Configuring the external user LDAP realm

Set up or designate an LDAP realm that is separate from the directory realm that manages internal users for your organization. The LDAP server can be any type that is supported by FileNet P8 Platform and IBM Content Navigator. However, because of the need for two separate and distinct directory configurations, IBM Virtual Member Manager is not supported.

About this task

If you choose to use the same LDAP server (or the same set of LDAP servers set up for replication) to host both internal and external user organizations, make sure that:

The internal and external user subtrees are not in any ancestor-descendant relationship.
The two subtrees, if they stem from a single LDAP domain root, are independent of one another.
The external realm name is the same for both the Content Platform Engine and IBM Content Navigator installations.
The external realm name is different from the internal realm name.

Procedure

Set up your LDAP realm for external users, with the following requirements:

The LDAP short name for a user must be unique across all LDAP realms that are configured in your domain. For details, see the following information: Directory service providers
For WebSphere Application Server, the internal and external LDAP directory realms must be federated.
Your dedicated external LDAP directory realm must include the mail attribute for users, including an email address, to support the email notification feature.

It is also recommended that the LDAP directory realm include settings to map the User Display Name attribute to displayName.