Managing the realm in a federated repository configuration
Follow this topic to manage the realm in a federated repository configuration.
Before you begin
- The file-based repository that is built into the system
- One or more external repositories
- Both the built-in, file-based repository and in one or more external repositories
Procedure
- Configure your realm by using one of the following topics. You might be configuring your realm for the first time or changing
an existing realm configuration.
- Using a single built-in, file-based repository in a new configuration under Federated repositories
- Changing a federated repository configuration to include a single built-in, file-based repository only
- Configuring a single, Lightweight Directory Access Protocol repository in a new configuration under Federated repositories
- Changing a federated repository configuration to include a single, Lightweight Directory Access Protocol repository only
- Configuring multiple Lightweight Directory Access Protocol repositories in a federated repository configuration
- Configuring a single built-in, file-based repository and one or more Lightweight Directory Access Protocol repositories in a federated repository configuration
- Configure supported entity types using the steps described in Configuring supported entity types in a federated repository configuration. You must configure supported entity types before you can manage this account with Users and Groups. The Base entry for the default parent determines the repository location where entities of the specified type are placed on a create operation.
- Configure the mapping for user or group attributes of a user registry to federated repository properties in your realm using the steps described in Configuring user repository attribute mapping in a federated repository configuration.
- Optional: Under Additional properties, click the Custom properties link to configure custom properties.
- Optional: Use one or more of the following
tasks to extend the capabilities of storing data and attributes in
your realm:
- Configure an entry mapping repository using the steps described in Configuring an entry mapping repository in a federated repository configuration. An entry mapping repository is used to store data for managing profiles on multiple repositories.
- Configure a property extension repository using the steps described in Configuring a property extension repository in a federated repository configuration. A property extension repository is used to store attributes that cannot be stored in your Lightweight Directory Access Protocol (LDAP) server.
- Set up a database repository using wsadmin commands as described in Setting up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands
- Optional: Use one or more of the following advanced user tasks to extend the capabilities of LDAP repositories in your realm:
- Optional: Manage repositories that are configured in your system by following the steps described in Managing repositories in a federated repository configuration.
- Optional: Add an external repository into your realm by following the steps described in Adding an external repository in a federated repository configuration.
- Optional: Change the password for the repository that is configured under federated repositories by the following steps described in Changing the password for a repository under a federated repositories configuration.
What to do next
- After configuring the federated repositories, click Security > Global security to return to the Global security panel. Verify that Federated repositories is identified in the Current® realm definition field. If Federated repositories is not identified, select Federated repositories from the Available realm definitions field and click Set as current. To verify the federated repositories configuration, click Apply on the Global security panel. If Federated repositories is not identified in the Current realm definition field, your federated repositories configuration is not used by WebSphere® Application Server.
- If you are enabling security, complete the remaining steps as specified in Enabling security for the realm. As the final step, validate this setup by clicking Apply in the Global security panel.
- Save, stop, and restart all the product servers (deployment managers, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.
次主題
Federated repositories
Federated repositories enable you to use multiple repositories with WebSphere Application Server. These repositories, which can be file-based repositories, LDAP repositories, or a sub-tree of an LDAP repository, are defined and theoretically combined under a single realm. All of the user repositories that are configured under the federated repository functionality are invisible to WebSphere Application Server.Realm configuration settings
Use this page to manage the realm. The realm can consist of identities in the file-based repository that is built into the system, in one or more external repositories, or in both the built-in, file-based repository and one or more external repositories.User attribute mapping for federated repositories
Use this page to set or to modify the mapping for user or group attributes of a user registry to the federated repository properties in the current realm.Custom repository details for federated repositories
Use this panel to specify the configuration for access to a custom repository.Add federated repository settings
Use this page to specify the configuration for access to a file repository.Federated repositories limitations
This topic outlines known limitations and important information for configuring federated repositories.Changing the password for a repository under a federated repositories configuration
Passwords allow security control over the repositories under a federated repositories configuration. As part of managing the realm in a federated repository configuration, one of the optional tasks you can perform is to change the password of an individual repository that is under a federated repositories configuration.Using a single built-in, file-based repository in a new configuration under Federated repositories
Follow this task to use a single built-in, file-based repository in a new configuration under Federated repositories.Adding a file-based repository to a federated repositories configuration
