When using an external directory for security in WebSphere Portal 6.1, you may find that some of the attributes in your directory are not available to applications, even through direct PUMA calls. This is because WP only has default access to a base set of default attributes and anything outside of this set has to be mapped manually.
Adding these attribute mappings for WebSphere Portal 6.1 can be a little tricky, but once you've done it a few times it gets easier. The following article attempts to provide a concise list of the steps required to add custom LDAP Attributes to your IBM WebSphere Portal 6.1 cluster.
The full IBM InfoCenter document can be found here: http://publib.boulder.ibm.com/infocenter/wpexpdoc/v6r1/index.jsp?topic=/com.ibm.wp.exp.doc_v6101/install/i5os_add_attributes.html
Special thanks to Gabriel Boie (http://theoreticaltechstuff.blogspot.com) for providing clarifying information regarding this task!
I will assume that you already have a valid LDAP configuration and that you know your primary node's profile path and can find both the ConfigEngine.sh/bat and wkplc.properties files.
This config engine task installs the WIM application required to add and map the new LDAP attributes.
- Stand-Alone:
ConfigEngine.bat wp-la-install-ear -DWasPassword=password
- Clustered: This must be run on the primary node, but the Server and Node name parameters are for the deployment manager.
ConfigEngine.bat wp-la-install-ear -DWasPassword=password –DServerName=server_name –DNodeName=node_name
- Restart the Cluster.
Add the LDAP Attributes
- Backup the wkplc.properties file in your primary node, then open it in a text editor.
- Find and update the following properties with values that meet your needs - the following is an example specific to my environment.
la.providerURL=corbaloc:iiop:localhost:10031
la.propertyName=extendedAttribute01
la.entityTypes=PersonAccount
la.dataType=String
la.multiValued=true
- Save the wkplc.properties file and execute the following ConfigEngine command:
ConfigEngine.bat wp-add-property -DWasPassword=password
TIP: A connection refused error will occur if the providerURL address and/or port are incorrect. Check your server settings for address and port.
TIP: A NameNotFoundException following a message stating that the WIMServiceHome EJB could not be found will likely occur if you neglect to restart the cluster after installing or reinstalling WIMSystem (wp-la-install-ear).
TIP: An error stating that the service must be run on the deployment manager (paraphrased, I don't have the exact message, sorry) most likely indicates that WIMSystem.ear was installed using an incorrect server and/or node name. The following technote addresses this situation: http://www-01.ibm.com/support/docview.wss?uid=swg21383774
TIP: Provide LDAP credentials at the prompt. Your bind account should have write access, though these mappings are possible without them.
- REPEAT the steps under "Add the LDAP Attributes" once for each attribute you need to add.
Map LDAP Attribute Names in Portal
For the final step, we have to map the LDAP attribute names to Portal attribute names. This simple process is described in http://publib.boulder.ibm.com/infocenter/wpexpdoc/v6r1/index.jsp?topic=/com.ibm.wp.exp.doc_v6101/install/i5os_add_attributes.html. The following example applies to standalone LDAP only! For federated LDAP, reference the aforementioned infocenter document.
For the final step, we have to map the LDAP attribute names to Portal attribute names. This simple process is described in http://publib.boulder.ibm.com/infocenter/wpexpdoc/v6r1/index.jsp?topic=/com.ibm.wp.exp.doc_v6101/install/i5os_add_attributes.html. The following example applies to standalone LDAP only! For federated LDAP, reference the aforementioned infocenter document.
- Update your wkplc.properties files with the appropriate LDAP names, desired portal names, and matching entity types.
standalone.ldap.attributes.mapping.ldapName= extensionAttribute2, extensionAttribute6, extensionAttribute8, extensionAttribute10, extensionAttribute11, extensionAttribute13
standalone.ldap.attributes.mapping.portalName= DepartmentCode, DivisionCode, ManagerCode, EmployeeGrade, BuildingName, BusinessUnit
standalone.ldap.attributes.mapping.entityTypes=PersonAccount, PersonAccount, PersonAccount, PersonAccount, PersonAccount, PersonAccount
Execute the following ConfigEngine task:
- ConfigEngine.bat|sh wp-update-standalone-ldap-attribute-config -DWasPassword=password
