- Local operating system registry.
- A single, standalone Lightweight Directory Access Protocol (LDAP) registry.
- A single implementation of the Custom User Registry interface.
It is possible to implement a Custom User Registry that enables access to multiple other registries, but this can involve a significant development effort that ultimately would only support read-only operations.
WebSphere Application Server V6.1 provides a new option: a federated user repository. This feature makes it much simpler to use multiple repositories, since this capability is achieved through configuration -- rather than development -- with the use of the new Virtual Member Manager (VMM).
In essence, this feature provides the ability to map entries from multiple individual user repositories into a single virtual repository. The federated repository consists of a single named realm, which is a set of independent user repositories. Each repository may be an entire external repository or, in the case of LDAP, a subtree within that repository. The root of each repository is mapped to something called a base entry within the federated repository, which is basically a starting point within the hierarchical namespace of the virtual realm.
What we are discussing here is the idea of one logical registry containing users from multiple underlying repositories. To the WebSphere Application Server runtime, there is still only one registry, and thus, all applications in the cell still share this one single registry
A federated repository enables you to use multiple repositories with WebSphere Application Server V6.1. These repositories, which can be file-based repositories, LDAP repositories, or a sub-tree of an LDAP repository, are defined and theoretically combined under single realm. All of the user repositories that are configured under the federated repository functionality are transparent to WebSphere Application Server.
Tips for multiple user repositories: The user ID and the DN for an LDAP repository must be unique in multiple user repositories that are configured under the same federated repository configuration. In addition, the federated repositories functionality in WebSphere Application Server supports the logical joining of entries across multiple user repositories when the application server searches and retrieves entries from the repositories.
One problem with federated repositories is that even if one LDAP server is down, nobody can login. So, suppose two companies share a same Maximo instance perhaps, one company can purposefully keep their LDAP down, just to keep the other company from using the instance. Not that anyone will actually do it, but it is a real concern
ReplyDeleteRefer the link to fix the issue (if one of the repository is not available)
ReplyDeletehttp://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.wim.doc%2FUnableToAuthenticateWhenRepositoryIsDown.html
This is the goal I want to achieve
ReplyDeleteI don't want the LDAP dependency for the Admin console users & also I want Microsoft Active directory (LDAP) to be configured for Application users.
Can you please guide me or give me the link for the solution?