WAS VMM Custom Object Class mapping in Websphere Portal and Commerce

Posted by Unknown on

Context of this blog is to provide guidelines around customization of WAS VMM mapping to custom LDAP Objectclass and it's associated custom LDAP attributes, before we jump into some of the code samples it is a good idea to understand basic concepts of VMM and LDAP schema extension.

This is an advanced configuration option which is usually done after LDAP enablement of your portal or commerce server, please refer to my previous blog for LDAP enablement of WCS

What is VMM?

VMM or virtual member manager is a WAS component and provides an abstract interface to the underlying datastore which maintains the user profile and user roles, right out of the gate adapters are available for LDAP and database, VMM also provides a set of interfaces which can be implemented to develop a custom adapter for other types of data sources.

Various IBM Products that run on WAS runtime leverage and make use of WAS VMM components for repository federations, user authentication and role management in a central repository.
For instance websphere portal can use it for user authentication and role management, similarly WCS can make use of this as a central repository for user authentication.

VMM provides basic CRUD functionality interface to these underlying repositories as an application developer it means that you don't have to deal with the low level aspects of LDAP or database interaction for these operations.

How does WCS and Portal make use of VMM?

WAS VMM is configured to make use of dynamic data model, by default all of the standard attributes of LDAP object class such as top, person, OrganizationalPerson and InetOrgPerson are configured OOB, but you can additionally include any custom attribute and change mapping of LDAP standard attributes.

LDAP inetOrgPerson object class is mapped to PersonAccount entity within VMM
Extending LDAP Object Class
We have decided to extend inetOrgPerson class with a custom LDAP objectclass MyCompanyObjectClass and we would like to include a custom attribute wcsMemberID
LDAP schema extension as similar to inheritance in Object oriented programming, My custom Object class in this diagram below inherits everything from it's immediate parent and defines few additional custom attributes.


For instance, if you are making use of OpenDS, the location of all existing schema is OpenDS/config/schema, The directory server loads the schema files in alphanumeric order (numerals first) at directory server startup.
98myschema.ldif definition, copy this file under OpenDS/config/schema and restart directory server

Configuration of WCS with LDAP Custom Object Class

If you want to overwrite LDAP standard attributes then those should be defined in wimconfig.xml
Edit wasprofile\config\cells\localhost\wim\config\wimconfig.xml

By default VMM Maps inetOrgPerson LDAP Object Class to PersonAccount VMM Entity, in this example we have extended inetOrgPerson LDAP object class with MyCompanyObjectClass and have defined few custom attributes within them

We can manually edit the wimconfig.xml file to override the mapping of PersonAccount Entity to MyCompanyObjectClass  instead of default inetOrgPerson LDAP object class as follows.
Refer the section with following lines <config:ldapEntityTypes name="PersonAccount"....

If you want to define custom object class LDAP attributes to VMM, then those should be defined in wimconfigextension.xml
Edit wasprofile\config\cells\localhost\wim\model\wimxmlextension.xml



We need to now let WCS know how to map the custom VMM attribute with LDAP database field in user table, in this example we have mapped wcs member id from users object to LDAP custom attribute wcsMemberID


Further Reading

Refer following link to see a list of OOB tables/attributes that can be synchronized with LDAP


4 comments:

  1. UnknownJuly 8, 2016 at 9:54 AM

    Excellent article!
    I have a question though. Customizing Ldap attribute is explained well but in the ldapentry file for the mapping of commerce attribute and ldap attribute - the commerce attribute is 'memberId' which is not the OOB attribute. So is there a procedure to customize the commerce attribute before mapping them?

    ReplyDelete
  2. SusanApril 27, 2020 at 7:31 AM

    I need to admit that that is one wonderful insight. It surely gives a company the opportunity to have in around the ground floor and really take part in making a thing special and tailored to their needs. Wondering where to go in 2019? Things to do has ranked as the best include a remote, idyllic island, the design capital ...

    ReplyDelete
  3. Ander SonFebruary 10, 2024 at 1:29 AM

    What a fascinating story. I was on the edge of my seat the whole time! Your writing style really drew me in and made me feel like I was there. I loved all the vivid details that brought the characters and setting to life. It's obvious how passionate you are about sharing this experience. Thanks for taking the time to tell such a captivating tale. tarpaulins uk

    ReplyDelete
  4. Iron ManApril 16, 2024 at 6:42 AM

    I found this article to be quite thought-provoking. The ideas you presented challenged my existing beliefs and made me reconsider my stance. It's refreshing to come across content that encourages critical thinking.
    Clear Tarpaulin

    ReplyDelete