Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Setting up a federated repository
349 views
Skip to first unread message
eating
Mar 5, 2008, 3:57:49 AM3/5/08
to
Hi, <br />
I am new to LDAP settings and currently I am setting up a federated repository on WAS.<br />
I want to add a LDAP entry into "Federated repositories" but I cannot find the options for "Advanced Lightweight Directory Access Protocol (LDAP) user registry settings" which is available in "Standalone LDAP registry". However I want to specify some properties like "User filter" and "Group filter".<br />
So anywhere I can find these settings out?
I am new to LDAP settings and currently I am setting up a federated repository on WAS.<br />
I want to add a LDAP entry into "Federated repositories" but I cannot find the options for "Advanced Lightweight Directory Access Protocol (LDAP) user registry settings" which is available in "Standalone LDAP registry". However I want to specify some properties like "User filter" and "Group filter".<br />
So anywhere I can find these settings out?
Paul Ilechko
Mar 5, 2008, 8:57:06 AM3/5/08
to
eating
Mar 7, 2008, 2:37:22 AM3/7/08
to
Greate many thanks!<br />
<br />
I was examining the methods in your article carefully for days. With your guide, I could configure the LDAP into the federated repository and mapped the attributes. Now the users in the LDAP could be searched out, however, when I tried to add them into a group, it gives a <u>"CWWIM4001E The 'uid=XXXXXXX,c=cn,ou=XXXX,o=XXX.com' entity was not found."</u><br />
<br />
Not sure why this happens.
<br />
I was examining the methods in your article carefully for days. With your guide, I could configure the LDAP into the federated repository and mapped the attributes. Now the users in the LDAP could be searched out, however, when I tried to add them into a group, it gives a <u>"CWWIM4001E The 'uid=XXXXXXX,c=cn,ou=XXXX,o=XXX.com' entity was not found."</u><br />
<br />
Not sure why this happens.
Paul Ilechko
Mar 7, 2008, 7:53:07 AM3/7/08
to
Add them into a group how? Generally you would manage groups using the
tools provided by the LDAP itself.
eating
Mar 7, 2008, 10:14:52 PM3/7/08
to
Thanks Paul!<br />
<br />
I guess I cannot modify that LDAP for I should not have the privilege. But I still want to create a group so that some roles in my J2EE application can be mapped to the group.<br />
So actually I am having a read only LDAP repository which contains all the users, while wanting to have a file based local repository holding the groups.<br />
<br />
By the way, I am wondering the cause of the <u>CWWIM4001E The 'uid=XXXXXXX,...</u> error. <br />
In that LDAP the Login attribute is "mail" instead of "uid", so I added a mapping from "uid" to "mail". I guess this will be OK when I try to lookup my user entity using email id like "uss...@jcn.com", since the uid=uss...@jcn.com will be converted into mail=uss...@jcn.com by VMM. But when I turns out to be my real user entity, the DN is uid=217917517,c=cn,ou=... if I then try to fetch that record, the <b>uid=217917517</b> may be converted to <b>mail=217917517</b>, which is obviously wrong.<br />
<br />
Not sure about these.
<br />
I guess I cannot modify that LDAP for I should not have the privilege. But I still want to create a group so that some roles in my J2EE application can be mapped to the group.<br />
So actually I am having a read only LDAP repository which contains all the users, while wanting to have a file based local repository holding the groups.<br />
<br />
By the way, I am wondering the cause of the <u>CWWIM4001E The 'uid=XXXXXXX,...</u> error. <br />
In that LDAP the Login attribute is "mail" instead of "uid", so I added a mapping from "uid" to "mail". I guess this will be OK when I try to lookup my user entity using email id like "uss...@jcn.com", since the uid=uss...@jcn.com will be converted into mail=uss...@jcn.com by VMM. But when I turns out to be my real user entity, the DN is uid=217917517,c=cn,ou=... if I then try to fetch that record, the <b>uid=217917517</b> may be converted to <b>mail=217917517</b>, which is obviously wrong.<br />
<br />
Not sure about these.
Paul Ilechko
Mar 8, 2008, 9:16:10 AM3/8/08
to
eating wrote:
> Thanks Paul!<br />
> <br />
> I guess I cannot modify that LDAP for I should not have the privilege. But I still want to create a group so that some roles in my J2EE application can be mapped to the group.<br />
> So actually I am having a read only LDAP repository which contains all the users, while wanting to have a file based local repository holding the groups.<br />
> <br />
> Thanks Paul!<br />
> <br />
> I guess I cannot modify that LDAP for I should not have the privilege. But I still want to create a group so that some roles in my J2EE application can be mapped to the group.<br />
> So actually I am having a read only LDAP repository which contains all the users, while wanting to have a file based local repository holding the groups.<br />
> <br />
If you don't have the privilege to do it directly, then presumably
neither does the WAS console running under your crendentials ...
eating
Mar 8, 2008, 11:45:40 PM3/8/08
to
Thanks Paul.<br />
I got to know that.
I got to know that.
0 new messages