Table of contents | Next | Previous

Multiple LDAP Directories and Lotus Web Content Management

WebSphere Portal and Web Content management allows aggregation of users from one or more LDAP trees of the user registry and exposes them as a coherent user population.  This is achieved by using realms. This can also be referred as horizontal partitioning.

A realm can:

• overlap which allows users to belong to more than one realms
• aggregate one or more nodes in a user registry
• combine multiple suffixes of one user repository

The following picture depicts the relationship between LDAP, realms and virtual portals.

Figure - Relationship between LDAP, realms and virtual portals

As shown in the figure above, part of the LDAP1 is used to create Realm1, which is configured to a set of Virtual Portal.  Realm2 actually overlays and covers the same group as Realm1 and the same group of people in LDAP1. The virtual portals are configured the each align with a realm. In this case realm1 and virtual portal 1 align and then Realm2 and VP2 align and happen to be the same group of people from LDAP1. With Realm3 we show the ability of a realm to cross over multiple LDAPs.  It is really this ability that is used to support multiple LDAP within the Portal.

Multiple Realm Configuration

Tasks to manage Realms

Tasks provided with WebSphere portal for managing realms can be categorized into two areas: Pure Realm Managing, and Configuring Content of the Realm.

1. Pure Realm Managing – This will help performing the CRUD operations of Realm in your environment
• wp-create-realm
• wp-update-realm
• wp-delete-realm
• wp-default-realm

 

2. Configuring content of the Realm – This will help modify the list of base entries and modify the default base entry where Users and Groups are created
   • wp-add-realm-baseentry
   • wp-delete-realm-baseentry
   • wp-query-realm-baseentry
   • wp-modify-realm-defaultparents

 

Sample configuration steps

This section provides a sample configuration steps for multiple LDAP configurations

Consider a case where an organization has LDAP A and LDAP B.

LDAP A has the prefix as follows:
o=test.com

LDAP B has the following prefixes:
o=mycorp
o=externals

Following are the samples configurations steps to be followed for the above mentioned LDAP systems.

1. Add both Repositories to vmm using wp-create-ldap
2. Add a second baseEntry to LDAP B using wp-create-base-entry
3. Now your plan is to have a Realm per LDAP and for LDAP B in addition to one realm per baseentry

Following are the list of tasks to be done to achieve the above:

Following are the steps to create the necessary realms:

1. Add LDAP A by using “ wp-create-realm realmname=LDAP_A addBaseEntry=o=foo.bar ”
   After this task succeeds, LDAP A is added.
2. Add LDAP B by using “ wp-create-realm realmname=LDAP_B addBaseEntry=o=mycorp ”
   After this task succeeds, LDAP B realm is added.
3. Add LDAP B -> o=mycorp by using “ wp-create-realm realmname=LDAP_B_mycorp addBaseEntry=o=mycorp ” After this task succeeds, LDAP - prefix mycorp realm is added.
4. Add LDAP B -> o=externals prefix by using “ wp-create-realm realmname=LDAP_B_external addBaseEntry=o=externals ”
   After this task succeeds, LDAP B – prefix externals realm is added.

Now you have 4 Realms with each one containing a single BaseEntry.

 Finally, add the second BaseEntry for LDAP B by using “ wp-add-realm-baseentry realmname=LDAP_B addBaseEntry=o=externals” The following article discusses aggregation of users from one or more LDAP trees of the user registry and how to expose them as a coherent user population. This is achieved by using realms. This can also be referred as horizontal partitioning.