Virtual member manager configuration CLIs and WebSphere
federated repository LDAP configuration GUI set default values in
the wimconfig.xml file, based on the selected LDAP server type.
Default values are set for following properties:
- External identifier:
- The name of the LDAP attributes that is used as external ID. For
example, “ibm-entryUUID”, “objectGUID”. A special name “distinguishedName”
indicates that the DN of the entity is used as the external ID.
<config:attributeConfiguration>
<config:externalIdAttributes name="dominounid"/>
...
</config:attributeConfiguration>
- Entity types:
- Maps the entity type to an Objectclass.
<config:ldapEntityTypes name="PersonAccount" searchFilter="">
<config:objectClasses>dominoPerson</config:objectClasses>
</config:ldapEntityTypes>
- RDN attribute types:
- If there is more than one RDN attribute for an entity, maps the
RDN property to the objectclass.
<config:ldapEntityTypes name="OrgContainer">
<config:rdnAttributes name="o" objectClass="organization"/>
<config:rdnAttributes name="ou" objectClass="organizationalUnit"/>
...
</config:ldapEntityTypes>
- Member attribute types:
- Specifies the Member attribute of the group objects
<config:groupConfiguration>
<config:memberAttributes dummyMember="uid=dummy" name="member"
objectClass="groupOfNames" scope="direct"/>
</config:groupConfiguration>
- Attribute types:
- Maps the vmm property name to the LDAP attribute name (globally
or per entity type).
<config:attributeConfiguration>
<config:externalIdAttributes name="dominounid"/>
<config:attributes name="userPassword" propertyName="password"/>
<config:attributes name="cn" propertyName="displayName">
<config:entityTypes>Group</config:entityTypes>
</config:attributes>
<config:attributes name="cn" propertyName="cn">
<config:entityTypes>Group</config:entityTypes>
</config:attributes>
<config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration>
- Unsupported properties:
- Maps properties that are not supported by the LDAP.
<config:attributeConfiguration>
...
<config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration>
- Context pool and cache:
<config:contextPool enabled="true" initPoolSize="1" maxPoolSize="0"
poolTimeOut="0" poolWaitTime="3000" prefPoolSize="3"/>
<config:cacheConfiguration cachesDiskOffLoad="false">
<config:attributesCache attributeSizeLimit="2000" cacheSize="4000"
cacheTimeOut="1200" enabled="true"/>
<config:searchResultsCache cacheSize="2000" cacheTimeOut="600"
enabled="true" searchResultSizeLimit="1000"/>
</config:cacheConfiguration>
Active Directory
External identifier:
objectguid
- Entity types
- Group
- ObjectClasses: group SearchFilter: (ObjectCategory=Group)
- OrgContainer
- ObjectClasses: organization, organizationalUnit, domain, container
- PersonAccount
- ObjectClasses: user SearchFilter: (ObjectCategory=Person)
- RDN attribute types for OrgContainer
- o
- ObjectClass: organization
- ou
- ObjectClass: organizationalUnit
- dc
- ObjectClass: domain
- cn
- ObjectClass: container
- Attribute Type
- userAccountControl
- DefaultValue: 544 EntityTypes: PersonAccount
- samAccountName
- DefaultValue: uid EntityTypes: PersonAccount
- samAccountName
- DefaultValue: cn EntityTypes: Group
- groupType
- DefaultValue: 8 EntityTypes: Group
- unicodePwd
- PropertyName: password Syntax: unicodePwd
Note: ADAM does not
use samAccountName. The following are the mappings for ADAM
- uid
- DefaultValue: uid EntityTypes: PersonAccount
- cn
- DefaultValue: cn EntityTypes: Group
Unsupported properties:
- description
- jpegPhoto
- labeledURI
- carLicense
- pager
- roomNumber
- localityName
- stateOrProvinceName
- countryName
- employeeNumber
- employeeType
- businessCategory
- departmentNumber
- homeAddress
- businessAddress
IBM Directory Server and z/OS Directory Server
External
identifier: ibm-entryuuid
- Entity types
- Group
- ObjectClasses: groupOfNames
- OrgContainer
- ObjectClasses: organization, organizationalUnit, domain, container
- PersonAccount
- ObjectClasses: inetOrgPerson
- RDN attribute types
- o
- ObjectClass: organization
- ou
- ObjectClass: organizationalUnit
- dc
- ObjectClass: domain
- cn
- ObjectClass: container
- Member attribute type
- member
- ObjectClass: groupOfNames DummyMember: uid=dummy scope: direct
- Attribute type
- userPassword
- PropertyName: password
Unsupported properties:
- homeAddress
- businessAddress
Domino Server
External identifier:
dominounid (not set by the CLI because it is not defined by default
in all of the Domino LDAP schema)
- Entity types
- Group
- ObjectClasses: groupOfNames
- OrgContainer
- ObjectClasses: organization, organizationalUnit, domain, container
- PersonAccount
- ObjectClasses: inetOrgPerson
- RDN attribute types
- o
- ObjectClass: organization
- ou
- ObjectClass: organizationalUnit
- dc
- ObjectClass: domain
- cn
- ObjectClass: container
- Member attribute type
- member
- ObjectClass: groupOfNames DummyMember: uid=dummy scope: direct
- Attribute type
- userPassword
- PropertyName: password
Unsupported properties:
- homeAddress
- businessAddress
Novell Diretory Services, Sun ONE and Sun Java System
Directory Servers
External identifier: guid (NDS),
nsuniqueid (Sun)
- Entity types
- Group
- NDS: ObjectClass: groupOfNames
- Sun: ObjectClass: groupOfUniqueNames
- OrgContainer
- ObjectClasses: organization, organizationalUnit, domain, container
- PersonAccount
- ObjectClasses: inetOrgPerson
- RDN attribute types
- o
- ObjectClass: organization
- ou
- ObjectClass: organizationalUnit
- dc
- ObjectClass: domain
- cn
- ObjectClass: container
- Member attribute type
- member
- NDS: Name: member ObjectClass: groupOfNames scope: direct
- Sun: Name: uniquemember ObjectClass: groupOfUniqueNames scope:
direct
- Attribute type
- userPassword
- PropertyName: password
Unsupported properties:
- homeAddress
- businessAddress
Context pool and cache configuration for all directory
servers
- Context pool
- Enabled: true
- InitPoolSize: 1
- MaxPoolSize: 0
- PrefPoolSize: 3
- PoolTimeout: 0
- PoolWaitTime: 3000
- Cache
- Enabled: true
- CacheSize: 4000
- CacheTimeOut: 1200
- AttributeSizeLimit: 2000
- Search cache
- Enabled: true
- CacheSize: 2000
- CacheTimeOut: 600
- SearchResultSizeLimit: 1000