LDAP User Registry in Federated repository

After Adding LDAP Server to Federated REpository you can take a look at Admin Console. You will notice that there is one more repository added in the realm, the name of the repository would be adminldap (this is what i set as value of federated.ldap in the wp_add_federated_ids.properties), the type of the repository is LDAP.IDS6.


Now click on the adminldap link and you will see details of the configuration like this.


You see name of the LDAP server, bind user name and password,..etc.

If you open the wimconfig.xml file you will notice that it is updated to add one new <config:repositories> element. It has the bind user id and the bind user password is XOR encoded.

<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:config="http://www.ibm.com/websphere/wim/config" xmlns:sdo="commonj.sdo">
<config:configurationProvider maxPagingResults="500" maxSearchResults="4500" maxTotalPagingResults="1000"
pagedCacheTimeOut="900" pagingEntityObject="true" searchTimeOut="600000">
<config:dynamicModel xsdFileName="wimdatagraph.xsd"/>
<config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="Group">
<config:rdnProperties>cn</config:rdnProperties>
</config:supportedEntityTypes>
<config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="OrgContainer">
<config:rdnProperties>o</config:rdnProperties>
<config:rdnProperties>ou</config:rdnProperties>
<config:rdnProperties>dc</config:rdnProperties>
<config:rdnProperties>cn</config:rdnProperties>
</config:supportedEntityTypes>
<config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="PersonAccount">
<config:rdnProperties>uid</config:rdnProperties>
</config:supportedEntityTypes>
<config:repositories xsi:type="config:FileRepositoryType" adapterClassName="com.ibm.ws.wim.adapter.file.was.FileAdapter"
id="InternalFileRepository" supportPaging="false" messageDigestAlgorithm="SHA-1">
<config:baseEntries name="o=defaultWIMFileBasedRealm"/>
</config:repositories>
<config:repositories xsi:type="config:LdapRepositoryType" adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter"
id="adminldap" isExtIdUnique="true" supportAsyncMode="false" supportExternalName="false"
supportPaging="false" supportSorting="false" supportTransactions="false" certificateFilter=""
certificateMapMode="EXACT_DN" ldapServerType="IDS6" translateRDN="false">
<config:baseEntries name="dc=ibm,dc=com" nameInRepository="dc=ibm,dc=com"/>
<config:loginProperties>uid</config:loginProperties>
<config:ldapServerConfiguration primaryServerQueryTimeInterval="15" returnToPrimaryServer="true"
searchCountLimit="500" searchTimeLimit="120000" sslConfiguration="">
<config:ldapServers authentication="simple" bindDN="uid=wpsbind,cn=users,dc=ibm,dc=com"
bindPassword="{xor}KC8sPTYxOw==" connectionPool="false" connectTimeout="0"
derefAliases="always" referal="ignore" sslEnabled="false">
<config:connections host="localhost" port="389"/>
</config:ldapServers>
</config:ldapServerConfiguration>
<config:ldapEntityTypes name="OrgContainer">
<config:rdnAttributes name="o" objectClass="organization"/>
<config:rdnAttributes name="ou" objectClass="organizationalUnit"/>
<config:rdnAttributes name="dc" objectClass="domain"/>
<config:rdnAttributes name="cn" objectClass="container"/>
<config:objectClasses>organization</config:objectClasses>
<config:objectClasses>organizationalUnit</config:objectClasses>
<config:objectClasses>domain</config:objectClasses>
<config:objectClasses>container</config:objectClasses>
</config:ldapEntityTypes>
<config:ldapEntityTypes name="PersonAccount" searchFilter="(objectclass=inetOrgPerson)">
<config:objectClasses>inetOrgPerson</config:objectClasses>
<config:searchBases>cn=users,dc=ibm,dc=com</config:searchBases>
</config:ldapEntityTypes>
<config:ldapEntityTypes name="Group" searchFilter="(objectclass=groupOfUniqueNames)">
<config:objectClasses>groupOfUniqueNames</config:objectClasses>
<config:searchBases>cn=groups,dc=ibm,dc=com</config:searchBases>
</config:ldapEntityTypes>
<config:groupConfiguration>
<config:memberAttributes dummyMember="uid=dummy" name="member" objectClass="groupOfNames"
scope="direct"/>
