Preparing Lightweight Directory Access Protocol with WebSphere Commerce and WebSphere Portal
Before you begin, you must decide what Distinguished Name (DN) you want to use for root organization and default organization. These fundamental organizations are part of the WebSphere Commerce member subsystem. The WebSphere Commerce Member Subsystem can only access the root organization, and all entries that are descendants of it. Since WebSphere Portal is sharing a user registry with WebSphere Commerce, both applications must be able to find the users therefore the users must be created anywhere beneath the WebSphere Commerce Root organization. The WebSphere Commerce default organization (Default Organization) is a direct descendant of the WebSphere Commerce root organization (Root Organization), and is the parent of guest and B2C users. However, B2B users should not be created under the Default Organization. Instead, they should be created under their respective buyer and seller organizations. If a user is manually created in the LDAP server, then when the user logs on to WebSphere Portal which triggers a single sign-on to WebSphere Commerce, the user will be automatically replicated into the WebSphere Commerce database. The attributes that are replicated is determined based on the ldapentry.xml file. When the user is created in the WebSphere Commerce database, the profile type of the user will be specified as 'C' (B2C user) if the parent organization of the user is Default Organization, and 'B' (B2B user) otherwise. This is important because only 'B' type users can be managed from the Organization Administration Console, whereas 'C' type users can be managed from the Accelerator.
About this task
MemberRegistrationAttributes.xml can be used to dynamically assign WebSphere Commerce roles to authenticated users when performing single sign on to WebSphere Commerce. A typical usage can be if the LDAPUserSuffix in WebSphere Portal does not refer to the same organization as the WebSphere Commerce default organization, you can modify the memberAncestor attribute in the MemberRegistrationAttributes.xml in WebSphere Commerce with the full DN of the WebSphere Portal default DN suffix, LDAPUserSuffix. This will allow users from that LDAPUserSuffix organization to be assigned with the specified WebSphere Commerce roles for accessing the required WebSphere Commerce functions. The following example illustrates how, upon single sign on to WebSphere Commerce from WebSphere Portal, to automatically assign WebSphere Commerce roles to B2C users that belongs to a default organization with the LDAPUserSuffix name. In the file named MemberRegistrationAttributes.xml, search for the following section:
<User registrationType="LDAPLogon" memberAncestor="o=Default Organization,o=Root Organization" storeAncestor="o=Root Organization">
<Role name="Registered Customer" roleContext="storeOwner" DN="o=Reseller Organization,o=Root Organization"/>
<Role name="Registered Customer" roleContext="storeOwner" DN="o=Extended Sites Seller Organization,o=Root Organization"/>
<Role name="Registered Customer" roleContext="storeOwner" DN="o=Seller Organization,o=Root Organization"/>
<Role name="Registered Customer" roleContext="storeOwner" DN="o=Supplier Organization,o=Root Organization"/>
</User>
Replace "o=default organization, o=root organization" with the full DN of the LDAPUserSuffix organization. More information about this file can be found on the MemberRegistrationAttributes XML and DTD files page.
After you decide on the DN for root organization and default organization, complete the following steps: