WAS VMM Custom Object Class mapping in Websphere Portal and Commerce

Posted by Hariharan Vadivelu on

Context of this blog is to provide guidelines around customization of WAS VMM mapping to custom LDAP Objectclass and it's associated custom LDAP attributes, before we jump into some of the code samples it is a good idea to understand basic concepts of VMM and LDAP schema extension.

This is an advanced configuration option which is usually done after LDAP enablement of your portal or commerce server, please refer to my previous blog for LDAP enablement of WCS

What is VMM?

VMM or virtual member manager is a WAS component and provides an abstract interface to the underlying datastore which maintains the user profile and user roles, right out of the gate adapters are available for LDAP and database, VMM also provides a set of interfaces which can be implemented to develop a custom adapter for other types of data sources.

Various IBM Products that run on WAS runtime leverage and make use of WAS VMM components for repository federations, user authentication and role management in a central repository.
For instance websphere portal can use it for user authentication and role management, similarly WCS can make use of this as a central repository for user authentication.

VMM provides basic CRUD functionality interface to these underlying repositories as an application developer it means that you don't have to deal with the low level aspects of LDAP or database interaction for these operations.

How does WCS and Portal make use of VMM?

WAS VMM is configured to make use of dynamic data model, by default all of the standard attributes of LDAP object class such as top, person, OrganizationalPerson and InetOrgPerson are configured OOB, but you can additionally include any custom attribute and change mapping of LDAP standard attributes.

LDAP inetOrgPerson object class is mapped to PersonAccount entity within VMM


Extending LDAP Object Class
We have decided to extend inetOrgPerson class with a custom LDAP objectclass MyCompanyObjectClass and we would like to include a custom attribute wcsMemberID
LDAP schema extension as similar to inheritance in Object oriented programming, My custom Object class in this diagram below inherits everything from it's immediate parent and defines few additional custom attributes.




For instance, if you are making use of OpenDS, the location of all existing schema is OpenDS/config/schema, The directory server loads the schema files in alphanumeric order (numerals first) at directory server startup.
98myschema.ldif definition, copy this file under OpenDS/config/schema and restart directory server

Configuration of WCS with LDAP Custom Object Class

If you want to overwrite LDAP standard attributes then those should be defined in wimconfig.xml
Edit wasprofile\config\cells\localhost\wim\config\wimconfig.xml

By default VMM Maps inetOrgPerson LDAP Object Class to PersonAccount VMM Entity, in this example we have extended inetOrgPerson LDAP object class with MyCompanyObjectClass and have defined few custom attributes within them

We can manually edit the wimconfig.xml file to override the mapping of PersonAccount Entity to MyCompanyObjectClass  instead of default inetOrgPerson LDAP object class as follows.
Refer the section with following lines <config:ldapEntityTypes name="PersonAccount"....




If you want to define custom object class LDAP attributes to VMM, then those should be defined in wimconfigextension.xml
Edit wasprofile\config\cells\localhost\wim\model\wimxmlextension.xml



We need to now let WCS know how to map the custom VMM attribute with LDAP database field in user table, in this example we have mapped wcs member id from users object to LDAP custom attribute wcsMemberID


Further Reading

Refer following link to see a list of OOB tables/attributes that can be synchronized with LDAP



4 comments:

  1. Excellent article!
    I have a question though. Customizing Ldap attribute is explained well but in the ldapentry file for the mapping of commerce attribute and ldap attribute - the commerce attribute is 'memberId' which is not the OOB attribute. So is there a procedure to customize the commerce attribute before mapping them?

    ReplyDelete
  2. It was very nice blog to learn about SAP BASIS. Thanks for sharing.SAP basis

    ReplyDelete
  3. I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in TECHNOLOGY , kindly contact us http://www.maxmunus.com/contact
    MaxMunus Offer World Class Virtual Instructor led training on TECHNOLOGY. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
    For Demo Contact us.
    Saurabh Srivastava
    MaxMunus
    E-mail: saurabh@maxmunus.com
    Skype id: saurabhmaxmunus
    Ph:+91 8553576305 / 080 - 41103383
    http://www.maxmunus.com/


    ReplyDelete