This section describes how to configure your SQL and LDAP profile templates to implement repository linking. The example used in this section assumes that you have some basic profile data, such as name, email, login, and password, stored in an existing LDAP directory. Thus, the LDAP repository is used to access this data and to authenticate users. The SQL repository is used to store the remaining profile data, such as address and locale information, and all the ATG-specific data (such as scenario-related data, if you are running the Scenarios module). The SQL repository also replicates the login property, which is used to implicitly link the SQL and LDAP profiles.

You can split your data any other way, and modify the profile templates accordingly. The only requirement is that one of the two repositories must contain both the login and password properties, so that it can be used to authenticate the users. (Note, however, that you must set up the SQL profile repository as the main repository and refer to LDAP profile properties through the SQL repository; you cannot have LDAP as your main repository using this type of configuration.)

To configure your SQL and LDAP repositories, do the following:

  1. Decide which profile properties will be stored in SQL and which will be stored in LDAP.

  2. Set up your SQL profile repository as the main profile repository. See the Setting Up a Profile Repository chapter for more information. Make sure that the user item descriptor is configured through the repository definition file to have all the properties you decided to store in SQL, but none of the LDAP properties.

    For example, if you are starting with the default SQL profile template, the user item descriptor includes the properties firstName,lastName, email, and password. If you decided to store these properties in the LDAP repository, remove them from the SQL definition file.

    Note: Removing these properties will probably require some XML combination techniques. See XML File Combination in the Nucleus: Organizing JavaBean Components chapter of the ATG Platform Programming Guide.

  3. Set up your LDAP repository and configure all the associated components. See Configuring the LDAP Repository Components in the LDAP Repositories chapter of the ATG Repository Guide.

    The LDAP repository should not be configured as the main profile repository. In other words, the profileRepository property of the /atg/userprofiling/ProfileTools component should point to /atg/userprofiling/ProfileAdapterRepository, as in the default configuration.

    Remove any unneeded properties from the LDAP definition file. If you decide to remove the login property, you will have to choose another property to be used when constructing RDNs (Relative Distinguished Names), since the login property is used as the value of the rdn-property attribute in the default template. This property must have a unique value for each LDAP repository item in order for the corresponding DNs to be unique. See New Item Creation in the LDAP Repository Architecture section of the LDAP Repositories chapter in the ATG Repository Guide for more information on constructing RDNs.

  4. In the SQL repository definition file, add a property of type atg.repository.linked.RepositoryLinkPropertyDescriptor to the user item descriptor. This property links the two profiles. For example, you could call this new property ldapUser and define it as follows:

    <property name="ldapUser"
        display-name="Linked LDAP User"
       <attribute name="uniqueIdPropertyLocal" value="login"/>
       <attribute name="uniqueIdPropertyRemote" value="login"/>

    The property definition must specify the repository and item type of the linked item. In addition, the attributes uniqueIdPropertyLocal and uniqueIdPropertyRemote specify which properties should be used as the unique IDs in SQL and LDAP, respectively. The values of these properties must be the same for the two profiles to be linked together.

    The category and display-name properties are optional; they provide better display for the item in the Business Control Center or ACC interface.

    If your property definition includes the cascade="insert,update,delete" attribute as shown above, the linked item will be automatically created, updated, or deleted whenever the SQL item is created, updated, or deleted. For example, when a user registers through a profile form handler, both a SQL and an LDAP profile will be created for him, and the relevant profile information will be stored in both items.

  5. Because the login property is replicated in both repositories, the two property values must always be kept in sync. For example, when the user registers, both his login and his ldapUser.login properties must be set to the same login value. To avoid having to do this by hand, modify the login property’s definition in the SQL profile template as follows:

    <property name="login"
        <attribute name="replicateProperty" value="ldapUser.login"/>

    This code declares the login property to be of type ReplicatePropertyDescriptor, which overrides GSAPropertyDescriptor and takes care of automatically replicating the property value to the property specified via the replicateProperty attribute.

    With the login property configured in this way, you need worry only about setting the login property in the SQL profile item; the corresponding LDAP item’s login property is set automatically.