Skip to content
Advertisement

VMM how to find or fetch VMM entity attribute mapping / attribute names

Starting point: I have a WebSphere with federated security (there is an Active Directory behind it). I am trying to fetch a VMM user uid by his/her email address, but I a don’t know how it’s VMM (schema) attributes are mapped to the AD (schema) attributes of the underlying Active Directory entity (person, organizationalPerson objectClass, mail attribute.

(By describing it in a different way: If one have a look at the WAS console, in the “Users and Groups” -> “Manage Users” there is a table where there is an E-Mail column, so it is somehow mapped. But, by clicking on the ( “Global Security” -> “(federated repositories) configure button” -> (there is a table, you can select the)) LDAP1 row, and checking the table in “Federated repositories property names to LDAP attributes mapping”, I don’t find that the ‘E-Mail’ column how has been mapped to the AD attribute. Maybe there is an implicit mapping?)

So, the starting question is this:

How to find this on the WAS console? Or, maybe via wsadmin (scripts)?

So, because of this, I tried to move forward and now I would try to find it using the VMM API, but I don’t find in the official documentation the answer to the second question:

Is it possible to fetch somehow the assigned / available attributes of an WebSphere VMM entity (Virtual member manager)?

There is a lot of examples about how to fetch the attributes when you know their name, but there is nothing about this…

Yes, I know that is is a bit XY problem, but please guide me a bit. Many thanks in advance.

To provide some code sample too, I am trying to fetch the user’s uid by using the following code:

JavaScript

Advertisement

Answer

A possible solution is to add a new federal repository supported property (Name: mail, Property name: mail, Entity types: PersonAccount):

mail property

After a WAS restart I was able to use the search expression

JavaScript

and the code above to fetch the corresponding uid to the given email address. It seems there is some info in the c:IBMWebSphereAppServeretcwimsetupwimdbproperties.xml, as if the “ibm-primaryEmail” would be the property that contains the email address, albeit I was not able to find my uid when I specified this instead of the “mail” attribute name.

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement