User registry
User information is stored in your user registry. You can
enable LDAP referrals, configure IBM® WebSphere® Portal to use dynamic groups,
update your user registry, or delete your user registry configurations.
Enable federated security
You can use the Configuration Wizard to configure WebSphere Portal to use a federated
LDAP for security. Use the following information to get familiar with the information you must
provide in the wizard and the configuration procedure that it generates.
Worksheet
When you set up the federated security, you answer questions
about your wanted configuration. Some fields apply to all federated
security configurations. Some fields are required based on your environment.
The remaining fields are advanced and do not apply to most configurations.
Enabling federated security
After you answer questions
and provide information about your LDAP, the wizard generates a custom
configuration procedure.
Adding more attributes to VMM
After you install IBM WebSphere Portal and
configuring your LDAP user registries, you must adapt the attribute
configuration to match the configured LDAP servers and your business
needs. However, do not complete these steps if you configured only
a database user registry or the default federated file-based repository
for out-of-box installations.
Enabling application groups
You can define user groups within the database user registry with members (users or
groups) contained in the federated LDAP user registry you configured with application groups. The
benefit of application groups is that you can create groups that are only used in IBM WebSphere Portal .
Advanced group configurations
It is possible to use IBM WebSphere Portal ConfigEngine helper
tasks to set up advanced Virtual Member Manager (VMM) group configurations.
Specifically, it is possible to configure VMM to understand and use
the "Group membership attribute" that many directories support.
Adding a database user registry
Add a database user registry to the default federated repository to store user account
information for authentication and authorization. You can add multiple database user registries to
the default federated repository although you can add only one database user registry at a time.
Adding realm support
A realm is a group of users from one or more user registries
that form a coherent group within IBM WebSphere Portal . Realms allow flexible
user management with various configuration options. A realm must be
mapped to a Virtual Portal to allow the defined users to log in to
the Virtual Portal. When you configure realm support, complete these
steps for each base entry that exists in your LDAP and database user
registry to create multiple realm support.
Updating your user registry
After you deploy IBM WebSphere Portal ,
you can adjustment your federated user repository configurations.
You can update these configurations to achieve the correct user registry
configuration.
Deleting your user registry configurations
After you deploy IBM WebSphere Portal ,
you might not require some of the LDAP entity types, realms, realm
base entries, or repositories that you created. You can delete these
configurations to achieve the correct user registry configuration.