Monday, August 24, 2009

Adding Custom Attributes to WebSphere Portal

Before adding any new attribute, the current attribute configuration should be validated and corrected with proper mappings and removing not required attributes.

How to Validate/Verify the Attribute Mapping ?

Run ConfigEngine.bat wp-validate-standalone-ldap-attribute-config -DWasPassword=secret
After successfully completing the above command, review the ConfigTrace.log file from \ConfigEngine\log Folder.

For Person Account and Group entity types you may see possible problems.

In my case this is the output:

Possible problems for PersonAccount:

The following attribues are defined in Portal but not in LDAP - You should either flag them as unsupported or define an attribute mapping:
[groups, identifier, ibm-jobTitle, entitlementInfo, realm, viewIdentifiers, certificate, stateOrProvinceName, createTimestamp, modifyTimestamp, ibm-primaryEmail, children, parent, c, partyRoles, principalName, countryName, localityName]

The following attributes are flagged as required in LDAP but not in Portal - You should flag them as required in Portal, too:
[sn, cn]

FYI: The following attributes have a diffenrent type in Portal and in LDAP - No action is required:
jpegPhoto: Base64Binary <> 1.3.6.1.4.1.1466.115.121.1.5
password: Base64Binary <> 1.3.6.1.4.1.1466.115.121.1.40{128}
seeAlso: String <> 1.3.6.1.4.1.1466.115.121.1.12

Possible problems for Group:

The following attribues are defined in Portal but not in LDAP - You should either flag them as unsupported or define an attribute mapping:
[modifyTimestamp, groups, members, identifier, displayName, parent, children, entitlementInfo, partyRoles, viewIdentifiers, createTimestamp]

The following attributes are flagged as required in LDAP but not in Portal - You should flag them as required in Portal, too:
[]

FYI: The following attributes have a diffenrent type in Portal and in LDAP - No action is required:
seeAlso: String <> 1.3.6.1.4.1.1466.115.121.1.12

Status = Complete
------

Correct the Attribute Mappings:

Based on the above report I should remove some attributes from personAccount and flag sn and cn] as required.

Modify the wkplc.properties with the following:

standalone.ldap.attributes.nonSupported=groups, identifier, ibm-jobTitle, entitlementInfo, realm, viewIdentifiers, certificate, stateOrProvinceName, createTimestamp, modifyTimestamp, children, parent, c, partyRoles, principalName, countryName, localityName

standalone.ldap.attributes.mapping.ldapName=
mail
standalone.ldap.attributes.mapping.portalName=ibm-primaryEmail


standalone.ldap.attributes.mapping.entityTypes=PersonAccount,Group

The above configuration also maps the ibm-primaryEmail to mail in LDAP.

Run ConfigEngine.bat wp-update-standalone-ldap-attribute-config -DWasPassword=secret

Update the general attribute configuration :

Update wkplc.properties file:

user.attributes.required= sn,cn
user.attributes.nonsupported= groups,identifier,ibm-jobTitle,entitlementInfo,realm,viewIdentifiers,certificate,stateOrProvinceName,createTimestamp,modifyTimestamp,ibm-primaryEmail,children,parent,c,partyRoles,principalName,countryName,localityName

Run ConfigEngine.bat wp-update-attribute-config -DWasPassword=secret

Stop and restart Portal server.

Now if you re verify the attribute config using wp-validate-standalone-ldap-attribute-config, the log should show no problems.

How to Add Custom Attributes?
Before adding custom attributes to VMM, make sure the LDAP schema is extended to support these attributes.

I followed this simle process to add multiple attributes.
First install the attribute installer.
  1. ConfigEngine.bat wp-la-install-ear -DWasPassword=secret
  2. cd ../bin
  3. stopServer.bat server1 -username wpsadmin -password secret
  4. stopServer.bat WebSphere_Portal -username wpsadmin -password secret
  5. startServer.bat server1
  6. startServer.bat WebSphere_Portal
Next, Install one attribute

Edit wkplc.properties with the following info:

la.propertyName=userCompanyId
la.entityTypes=PersonAccount
la.dataType=String
la.multiValued=false

Run ConfigEngine.bat wp-add-property -DWasPassword=secret


After running the above command, a file wimxmlextension.xml will be created in \config\cells\\wim\model folder.

If you want to add any additional attributes, you can directley edit this file (copy existing attributes and modify the values as needed.)

Restart the Portal for changes to take effect.

How to see the current Attribute Configuration?
cd \ConfigEngine
Run ConfigEngine.bat wp-query-attribute-config -DWasPassword=secret

This will create availableAttributes.html report in /ConfigEngine/log

That's what you need...