all the product servers (deployment managers, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 21, 2010 10:04:34 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-mp&topic=twim_entitytypes
File name: twim_entitytypes.html