Configuring WAS for Groups
HCL Connections applications can use group features if they have configured correctly in WebSphere Application Server.
Before you begin
About this task
IBM WebSphere Application Server configuration is necessary to take advantage of the group features and functionality in HCL Connections. Configuration depends on which LDAP repository is configured in WAS and in a specifc LDAP service provider, such as Active Directory, ITDS, Domino, Sun, or Novell. Group expansion and group membership are two different concepts and LDAP servers treat them differently.
Think of Group expansion as performing the action For a particular group, return a list of all its members. Group expansion can occur for direct group membership, for example give me all members for this group, or for a nested level give me all the members of this group, and continue on to expand all the members of groups that are groups and so on, which can be a resource-intensive feature. Users can exploit these features in HCL Connections using type-ahead or the Group Browse feature, searching for groups using type-ahead to enter exact group names, or partial names. In the search results of each application users are presented with a single group, nested groups, or nothing. This capability requires a specific configuration in WAS.
Conversely, Group membership performs the action Return all the groups that a given user or group is a member of, Group membership can discover a person's group and community membership across Connections applications such as Activities, Communities, Files and Wikis. Each application uses it to grant access to content, adding or modifying membership, and so on. LDAP directories can be deployed to use nested groups (groups that contain group members). Determining group membership can affect the performance of Connections applications and directory providers (LDAP).
- Membership
- Member
Configure the Membership and Member attributes as follows:
Procedure
- From the Integrated Solutions Console, navigate to .
- Select your LDAP and then select Group attribute definition from the Additional Properties section.
-
Add the Membership attribute.
If you utilize nested groups, you'll need to be aware of the operational attribute for nested and add that value.
-
Choose the Name of the group Membership operational attribute:
This value depends on the LDAP repository configured in WAS. Refer to LDAP objectclass/attribute pairings for nested groups to determine the appropriate operational attribute for your LDAP service provider.
- Choose the scope of the group membership attribute.
- Click Apply and then OK.
- While still on the Manage repositories tab, select your LDAP type, for example AD2008, and then select Federated repositories entity types to LDAP object classes mapping in the Additional Properties section.
- Enter the Member attribute/Objectclass pairing that is the default for your particular LDAP service provider. This value depends on the LDAP repository configured in WAS. Refer to LDAP objectclass/attribute pairings for nested groups to determine the appropriate operational attribute for your LDAP service provider.
- Click Apply and then OK.