By default, Profiles looks at the login table and various
login attributes in the Profiles database. To improve performance,
comment out login attributes that are not used in your environment.
Before you begin
To edit configuration files,
you must use the wsadmin client. See Starting the wsadmin client for
information about how to start the wsadmin command-line tool.
About this task
Default mappings for uid and mail are provided. To use
a mapping for loginId, replace ADMIN_REPLACE in
the loginField element with the appropriate login
attribute specified in WebSphere® Application
Server. This section should only contain those login attributes that
will be used in a deployment. For example, if users only log in with
email, then the mappings for uid and loginId should
be commented out or removed.
For more information on enabling
and disabling access, see Forcing users to log in before they
can access an application.
Note: The login attributes described
here refer to the Profiles database table, not the LDAP; the values
you enter in the Admin Console refer to the LDAP. Thus if an LDAP
field has been added using the Admin Console, you would not need to
add it to the Profiles database using the procedure described here.
Note: When
editing the login table in the Profiles database, you can comment
out login attributes that you do not need, but you should not use
the login table to add new login attributes.
Procedure
- Start the wsadmin client from the following
directory of the system on which you installed the Deployment Manager:
app_server_root\profiles\dm_profile_root\bin
where
app_server_root is
the WebSphere Application
Server installation directory and
dm_profile_root is
the Deployment Manager profile directory, typically dmgr01.
You
must start the client from this directory or subsequent commands that
you enter do not execute correctly.
- Start the Profiles Jython script interpreter.
- Enter the following command
to access the Profiles configuration files:
execfile("profilesAdmin.py") If
prompted to specify a service to connect to, type 1 to pick the first
node in the list. Most commands can run on any node. If the command
writes or reads information to or from a file using a local file path,
you must pick the node where the file is stored.
- Enter the following command
to check out the Profiles configuration files:
ProfilesConfigService.checkOutConfig("working_directory",
"cell_name" where:
- working_directory is the temporary working directory to which the
configuration XML and XSD files are copied and are stored while you make changes to them. Use
forward slashes (/) to separate directories in the file path, regardless of your operating
system.
Note: In order for the command to complete successfully, the directory must
grant write permissions if you are using one of the following operating systems:
- cell_name is the name of the WebSphere Application Server cell hosting
the Profiles application. This argument is required. It is also case-sensitive.
If you do not know the cell name, you can determine it by typing the
following command in the wsadmin command processor: print
AdminControl.getCell()
For example:
- AIX or Linux:
ProfilesConfigService.checkOutConfig("/opt/prof/temp","foo01Cell01")
- Microsoft
Windows:
ProfilesConfigService.checkOutConfig("c:/prof/temp","foo01Cell01")
- Locate the Profiles configuration file, profiles-config.xml,
in the local working directory specified in the checkOutConfig command.
The Profiles configuration file contains the various configuration
settings for the Profiles application. The following section of the
file can be used for customizing login attributes:
<loginAttributes>
<loginAttribute>uid</loginAttribute>
<loginAttribute>email</loginAttribute>
<loginAttribute>loginId</loginAttribute>
</loginAttributes>
Note: The uid, mail, and loginId
options are on the first side of the + in the map_dbrepos_from_source.properties file
and refer to data in the Profiles database table. The value on the
other side of the = is the LDAP (or function) name.
- The uid value pertains to the EMPLOYEE
PROF_UID column.
- The email value pertains to the PROF_MAIL column.
- The loginId value pertains to the EMPLOYEE
PROF_LOGIN column and the PROF_LOGIN table
and refers to the mappings loginId= and logins=.
For example, you could set logins= to employee number.
- Comment out any attributes that are not used in your environment,
as in the following example:
<loginAttributes>
<loginAttribute>uid</loginAttribute>
<! -- The following login attribute is not used
<loginAttribute>email</loginAttribute>
-->
<loginAttribute>loginId</loginAttribute>
</loginAttributes>