Follow this task to add a file-based repository under federated repositories.Enabling client certificate login support for a file-based repository in federated repositories
You can enable support for client certificate login in a realm configured with a single built-in file-based repository or a multiple repository configuration that includes the file-based repository and other repositories.Configuring a single built-in, file-based repository in a new configuration under federated repositories using wsadmin
You can use the Jython or Jacl scripting language with the wsadmin tool to configure a single built-in, file-based repository in a new configuration under Federated repositories.Changing a federated repository configuration to include a single built-in, file-based repository only
Follow this task to change your federated repository configuration to include a single built-in, file-based repository only.Configuring a single, Lightweight Directory Access Protocol repository in a new configuration under Federated repositories
Follow this task to configure a single, Lightweight Directory Access Protocol (LDAP) repository in a new configuration under Federated repositories.Changing a federated repository configuration to include a single, Lightweight Directory Access Protocol repository only
Follow this task to change your federated repository configuration to include a single, Lightweight Directory Access Protocol repository (LDAP) repository only.Configuring multiple Lightweight Directory Access Protocol repositories in a federated repository configuration
Follow this task to configure multiple Lightweight Directory Access Protocol (LDAP) repositories in a federated repository configuration.Configuring a single built-in, file-based repository and one or more Lightweight Directory Access Protocol repositories in a federated repository configuration
Follow this task to configure a single built-in, file-based repository and multiple Lightweight Directory Access Protocol (LDAP) repositories in a federated repository configuration.Manually configuring an Lightweight Directory Access Protocol repository in a federated repository configuration
Follow this topic to manually configure Lightweight Directory Access Protocol (LDAP) repository in a federated repository configuration.Configuring Lightweight Directory Access Protocol in a federated repository configuration
Follow this topic to configure Lightweight Directory Access Protocol (LDAP) settings in a federated repository configuration.Migrating a stand-alone LDAP repository to a federated repositories LDAP repository configuration
When configuring the security for your application server, you might need to migrate a stand-alone LDAP registry to a federated repositories LDAP repository configuration.Adding an external repository in a federated repository configuration
Follow this task to add an external repository into a federated repository configuration.Configuring a property extension repository in a federated repository configuration
Follow this task to configure a property extension repository to store attributes that cannot be stored in your Lightweight Directory Access Protocol (LDAP) server.Configuring an entry mapping repository in a federated repository configuration
Follow this task to configure an entry mapping repository that is used to store data for managing profiles on multiple repositories.Configuring supported entity types in a federated repository configuration
Follow this task to configure supported entity types for user and group management.Configuring user repository attribute mapping in a federated repository configuration
Follow this task to set or modify the mapping for user or group attributes of a user registry to federated repository properties in the current realm.Managing repositories in a federated repository configuration
Follow this topic to manage repositories in a federated repository configuration.Increasing the performance of an LDAP repository in a federated repository configuration
Follow the steps given here to increase the performance of an LDAP repository in a federated repository configuration.Using custom adapters for federated repositories
When the custom adapters for federated repositories are part of the default realm, the users and groups can be managed using wsadmin commands or the administrative console.Establishing custom adapters for federated repositories
Out of the box adapters for federated repositories provide File, LDAP, and Database adapter for your use. These adapters implement the com.ibm.wsspi.wim.Repository software programming interface (SPI). Custom adapters for federated repositories need to implement the same SPI.Adding a custom repository to a federated repositories configuration
Follow this task to add a custom repository under federated repositories.Configuring custom adapters for federated repositories using wsadmin
You can use the Jython or Jacl scripting language with the wsadmin tool to define custom adapters in the federated repositories configuration file.Configuring the user registry bridge for federated repositories using wsadmin scripting
The user registry bridge is configured like other custom adapters. You can use the Jython or Jacl scripting language with the wsadmin scripting tool to define the user registry bridge in the federated repositories configuration.Configuring Lightweight Directory Access Protocol entity types in a federated repository configuration
Follow this task to configure Lightweight Directory Access Protocol (LDAP) entity types in a federated repository configuration.Configuring Lightweight Directory Access Protocol attributes in a federated repository configuration
Follow this task to add, modify, or delete the configuration of supported, unsupported, and external LDAP attributes in a federated repositories configuration.Configuring group attribute definition settings in a federated repository configuration
Follow this task to configure group definition settings in a federated repository configuration.Configuring member attributes in a federated repository configuration
Follow this task to configure member attributes in a federated repository configuration.Configuring dynamic member attributes in a federated repository configuration
Follow this task to configure dynamic member attributes in a federated repository configuration.


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twim_managing_realm
檔名:twim_managing_realm.html