<config:memberAttributes dummyMember="uid=dummy" name="uniqueMember" objectClass="groupOfUniqueNames"
scope="direct"/>
<config:membershipAttribute name="ibm-allGroups" scope="direct"/>
</config:groupConfiguration>
<config:attributeConfiguration>
<config:attributes name="userPassword" propertyName="password"/>
<config:propertiesNotSupported name="homeAddress"/>
<config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration>
<config:contextPool enabled="true" initPoolSize="1" maxPoolSize="20" poolTimeOut="0"
poolWaitTime="3000" prefPoolSize="3"/>
<config:cacheConfiguration>
<config:attributesCache attributeSizeLimit="2000" cacheSize="4000" cacheTimeOut="1200"
enabled="true"/>
<config:searchResultsCache cacheSize="2000" cacheTimeOut="600" enabled="true"
searchResultSizeLimit="1000"/>
</config:cacheConfiguration>
</config:repositories>
<config:realmConfiguration defaultRealm="defaultWIMFileBasedRealm">
<config:realms delimiter="/" name="defaultWIMFileBasedRealm" securityUse="active">
<config:participatingBaseEntries name="o=defaultWIMFileBasedRealm"/>
<config:participatingBaseEntries name="dc=ibm,dc=com"/>
<config:uniqueUserIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:userDisplayNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:uniqueGroupIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:groupSecurityNameMapping propertyForInput="cn" propertyForOutput="cn"/>
<config:groupDisplayNameMapping propertyForInput="cn" propertyForOutput="cn"/>
</config:realms>
</config:realmConfiguration>
<config:pluginManagerConfiguration>
<config:topicSubscriberList>
<config:topicSubscriber topicSubscriberName="DefaultDAViewProcessor" topicSubscriberType="ModificationSubscriber">
<config:className>com.ibm.ws.wim.plugins.orgview.impl.DefaultDAViewProcessorImpl</config:className>
</config:topicSubscriber>
</config:topicSubscriberList>
<config:topicRegistrationList>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.create">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="createInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.delete">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="deleteInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.update">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.get">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="getInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.authz.ProfileSecurityManager">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="getInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
</config:topicRegistrationList>
</config:pluginManagerConfiguration>
<config:authorization defaultAttributeGroup="default" importPolicyFromFile="true"
isAttributeGroupingEnabled="true" isSecurityEnabled="true" jaccPolicyClass="com.ibm.sec.authz.provider.CommonAuthzPolicy"
jaccPolicyConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzPolicyConfigurationFactory"
jaccPrincipalToRolePolicyFileName="wim-rolemapping.xml" jaccPrincipalToRolePolicyId="WIM Policy"
jaccRoleMappingClass="com.ibm.sec.authz.provider.CommonAuthzRoleMapping" jaccRoleMappingConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzRoleMappingConfigurationFactory"
jaccRoleToPermissionPolicyFileName="wim-policy.xml" jaccRoleToPermissionPolicyId="WIM Policy"
useSystemJACCProvider="false">
<config:attributeGroups>
<config:groupName>general</config:groupName>
<config:attributeNames>cn</config:attributeNames>
<config:attributeNames>sn</config:attributeNames>
<config:attributeNames>uid</config:attributeNames>
</config:attributeGroups>
<config:attributeGroups>
<config:groupName>sensitive</config:groupName>
<config:attributeNames>password</config:attributeNames>
</config:attributeGroups>
<config:attributeGroups>
<config:groupName>unchecked</config:groupName>
<config:attributeNames>identifier</config:attributeNames>
<config:attributeNames>createTimestamp</config:attributeNames>
<config:attributeNames>modifyTimestamp</config:attributeNames>
<config:attributeNames>entitlementInfo</config:attributeNames>
</config:attributeGroups>
</config:authorization>
</config:configurationProvider>
</sdo:datagraph>

No comments:

Post a Comment