Context of this blog is to provide guidelines around customization of WAS VMM mapping to custom LDAP Objectclass and it's associated custom LDAP attributes, before we jump into some of the code samples it is a good idea to understand basic concepts of VMM and LDAP schema extension.
This is an advanced configuration option which is usually done after LDAP enablement of your portal or commerce server, please refer to my previous blog for LDAP enablement of WCS
What is VMM?
VMM or virtual member manager is a WAS component and provides an abstract interface to the underlying datastore which maintains the user profile and user roles, right out of the gate adapters are available for LDAP and database, VMM also provides a set of interfaces which can be implemented to develop a custom adapter for other types of data sources.Various IBM Products that run on WAS runtime leverage and make use of WAS VMM components for repository federations, user authentication and role management in a central repository.
For instance websphere portal can use it for user authentication and role management, similarly WCS can make use of this as a central repository for user authentication.
VMM provides basic CRUD functionality interface to these underlying repositories as an application developer it means that you don't have to deal with the low level aspects of LDAP or database interaction for these operations.
How does WCS and Portal make use of VMM?
WAS VMM is configured to make use of dynamic data model, by default all of the standard attributes of LDAP object class such as top, person, OrganizationalPerson and InetOrgPerson are configured OOB, but you can additionally include any custom attribute and change mapping of LDAP standard attributes.LDAP inetOrgPerson object class is mapped to PersonAccount entity within VMM
Extending LDAP Object Class
We have decided to extend inetOrgPerson class with a custom LDAP objectclass MyCompanyObjectClass and we would like to include a custom attribute wcsMemberID
LDAP schema extension as similar to inheritance in Object oriented programming, My custom Object class in this diagram below inherits everything from it's immediate parent and defines few additional custom attributes.
For instance, if you are making use of OpenDS, the location of all existing schema is OpenDS/config/schema, The directory server loads the schema files in alphanumeric order (numerals first) at directory server startup.
98myschema.ldif definition, copy this file under OpenDS/config/schema and restart directory server
Configuration of WCS with LDAP Custom Object Class
If you want to overwrite LDAP standard attributes then those should be defined in wimconfig.xmlEdit wasprofile\config\cells\localhost\wim\config\wimconfig.xml
By default VMM Maps inetOrgPerson LDAP Object Class to PersonAccount VMM Entity, in this example we have extended inetOrgPerson LDAP object class with MyCompanyObjectClass and have defined few custom attributes within them
We can manually edit the wimconfig.xml file to override the mapping of PersonAccount Entity to MyCompanyObjectClass instead of default inetOrgPerson LDAP object class as follows.
Refer the section with following lines <config:ldapEntityTypes name="PersonAccount"....
If you want to define custom object class LDAP attributes to VMM, then those should be defined in wimconfigextension.xml
Edit wasprofile\config\cells\localhost\wim\model\wimxmlextension.xml
We need to now let WCS know how to map the custom VMM attribute with LDAP database field in user table, in this example we have mapped wcs member id from users object to LDAP custom attribute wcsMemberID
Further Reading
Refer following link to see a list of OOB tables/attributes that can be synchronized with LDAP
Refer following link to synchronize any custom table attributes with LDAP
Make use of AdminTask Object, refer following link for more details to add custom attributes