Customizing login attributes
By default, Profiles looks at the login table and various login attributes in the Profiles database. To improve performance, comment out login attributes that are not used in your environment.
Before you begin
To edit configuration files, you must use the wsadmin client. See Starting the wsadmin client for information about how to start the wsadmin command-line tool.
About this task
Default mappings for uid and mail are provided. To use a mapping for loginId, replace ADMIN_REPLACE in the loginField element with the appropriate login attribute specified in WebSphere® Application Server. This section should only contain those login attributes that will be used in a deployment. For example, if users only log in with email, then the mappings for uid and loginId should be commented out or removed.
For more information on enabling and disabling access, see Forcing users to log in before they can access an application.
Procedure
- Start the wsadmin client from the following
directory of the system on which you installed the Deployment Manager:
where app_server_root is the WebSphere® Application Server installation directory and dm_profile_root is the Deployment Manager profile directory, typically dmgr01.app_server_root\profiles\dm_profile_root\bin
You must start the client from this directory or subsequent commands that you enter do not execute correctly.
- Start the Profiles Jython script interpreter.
- Locate the Profiles configuration file, profiles-config.xml,
in the local working directory specified in the checkOutConfig command.
The Profiles configuration file contains the various configuration
settings for the Profiles application. The following section of the
file can be used for customizing login attributes:
<loginAttributes> <loginAttribute>uid</loginAttribute> <loginAttribute>email</loginAttribute> <loginAttribute>loginId</loginAttribute> </loginAttributes>
Note: The uid, mail, and loginId options are on the first side of the + in the map_dbrepos_from_source.properties file and refer to data in the Profiles database table. The value on the other side of the = is the LDAP (or function) name.- The uid value pertains to the EMPLOYEE PROF_UID column.
- The email value pertains to the PROF_MAIL column.
- The loginId value pertains to the EMPLOYEE PROF_LOGIN column and the PROF_LOGIN table and refers to the mappings loginId= and logins=. For example, you could set logins= to employee number.
- Comment out any attributes that are not used in your environment,
as in the following example:
<loginAttributes> <loginAttribute>uid</loginAttribute> <! -- The following login attribute is not used <loginAttribute>email</loginAttribute> --> <loginAttribute>loginId</loginAttribute> </loginAttributes>