Querying LDAP attributes

IBM WebSphere Portal has a predefined set of attributes for users and groups. Your LDAP server may have a different set of predefined user and group attributes. To ensure proper communication between WebSphere Portal and your LDAP Server, you can configure additional attributes and flag existing attributes as required or unsupported on a per repository basis for all configure repositories.

LDAP server can only handle the attributes explicitly defined in their schema. The task to add the LDAP user registry does some basic attribute configuration depending on the type of LDAP server that you choose. You may however still need to adapt the the WPS configuration to match the LDAP schema: for example if an attribute is defined in WPS but not in the LDAP server, you will need either flag the attribute as unsupported for the LDAP server or introduce attribute mapping that maps the WPS attribute to an attribute defined in the LDAP schema.

Querying attributes mapping



You can query portal for all the configured attributes using ConfigEngine.bat wp-query-attribute-config configuration command. This command creates availableAttributes.html in the wp_profile/ConfigEngine/log directory. This HTML file has table with two columns. First column lists out the attributes defined in the WebSphere Portal and second column lists out how it is mapped to LDAP attribute. If there is a match it will show checked sign. If not it will show "not supported" to indicate that this attribute is not supported. If the attribute in LDAP has different name then it will display the attribute name in ldap in second column. Take a look at this screen shot which says that homePostalAddress attribute is not supported and password is mapped to userPassword in LDAP.

No comments: