WebSphere Member Manager Unique Id

Every member managed by Member Manager requires a unique identifier, that allows a member profile to be easily retrieved. Member manager provides two types of unique identifiers


  • memberDN is a distinguished name of member convenient for identification and display purpose. The memberDN is unique and may be changed and reused (i.e. after a member is deleted from WMM a new member can be created and reuse the memberDN of the deleted member). An example of memberDN for Jane Doe is uid=janedoe,ou=people,ou=sales,o=acme.com


  • memberUniqueId is unique static and never reused. That is, once a memberUniqueId
    for a member is created, the value of that memberUniqueId will not be changed and even
    if the member is deleted. The memberUniqueId can be mapped to a unique attribute in LDAP server.



The memberDN therefore uniquely identifies a member at a single point in time while the
memberUniqueId, due to its characteristic of never being reused, uniquely identifies a
member over time. When an application, such as WebSphere Portal, uses Member Manager, the application may have its own application-specific repository for data that is related to the member in Member Manager. This means the application needs a linkage for the data of a member managed by Member Manager and its own application-specific data for the same member. Since the memberDN may be changed and reused, in general it is not suitable to be used as the linkage. However, memberUniqueId, which is unique, static, and never reused, is suitable to be used as the linkage. In WPS the member unique identifier is called external ID or extId. The Portal Access Control utilizes extId as the primary key in permission database tables, linking the user and groups to the access control data.

No comments: