The document discusses user management in IBM Connections. It describes how user profiles are stored in LDAP directories and the PeopleDB database. It also discusses how single sign-on is implemented using LTPA cookies and tokens. User authentication can integrate with directories like Active Directory, Domino, and Websphere Identity Management. Procedures are important for handling user leave/returns from maternity or sabbatical.
3. Martin Leyrer - IBM
•
Working 5 years for IBM
as an IT-Specialist
•
ICS product stack since
1995
•
Twitter → leyrer
•
Linkedin →
www.linkedin.com/in/leyrer
●
Blog → www.leyon.at
4. Sjaak Ursinus - ilionx
•
Working 11 Years for ilionx as a
consultant
•
Working with IBM Connections
since Jan 2007
•
IBM Champion since start of program
•
Twitter → sursinus
•
Skype → sursinus
•
Linkedin → www.linkedin.com/in/sursinus
•
Various other social website’s
9. What makes a Person?
PEOPLEDB Profiles
Directory
Service
Virtual Member
Manager
(VMM)
LDAP
PROF_GUID ID uniqueId UUID/GUID/UNID
PROF_DISPLAY_NAME Name cn/displayName cn/displayName
PROF_MAIL Mail mail/ibm-
primaryEmail
mail/ibm-
primaryEmail
PROF_SOURCE_UID DN uniqueName DN
PROF_UID UID UID UID or
samAccountName
10. Person – AD LDAP
•
displayName: Martin Leyrer
•
cn: IBMX372
•
mail: martin.leyrer@at.ibm.com
•
dn:
CN=IBMX372,OU=Users,OU=exampl
e,DC=prod,DC=IBM
•
sAMAccountName: IBMX372
11. Person – IBM Domino LDAP
•
displayName: Martin Leyrer/cloud
•
cn: Martin Leyrer
•
mail: martin.leyrer@at.ibm.com
•
dn: CN=Martin Leyrer,o=cloud
•
uid: mleyrer
14. Fixing
sync_ipdates_hash_field
•
If the value of the hash field in the
source has changed
– set this property to a different field
that has not changed
– for at least one run of sync_all_dns
15. Do you know what
happens in your LDAP ...
•
If a user quits
•
If a user goes on maternity leave
(and comes back later)
•
If a user goes on sabbatical (and
comes back)
16. Do you have procedures
in place ...
•
If a user quits
•
If a user goes on maternity leave
(and comes back later)
•
If a user goes on sabbatical (and
comes back)
25. Websphere WIM + VMM
•
WIM is the security provider within
WAS
•
VMM is basically an LDAP of its own
•
The first VMM login property is a
special one because that is mapped
to userPrincipal
34. Questions
Sjaak Ursinus
Ilionx
Twitter → sursinus
Skype → sursinus
Linkedin → www.linkedin.com/in/sursinus
Various other social website’s
Martin Leyrer
IBM Austria
E-mail: martin.leyrer@at.ibm.com
Twitter: http://www.twitter.com/leyrer
Blog: http://www.leyon.at
Slideshare:
http://www.slideshare.net/Martin.Leyrer