A composite profile repository is a variant of a standard profile repository in which some user data is stored in a database and accessed through a SQL repository, while authentication information is stored in an LDAP directory and accessed through an LDAP repository. The composite repository provides a unified view of all of the data, regardless of its source. See the Personalization Programming Guide for information about composite profile repositories. For more general information about composite repositories, see the Repository Guide.
You can use CIM to set up the internal profile repository as a composite repository. As mentioned above, CIM includes options for configuring the SSO server instance, and the CIM Commerce Add-Ons screen has a Single Sign-On selection for configuring SSO. If you select the Single Sign-On option, CIM will also display a Commerce SSO Add-Ons screen which has a selection for configuring LDAP authentication settings.
If you select LDAP authentication, both the ATG Content Administration server and the Commerce SSO server will include the DPS.InternalUsers.LDAP module. This module changes the class of the /atg/userprofiling/InternalProfileRepository component from atg.adapter.gsa.GSARepository to atg.adapter.composite.MutableCompositeRepository, and includes a SQL repository component (/atg/userprofiling/InternalGSAProfileRepository) to serve as the primary view for the composite repository. It also includes configuration for /atg/adapter/ldap/LDAPRepository (the LDAP repository that provides the contributing view) and related components.
CIM prompts you for LDAP connection settings and to provide mappings between repository properties and LDAP attributes. Each user item in the internal profile repository is linked to an LDAP user by the login property. Repository properties such as firstName, lastName, and email can be mapped to LDAP user attributes such as givenName, sn, and mail. If an attribute value is changed on the LDAP server, the corresponding repository property is immediately updated automatically; no re-login is necessary for the change to take effect.
CIM configures the user item type as a composite item with the primary item being in the SQL repository and a contributing item being in the LDAP repository. Based on the information you provide, it creates or modifies the following configuration files:
/atg/userprofiling/composite.xml– configuration file for the composite repository (InternalProfileRepository)/atg/userprofiling/internalUserProfile.xml– definition file for the SQL repository (InternalGSAProfileRepository)/atg/adapter/ldap/ldapUserProfile.xml– definition file for the LDAP repository (LDAPRepository)/atg/adapter/ldap/InitialContextEnvironment.properties– properties file for the component that specifies the environment settings for the JNDI initial context for the LDAP server
Note that in this configuration, the LDAP directory is not writable by the Oracle Commerce Platform. The LDAP data should be maintained through your LDAP software, and be available to other systems for reading but not modifying. Therefore, the LDAP repository is configured as read-only. This means that for Commerce SSO, unlike other uses of LDAP by the Oracle Commerce Platform, you do not need to set up a password hasher component. Password hashing should be handled through the LDAP software itself.
Mapping Organizations to LDAP Groups
After you specify the mapping of user properties to LDAP user attributes, CIM prompts you to link Business Control Center LDAP organizations to LDAP groups by mapping organization properties to LDAP group attributes. A Business Control Center organization is considered an LDAP organization if the organization’s isLdap property is set to true. An LDAP organization links to the LDAP group whose group ID matches the name of the organization.
The value of the isLdap property can be set in the Organizations interface in the Access Control area of the Business Control Center:
