Federating two LDAP servers with a common root organization
All users and organizations reside on a single LDAP server by default. If you require
that shoppers and internal users exist on separate LDAP servers, you can follow this example to set
up this configuration. In this example, B2C shoppers exist under the default organization, which
resides on LDAP server 1, and internal users that manage the site exist under the seller
organization, which resides on LDAP server 2.
Before you begin
Ensure that before you federate multiple LDAP servers (with common root or
different root), you check that the RDN prefix for users is the same, for example uid
or cn
, but not
a mix of both.
Procedure
-
On a single LDAP server, create the following organization structure and user:
o=root organization
- o=seller organization (for administrators)
- o=default organization (for B2C shoppers)
-
Open the HCL Commerce Integration Wizard and specify the following LDAP values:
- root organization: o=root organization
- default organization: o=default organization,o=root organization
- base DN: o=default organization,o=root organization
Important: Do not restart the HCL Commerce server yet. -
Login to Organization Administration Console with the HCL Commerce site administrator
logon ID.
For example, wcsadmin.
-
Create a user with logonId admin under o=seller
organization,o=root organization. Give the new admin user the Site
Administrator role for Root Organization.
Instead of wcsadmin, this new admin user becomes the new site administrator used once federated repositories are configured to point to two base entries.
- Ensure that the admin user can successfully log in to Organization Administration Console.
- From the WebSphere Application Server administration console, create a second LDAP repository by using LDAP server 2, where o=seller organization,o=root organization is the base entry. Include this second LDAP repository in the realm that already includes the first LDAP repository and the file-based repository.
-
Save the changes in the WebSphere Application Server administration console.
Note: The realm in wimconfig.xml now includes the following two base entries:
- LDAP1
<config:baseEntries name="o=default organization,o=root organization" nameInRepository="o=default organization,o=root organization"/>
- LDAP2
<config:baseEntries name="o=seller organization,o=root organization" nameInRepository="o=seller organization,o=root organization"/>
-
Modify WC_installdir/xml/config/wc-server.xml to
specify that Root Organization in the HCL Commerce database must not be synchronized with
LDAP, since it is above the base entries that are defined in the WebSphere Application Server federated
repositories:
-
Modify WC_installdir/xml/config/wc-server.xml to
specify the LDAP DNs of the search bases (base entries) to be used during Logon, SSO, and
UserRegistrationAdd. These DNs must be under the root organization:
-
Try to login to Organization Administration Console by using the new admin user. The admin user
can now manage all the organizations, including the users that are descendants of the base entry
organizations.
Registered shoppers can register and logon to B2C stores. Guest users can also place orders in a B2C store.