Configuring the database adapter

The database adapter is configured using the wsadmin commands.

About this task

Use the database adapter as a user repository, a property extension repository, or a group repository for users in other repositories, such as an LDAP repository or the file registry.

To use the database adapter to store group membership, configure the repositoriesForGroups option. If the repositoriesForGroups parameter is not specified, the groups in the repository accept members only from the same repository. The groups in a repository also support members from the same repository.

If the repository supports members from other repositories, you must specify the repositoriesForGroups parameter to add the unique repository IDs of those repositories to the repository. The groups in the same repository are ignored when you specify the repositoriesForGroups parameter.

Note: Only groups in database repositories support the members from other repositories. File repositories and LDAP repositories, including Microsoft Active Directory with multiple domains, do not support members from other repositories.

For example, if you want the groups in the database repository to accept the members from an LDAP repository, you need to set the configuration parameter repositoriesForGroups of the LDAP repository to the repository ID of the database repository.

Scripts to configure a database repository are provided. You can run the scripts with the wsadmin command. You can also add members to the groups that are defined in the database by using the wsadmin command. For more information about setting the database adapter, see Configuring a JDBC provider and datasource for virtual member manager and Setting up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands. To use the wsadmin command to add group members, see addMemberToGroup command.

The following code sample is an example of a basic wimconfig.xml file that has been configured to use the database repository (DB1) and an LDAP repository (LDAP1). You can modify the appropriate values that are shown in italic.

 <config:repositories xsi:type="config:DatabaseRepositoryType" 
                    adapterClassName="com.ibm.ws.wim.adapter.db.DBAdapter"
                    id="DB1" 
                    supportPaging="false" 
                    databaseType="db2" 
                    dataSourceName="jdbc/wimDS" 
                    dbURL="jdbc:db2:wim" 
                    dbAdminId="DB_ADMIN_ID" 
                    dbAdminPassword="DB_PASSWORD" 
                    encryptionKey="rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s" 
                    entityRetrievalLimit="200" 
                    saltLength="12">
   <config:baseEntries name="o=default organization"/>
   <config:loginProperties>uid</config:loginProperties>
 </config:repositories>

 <config:repositories xsi:type="config:LdapRepositoryType" id="LDAP1" supportPaging="true"
        supportSorting="true" ldapServerType="IDS">
      <config:baseEntries name="cn=users,dc=yourco,dc=com"/>
      <config:baseEntries name="cn=groups,dc=yourco,dc=com"/>
      <config:repositoriesForGroups>DB1</config:repositoriesForGroups>
      <config:ldapServerConfiguration>
        <config:ldapServers bindDN="cn=root" bindPassword="{xor}Nj0y" sslEnabled="false">
          <config:connections host="localhost" port="389"/>
        </config:ldapServers>
      </config:ldapServerConfiguration>
      <config:ldapEntityTypes name="PersonAccount">
        <config:objectClasses>inetOrgPerson</config:objectClasses>
        <config:searchBases>cn=users,dc=yourco,dc=com</config:searchBases>
      </config:ldapEntityTypes>
      <config:ldapEntityTypes name="Group">
        <config:objectClasses>groupOfNames</config:objectClasses>
        <config:searchBases>cn=groups,dc=yourco,dc=com</config:searchBases>
      </config:ldapEntityTypes>
      <config:ldapEntityTypes name="OrgContainer">
        <config:rdnAttributes name="o" objectClass="organization"/>
        <config:rdnAttributes name="ou" objectClass="organizationalunit"/>
        <config:objectClasses>organization</config:objectClasses>
        <config:objectClasses>organizationalUnit</config:objectClasses>
      </config:ldapEntityTypes>
      <config:groupConfiguration>
        <config:memberAttributes dummyMember="uid=dummy" name="member" objectClass="groupOfNames"/>
        <config:membershipAttribute name=""/>
      </config:groupConfiguration>
      <config:attributeConfiguration>
        <config:attributes name="userPassword" propertyName="password"/>
        <config:attributes name="cn" propertyName="displayName">
          <config:entityTypes>Group</config:entityTypes>
        </config:attributes>
        <config:attributes name="cn" propertyName="cn">
          <config:entityTypes>Group</config:entityTypes>
        </config:attributes>
        <config:propertiesNotSupported name="homeAddress"/>
        <config:propertiesNotSupported name="businessAddress"/>
      </config:attributeConfiguration>
      <config:contextPool enabled="true" initPoolSize="1" maxPoolSize="10" 
                                  poolTimeOut="0" prefPoolSize="5"/>
      <config:cacheConfiguration>
        <config:attributesCache cacheSize="4000" cacheTimeOut="1200"
            enabled="true" cacheDistPolicy="none"/>
        <config:searchResultsCache cacheSize="2000" cacheTimeOut="600" 
            enabled="true" searchResultSizeLimit="1000" cacheDistPolicy="none"/>
      </config:cacheConfiguration>
    </config:repositories>

Note: If the wsadmin command, addMemberToGroup, appears to hang, check whether the isolation level on the data source for the database is set to 2.

Tip: You can specify a user-defined database schema where you want to create the federated repository tables. Use the dbSchema parameter and the tablespacePrefix parameter (tablespacePrefix is for DB2® for z/OS® only) with the setupIdMgrDBTables, deleteIdMgrDBTables, createIdMgrDBRepository, and updateIdMgrDBRepository wsadmin commands.

You can also specify user-defined buffer pools when you create the federated repository tables on DB2 for z/OS. Use the tablesBufferPool, LOBtablesBufferPool, and indextablesBufferPool parameters with the setupIdMgrDBTables wsadmin command.

For more information about these commands, see the IdMgrRepositoryConfig command group for the AdminTask object and Setting up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands topics.