Mapping LDAP Attribute

The wp-query-attribute-config task explained in Querying LDAP attribute gives you high level mapping of LDAP attribute vs WebSphere Portal attribute.
In addition to that WebSphere Portal has ./ConfigEngine.sh wp-validate-standalone-ldap-attribute-config task that can be used to get more detailed information

After executing this mapping open the ConfigTrace.log file which is in /wp_profile/ConfigEngine/log directory, you should see messages like this

[wplc-validate-ldap-attribute-config] The following attribues are defined in Portal but not in LDAP - You should either flag them as unsupported or define an attribute mapping:
[wplc-validate-ldap-attribute-config] [groups, identifier, ibm-jobTitle, entitlementInfo, realm, viewIdentifiers, certificate, stateOrProvinceName, createTimestamp, modifyTimestamp, ibm-primaryEmail, children, parent, c, partyRoles, principalName, countryName, localityName]

[wplc-validate-ldap-attribute-config] The following attributes are flagged as required in LDAP but not in Portal - You should flag them as required in Portal, too:
[wplc-validate-ldap-attribute-config] [sn, cn]

[wplc-validate-ldap-attribute-config] FYI: The following attributes have a diffenrent type in Portal and in LDAP - No action is required:
[wplc-validate-ldap-attribute-config] jpegPhoto: Base64Binary <> 1.3.6.1.4.1.1466.115.121.1.5
[wplc-validate-ldap-attribute-config] password: Base64Binary <> 1.3.6.1.4.1.1466.115.121.1.5
[wplc-validate-ldap-attribute-config] seeAlso: String <> 1.3.6.1.4.1.1466.115.121.1.12
[wplc-validate-ldap-attribute-config] Possible problems for Group:

[wplc-validate-ldap-attribute-config] The following attribues are defined in Portal but not in LDAP - You should either flag them as unsupported or define an attribute mapping:
[wplc-validate-ldap-attribute-config] [modifyTimestamp, groups, members, identifier, displayName, parent, children, entitlementInfo, partyRoles, viewIdentifiers, createTimestamp]

[wplc-validate-ldap-attribute-config] The following attributes are flagged as required in LDAP but not in Portal - You should flag them as required in Portal, too:
[wplc-validate-ldap-attribute-config] []

[wplc-validate-ldap-attribute-config] FYI: The following attributes have a diffenrent type in Portal and in LDAP - No action is required:
[wplc-validate-ldap-attribute-config] seeAlso: String <> 1.3.6.1.4.1.1466.115.121.1.12
[wplc-validate-ldap-attribute-config] Status = Complete
Target finished: wp-validate-standalone-ldap-attribute-config
Mon Mar 30 12:51:21 EDT 2009
Target started: action-post-config


The ConfigTrace.log file has information on what are required attributes in LDAP but are not configured in WebSphere Portal and other way round also attributes where types in LDAP and WebSphere Portal does not match.

Once you have the validation messages either change wkplc.properties or create manageattributes.properties file like this

standalone.ldap.attributes.nonSupported=certificate, members
standalone.ldap.attributes.nonSupported.delete=

standalone.ldap.attributes.mapping.ldapName=mail,title
standalone.ldap.attributes.mapping.portalName=ibm-primaryEmail, ibm-jobTitle
standalone.ldap.attributes.mapping.entityTypes=PersonAccount, Group


and execute the ConfigEngine.bat wp-update-standalone-ldap-attribute-config task to either map attributes from LDAP to portal or mark attributes as not supported.

No comments:

Post a Comment