Mapping attributes between LDAP and WebSPhere Portal

Perform the following steps to map attributes between WebSphere Portal and your LDAP server; if you have multiple LDAP servers, you will need to perform these steps for each LDAP server:


  • Run one of the following tasks to check that all defined attributes are available in the configured LDAP user registry

    • Stand alone: ConfigEngine.sh wp-validate-standalone-ldap-attribute-config

    • Federated: ConfigEngine.sh wp-validate-federated-ldap-attribute-config



  • Open the config trace file to review the following output for the PersonAccount and Group entity type:
    The following attributes are defined in WebSphere Portal but not in the LDAP server
    This list contains all attributes that are defined in WebSphere Portal but not available in the LDAP. Flag attributes that you do not plan to use in WebSphere Portal as unsupported. Map the attributes that you plan to use to the attributes that exist in the LDAP; you must also map the uid, cn, firstName, sn, preferredLanguage, and ibm-primaryEmail attributes if they are contained in the list..
    The following attributes are flagged as required in the LDAP server but not in WebSphere Portal
    This list contains all attributes that are defined as "MUST" in the LDAP server but not as required in WebSphere Portal. You should flag these attributes as required within WebSphere Portal; see the step below about flagging an attribute as either unsupported or required.
    The following attributes have a different type in WebSphere Portal and in the LDAP server
    This list contains all attributes that WebSphere Portal might ignore because the data type within WebSphere Portal and within the LDAP server do not match.

  • Enter a value for one of the following sets of parameters in the wkplc.properties file to correct any issues found in the config trace file:
    The following parameters are found under the LDAP attribute configuration heading:

    * standalone.ldap.id
    * standalone.ldap.attributes.nonSupported
    * standalone.ldap.attributes.nonSupported.delete
    * standalone.ldap.attributes.mapping.ldapName
    * standalone.ldap.attributes.mapping.portalName
    * standalone.ldap.attributes.mapping.entityTypes

  • Run one of the following tasks to update the LDAP user registry configuration with the list of unsupported attributes and the proper mapping between WebSphere Portal and the LDAP user registry:

    • Standalone :ConfigEngine.sh wp-update-standalone-ldap-attribute-config

    • Federated: ConfigEngine.sh wp-update-federated-ldap-attribute-config



No comments: