All users and organizations reside on a single LDAP server
by default. If you require that shoppers and internal users exist
on separate LDAP servers, you can follow this example to set up this
configuration. In this example, B2C shoppers exist under the default
organization, which resides on LDAP server 1, and internal users that
manage the site exist under the seller organization, which resides
on LDAP server 2.
Before you begin
Ensure that before you federate multiple LDAP
servers (with common root or different root), you check that the RDN
prefix for users is the same, for example uid or cn, but not a mix
of both.
Procedure
- On a single LDAP server, create the following organization
structure and user:
o=root organization
- o=seller organization (for administrators)
- o=default organization (for B2C shoppers)
- Open the WebSphere
Commerce Integration Wizard and specify the following LDAP
values:
- root organization: o=root organization
- default organization: o=default organization,o=root
organization
- base DN: o=default organization,o=root organization
Important: Do not restart the WebSphere Commerce
server yet.
- Login to Organization Administration
Console with the WebSphere Commerce site administrator logon
ID.
For example, wcsadmin.
- Create a user with logonId admin under o=seller
organization,o=root organization. Give the new admin user
the Site Administrator role for Root
Organization.
Instead of wcsadmin, this
new admin user becomes the new site administrator used once federated
repositories are configured to point to two base entries.
- Ensure that the admin user can successfully log in to Organization
Administration Console.
- From the WebSphere Application Server administration console,
create a second LDAP repository by using LDAP server 2, where o=seller
organization,o=root organization is the base entry. Include
this second LDAP repository in the realm that already includes the
first LDAP repository and the file-based repository.
- Save the changes in the WebSphere Application Server administration
console.
Note: The realm in
wimconfig.xml now
includes the following two base entries:
- LDAP1
<config:baseEntries name="o=default organization,o=root
organization" nameInRepository="o=default organization,o=root organization"/>- LDAP2
<config:baseEntries name="o=seller organization,o=root
organization" nameInRepository="o=seller organization,o=root organization"/>
- Modify WC_installdir/xml/config/wc-server.xml to
specify that Root Organization in the WebSphere Commerce database
must not be synchronized with LDAP, since it is above the base entries
that are defined in the WebSphere Application Server federated repositories:
- Find the
SyncOrganizationExclusionList element.
- Add any organization DN values that exist in WebSphere
Commerce database, but are above the base entries.
For
example, Root Organization:
<SyncOrganizationExclusionList display="false">
<Org DN="o=root organization"/>
</SyncOrganizationExclusionList>
- Modify WC_installdir/xml/config/wc-server.xml to
specify the LDAP DNs of the search bases (base entries) to be used
during Logon, SSO, and UserRegistrationAdd. These DNs must be under
the root organization:
- Find the
MemberSubSystem element.
- Add the following sub element inside, specifying the
base entry LDAP DNs. These DNs must be under the LDAP Root Organization:
<SearchBases display="false">
<Org DN="o=default organization,o=root organization"/>
<Org DN="o=seller organization,o=root organziation"/>
</SearchBases>
- Run UpdateEAR to propagate the wc-server.xml changes
to the EAR.
- Restart the WebSphere Commerce
Server.
- Try to login to Organization Administration Console by
using the new admin user. The admin user can now manage all the organizations,
including the users that are descendants of the base entry organizations.
Registered shoppers can register and logon to consumer direct
stores. Guest users can also place orders in a consumer direct store.