Limitations of federated repository

  • Only one user repository can be configured to be the target for creating users/groups from the administration console. By default, this is the file repository, but this can be changed, as you will see later. You can use the user and group management wsadmin commands to create users/groups in other repositories, or use native tools for those repositories.

  • The username (for example, LDAP uid) must be unique across the different repositories. For example, users cannot have the same uid in different LDAP directories, even under different org structures.

  • If one or more repository in the federation is down, you will not be able to authenticate (even as an admin), regardless of which repository your particular ID is stored in. The VMM component always checks all repositories before letting an authentication to succeed.

  • Although VMM has the capability to support multiple realms, WebSphere Application Server only supports a single realm at this time. This is defined at the cell level and is shared by all applications.

No comments: