The Circle of Life
-
Upload
social-connections -
Category
Technology
-
view
267 -
download
4
Transcript of The Circle of Life
The Circle of Life
Sjaak Ursinusilionx
Martin LeyrerIBM
PLATINUM & CHAMPAGNE SPONSORS
GOLD SPONSORS
SILVER SPONSORS
BRONZE SPONSORS
Martin Leyrer - IBM
• Working 5 years for IBM as an IT-Specialist
• ICS product stack since 1995
• Twitter → leyrer• Linkedin →
www.linkedin.com/in/leyrer● Blog → www.leyon.at
Sjaak Ursinus - ilionx
• Working 11 Years for ilionx as aconsultant
• Working with IBM Connections since Jan 2007
• IBM Champion since start of program• Twitter → sursinus• Skype → sursinus• Linkedin → www.linkedin.com/in/sursinus• Various other social website’s
Audience Participation
Let's talk about users
Users in Connections
• TDI• LDAP• DBMS
• Sync• Profiles• App-Support
● Websphere● LDAP
● Authentication● SSO
Audience Participation
What makes a Person?PEOPLEDB Profiles
Directory Service
Virtual Member Manager(VMM)
LDAP
PROF_GUID ID uniqueId UUID/GUID/UNID
PROF_DISPLAY_NAME Name cn/displayName cn/displayName
PROF_MAIL Mail mail/ibm-primaryEmail
mail/ibm-primaryEmail
PROF_SOURCE_UID DN uniqueName DN
PROF_UID UID UID UID or samAccountName
Person – AD LDAP
• displayName: Martin Leyrer• cn: IBMX372• mail: [email protected]• dn:
CN=IBMX372,OU=Users,OU=example,DC=prod,DC=IBM
• sAMAccountName: IBMX372
Person – IBM Domino LDAP
• displayName: Martin Leyrer/cloud• cn: Martin Leyrer• mail: [email protected]• dn: CN=Martin Leyrer,o=cloud• uid: mleyrer
Audience Participation
profiles_tdi.properties
• sync_updates_hash_field=uid
Fixingsync_ipdates_hash_field
• If the value of the hash field in the source has changed– set this property to a different field
that has not changed– for at least one run of sync_all_dns
Do you know what happens in your LDAP ...
• If a user quits• If a user goes on maternity leave
(and comes back later)• If a user goes on sabbatical (and
comes back)
Do you have procedures in place ...
• If a user quits• If a user goes on maternity leave
(and comes back later)• If a user goes on sabbatical (and
comes back)
PEOPLEDB / Employee Table
Profile Managementwsadmin
• ProfilesService.inactivateUser(String user_email_addr)
• ProfilesService.inactivateUserByUserId(String userID)
• ProfilesService.activateUserByUserId(String user_external_id, updated_properties_list)
• ProfilesService.swapUserAccessByUserId(String userToActivate, String userToInactivate)
Profile ManagementTDI
• sync_all_dns• revoke_users• Check out the samples folder of
TDISOL
More Usertables
BLOGS —> ROLLERUSER
DOGEAR —> PERSON
FILES —> USER
FORUM —> DF_MEMBERPROFILE
HOMEPAGE —> PERSON
METRICS —> USER_LOGIN
MOBILE —> USERREGISTRY
OPNACT —> OA_MEMBERPROFILE
PEOPLEDB —> EMPLOYEE
SNCOMM —> MEMBERPROFILE
WIKIS —> USER
More Usertables
More Usertables
Sync between differentusertables
• Normally done automatically• ProfilesService.
PublishUserDatapublishUserDataByUserId
• *MemberService. SyncMemberByExtId syncAllMembersByExtId
Users in Websphere
Websphere WIM + VMM
• WIM is the security provider within WAS
• VMM is basically an LDAP of its own• The first VMM login property is a
special one because that is mapped to userPrincipal
Websphere WIM + VMM
WAS / Login Properties
wimconfig.xml
<config:attributes name="samAccountName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="mail" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="userPrincipalName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
LTPA Based SSO
LTPA Cookie/Token
Full token string:[u:user\:defaultWIMFileBasedRealm/uid=u00acme,o=example%...]
Token is for:[u:user\:defaultWIMFileBasedRealm/uid=u00acme,o=example]
Token expires at:[2015-06-23-03:31:00 MESZ]
Realm
• Realm Name gets added to Cookie and can be changed
Cookie Username
• Remember „The first VMM login property is a special one because that is mapped to userPrincipal“?
LTPA SSO With Domino
Questions
Sjaak UrsinusIlionx
Twitter → sursinus
Skype → sursinus
Linkedin → www.linkedin.com/in/sursinus
Various other social website’s
Martin LeyrerIBM Austria
E-mail: [email protected]
Twitter: http://www.twitter.com/leyrer
Blog: http://www.leyon.at
Slideshare:http://www.slideshare.net/Martin.Leyrer
END