Preparing the LDAP server for use with WebSphere Commerce
The steps on this page describe how to prepare
an LDAP server to use with WebSphere Commerce.
Before you begin
Ensure that WebSphere Commerce has write access on the LDAP server. Read-only access is not supported.
Determine the DN of the Root organization and the Default organization. These fundamental organizations are part of the WebSphere Commerce membership system. Root Organization is at the top of the membership hierarchy, and all other organizations are descendants of it. Default Organization is directly under Root Organization, and is the parent of guest and B2C users. Do not create B2B users under the Default Organization. Create B2B users under their respective buyer and seller organizations.
If
a user is manually created in the LDAP server and then the user logs
on to WebSphere Commerce, or performs single sign-on to WebSphere
Commerce, the user is automatically replicated into the WebSphere
Commerce database, however the password remains only on the LDAP server.
When the user is created in the WebSphere Commerce database, the user
profile type is determined by the parent organization:
- Parent organization of the user is Default Organization - profile
type
'C' (B2C user) - Parent organization of the user is not Default Organization -
profile type
'B' (B2B user)
Note: The relationship of the user to its parent
organizations is defined in the MBRREL table
and mirrored in user DN.
WebSphere Commerce provides default
DNs that you can customize:
- Root Organization
- Default DN:
o=root organizationExample of customized DN:
dc=domain,dc=ibm,dc=com - Default Organization
- Default DN:
o=default organization,o=root organizationExample of customized DN:
cn=users,dc=domain,dc=ibm,dc=com