Follow this task to add, modify, or delete the configuration
of supported, unsupported, and external LDAP attributes in a federated
repositories configuration.
Procedure
- In the administrative console, click Security > Global
security.
- Under User account repository, select Federated
repositories from the Available realm definitions field and click Configure.
To configure for a specific domain in a multiple security domain environment,
click Security domains > domain_name. Under Security
Attributes, expand User Realm, and click Customize for this domain.
Select the Realm type as Federated repositories and then click Configure.
- Under Related items, click Manage repositories,
and then in the panel that appears, click the repository_id of
the LDAP repository.
- Under Additional properties, click the LDAP attributes link.
- To add a new LDAP attribute configuration, click Add and
select one of the following options:
- Select Supported to add a supported LDAP attribute configuration.
On the panel that appears, enter the following details:
- Name
- Specifies the name of the LDAP attribute used in the repository
LDAP adapter.
- Property name
- Specifies the name of the corresponding federated repository property.
- Syntax
- Specifies the syntax of the LDAP attribute. The default value
is string. For example, the syntax of the unicodePwd LDAP attribute
is octetString.
- Entity types
- Specifies the entity type that applies the attribute mapping.
- Default value
- Specifies the default value of the LDAP attribute.
- Default attribute
- Use this parameter to specify the default attribute of the LDAP
attribute.
- Select Unsupported to add a configuration for a federated
repository property that the LDAP repository does not support. On
the panel that appears, enter the following details:
- Property name
- Specifies the name of the federated repository property.
- Entity types
- Specifies one or more entity types. Use the semicolon (;) as the
delimiter to specify multiple entity types.
- Select External to add a configuration for an LDAP attribute that
is used as an external ID in the specified LDAP repository. On the
panel that appears, enter the following details:
- Name
- Specifies the name of the external ID attribute of the LDAP repository.
- Syntax
- Specifies the syntax of the LDAP attribute. The default value
is string. For example, the syntax of the unicodePwd LDAP attribute
is octetString.
- Entity types
- Specifies one or more entity types. Use the semicolon (;) as the
delimiter to specify multiple entity types.
- Generate value
- Specifies whether or not the federated repository should generate
the value of the LDAP attribute.
- To modify an existing configuration, click the Name/Property
Name link and modify the details in the panel that appears.
- To delete an existing configuration, select the checkbox
beside the Name/Property Name and click Delete.
- Click OK and Save to the master configuration.
- Restart the application server.
Results
After completing these steps, LDAP attributes are configured
in the federated repositories configuration.