Saturday, April 25, 2009

Configuration Web Content Management for accomodating multiple LDAP sources

Each time syndication takes place between your IBM® Web Content Management (WCM) authoring and rendering nodes--each configured to access a different LDAP source--you have the run the MemberFixer tool to remove extraneous references and avoid "member not found" exceptions.

The WCM users who author content are present in the internal user LDAP source. When syndication propagates content from the authoring to the rendering server, which is coupled to a different LDAP source, all the references to internal LDAP entries results in "member not found" exceptions.

The only known solution to remove those unnecessary references to is utilize the MemberFixer utility each time syndication runs.

Your IBM Web Content Management environment includes and authoring WCM server connected to one LDAP source and one or more WCM rendering services configured to perform user look-ups on a different LDAP source.

Resolving the problem
Running the MemberFixer after every syndication is not how the product is designed to function, nor is it a recommended solution.
Web Content Management integrates within environments possessing more than one LDAP environment so long as both the DN and WMM External ID for each member (internal as well as external) resolves to the correct entity in each of the various LDAP sources.

There are two options:

1. Establish LDAP sources in which the DNs are consistent across the multiple environments

If the DNs are not the same across LDAP environments--that is to say that the LDAP sources contain different users and groups--then a common set of groups must be included in each LDAP. Each of these newly-created common groups must be given the DN and WMM External ID. Next, configure your WCM security utilizing these common groups. Each common group, however, may contain different members, depending on the particular LDAP directory.

2. Modify the WMM configuration to pull the WMM External ID from an accessible LDAP attribute.

NOTE: This step assumes that LDAP data is configured to replicate between each environment.

Once either option 1 or option 2 is configured, the MemberFixer will need to be run ONCE to update the data on the authoring server. Once complete, the Member Fixer tool not need to be re-run again.

WebSphere Portal Information Center topic: Mapping external IDs (extId) in Member Manager