Selected user exclusion from your LDAP server

You can store some users in the LDAP server, such as your internal (sell-side) users, and other users, in the WebSphere Commerce database, such as your customers. To assign your users, you must configure WebSphere Commerce to use LDAP, and then modify the instance configuration file to specify which users you want to exclude from your LDAP server.

By default, the configuration is based on the parent organization of the various users in the site. For example, you want all users under Default Organization, where typically B2C shoppers are stored, to be excluded from being synchronized to the LDAP server. To exclude those users, you must specify the SyncUserExclusionList element within the MemberSubSystem element:
<MemberSubSystem AuthenticationMode="LDAP" ProfileDataStorage="LDAP"> 
    <SyncUserExclusionList display="false"> 
            <Org DN="o=default organization,o=root organization"/> 
    </SyncUserExclusionList>

If the condition for excluding users from LDAP is more complex than being part of a particular organization, you can extend com.ibm.commerce.member.syncbeans.commands.LDAPUserSyncCmdImpl and override the isExcludedUser() method based on your requirements.

If single sign-on is enabled, and WebSphere Commerce is configured to generate an LTPA token at logon time, this occurs only if the user is an LDAP user.