Choosing login values

Determine which LDAP attribute or attributes you want to use to log in to IBM® Connections.

The following scenarios are supported:
Single LDAP attribute with a single value
For example: uid=jsmith.
Multiple LDAP attributes, each with a single value
To specify multiple attributes, separate them with a semicolon when you enter them in the Login properties field (while adding the repository to IBM® WebSphere® Application Server). For example, where uid=jsmith and mail=jsmith@example.com, you would enter: uid; mail.
Single LDAP attribute with multiple values
For example, mail is the login attribute and it accepts two different email addresses: an intranet address and an extranet address. For example: mail=jsmith@myCompany.com or mail=jsmith@example.com.
Multiple LDAP attributes, each with multiple values
For example: uid=jsmith or uid=john_smith and mail=jsmith@example.com or mail=john_smith@example.com or mail=jsmith@MyCompany.com.
Multiple LDAP directories
For example: One LDAP directory uses uid as the login attribute and the other uses mail. You must repeat the steps in Setting up federated repositories for each LDAP directory.

Multi-valued attributes

You can map multiple values to common attributes such as uid or mail.

If, for example, you mapped the following attributes for a user called Sample User, all three values for the user are populated in the PROFILE_LOGIN table in the Profiles database:
  • mail=suser@example.com
  • mail=sample_user@example.com
  • mail=user_sample@example.com
A similar example for the uid property would have the following attributes:
  • uid=suser
  • uid=sampleuser
  • uid=user_sample

By default, the population wizard only allows you to choose one attribute for logins, so you can't select mail and uid. You can, however, write a custom function to union multiple attributes.

Custom attributes

The Profiles population wizard populates uid and mail during the population process but maps the loginID attribute to null. You can specify a custom attribute if your directory uses a unique login attribute other than, for example, uid or mail. The login value can be based on any attribute that you have defined in your repository. You can specify that attribute by setting loginID=attribute when you populate the Profiles database.

The following sample extract from the profiles-config.xml file shows the standard login attributes:

<loginAttributes> 
<loginAttribute>uid</loginAttribute> 
<loginAttribute>email</loginAttribute> 
<loginAttribute>loginId</loginAttribute> 
</loginAttributes> 

The value for the loginID attribute is stored in the Prof_Login column of the Employee table in the Profiles database. For more information, see the Mapping fields manually topic.

Using Profiles or LDAP as the repository

If you change the default IBM® Connections configuration to use the LDAP directory as the user repository, WebSphere® Application Server maps uid as the login default.