Determine which attribute to use as the unique identifier of each person and group in the organization. This value must be unique across the organization.
By default, WebSphere
® Application Server reserves the following attributes to serve as the unique identifier for the following LDAP directory servers:
- IBM® Tivoli® Directory Server:
- Microsoft® Active Directory:
If you are using Active Directory, remember that the samAccountName attribute has a 20-character limit; other IDs used by IBM Connections have a 256-character limit.
- Microsoft Active Directory Application Mode (ADAM):
To use objectSID as the default for ADAM, add the following line to the <config:attributeConfiguration> section of the wimconfig.xml file:
- IBM Domino® Enterprise Server:
Note: If the bind ID for the Domino LDAP does not have sufficient manager access to the Domino directory, the Virtual Member Manager (VMM) does not return the correct attribute type for the Domino schema query; DN is returned as the VMM ID. To override VMM's default ID setting, add the following line to the <config:attributeConfiguration> section of the wimconfig.xml file:
- Sun Java™ System Directory Server:
- eNovell Directory Server:
- Custom ID:
If your organization already uses a unique identifier for each user and group, you can configure IBM Connections to use that. For more information, see the Specifying a custom ID attribute for users or groups topic.
The wimconfig.xml file is stored in the following location:
You should not allow the GUID of a user in the system to change. If you must change the GUID, the user will not have access to their data until you re-synchronize the LDAP and IBM
Connections databases with the new GUID.
The unique identifiers assigned by LDAP directory servers are unique for an LDAP entry instance. If the user information is deleted and re-added, or imported into another LDAP directory, the GUID changes and the user will not have access to their data until you re-synchronize the LDAP and the Profiles database with the new GUID. To allow deletes and adds, or migration across various LDAP servers (for example, from staging to production), use an LDAP attribute that is fixed across various directories or when entries are recreated.
Parent topic: Preparing to configure the LDAP directory
Choosing login values
Specifying a custom ID attribute for users or groups