User registry and Member Repository

In the context of WAS a user registry stores all user and group data, including user ID and password, other group attributes and user and group member information, etc. The WebSphere Application Server supports three types of user registries

  • Local Operating System

  • Lightweight Directory Access Protocol(LDAP)

  • Custom user registry


Within WPS only LDAP and custom user registries are supported, not the Local Operating System, this is because of the configuration of the Light Wight Third-Party Authentication (LTPA) mechanism used in Single Sign On

In the context of WebSphere Portal and Member Manager, a member repository is the store
for user profile data and the group data, and their membership information. Two different
terms (user registry and member repository) are used because it is possible for the
datastores to be different. For example, when the portal server requires application specific
user attributes that are not available in LDAP server, the administrator can opt to use the
Look-Aside mechanism provided by WebSphere Member Manager. Thus the member
repository has the extension in the LookAside database tables. In most cases, however, the
user registry and member repository are in the same datastores.

WMM supports three types of member repositories,

  • database

  • LDAP

  • Custom member repository



WMM has provided its own Custom User Registry(CUR) implementation(Custom the Custom User Registry API provided by WAS) to be used in the configuration of application server. The WMM provides two repository implementations

  • com.ibm.websphere.wmm.registry.WMMUserRegistry : If you enable security to and your using LDAP as user repository then the User registry type would be set to Custom and name of the custom registry class name would be com.ibm.websphere.wmm.registry.WMMUserRegistry

  • com.ibm.ws.wmm.db.DatabaseRepository:.



When a customer user registry (CUR) is developed by the customer, a corresponding custom
member repository (CMR) must be coded for configuring WMM. The CMR API is private and
unpublished. To obtain this API, IBM support must be contacted and an non-disclosure
agreement must be signed.

The security of an out-of-box installation of version 6 WebSphere Portal is enabled with the
WMMUR DB option based on the embedded version of IBM Cloudscape Database. The idea
is for the administrator to have a working system right after the installation.

No comments: