By default, WebSphere
® Application Server reserves the following attributes as unique identifiers for the following LDAP directory servers:
- IBM® Tivoli® Directory Server:
- Microsoft™ Active Directory:
If you are using Active Directory, remember that the samAccountName attribute has a 20-character limit; other IDs used by IBM Connections have a 256-character limit.
- IBM Domino® Enterprise Server:
Note: If the bind ID for the Domino LDAP does not have sufficient manager access to the Domino directory, the Virtual Member Manager (VMM) does not return the correct attribute type for the Domino schema query; DN is returned as the VMM ID. To override VMM's default ID setting, add the following line to the <config:attributeConfiguration> section of the wimconfig.xml file:
- Sun Java™ System Directory Server:
- eNovell Directory Server:
- Custom ID:
If your organization already uses a unique identifier for each user and group, you can configure IBM Connections to use that identifier. For more information, see the Specifying a custom ID attribute for users or groups topic.
file is stored in the following location:
IBM recommends that you do not allow the GUID of a user to change. If you change the GUID, the user will not have access to their data unless you re-synchronize the LDAP and Profiles database with the new GUID. When you change the GUID and run the sync_all_dns
batch file, the user's GUID is initially changed in the Profiles database, and then propagated to the other components using the user life cycle commands. Be sure when you are running sync_all_dns
that an unchanged field is used as the hash. See the Synchronizing source changes such as LDAP with Profiles
and Managing user data using Profiles administrative commands
topics for more information.
Parent topic: Setting up federated repositories
Specifying a custom ID attribute for users or groups
Managing user data using Profiles administrative commands
Attribute mapping for Profiles