Configuring LDAP Server for Dynamic Group Queries

By default, WebSphere Portal is enabled for static groups. However, the Virtual Member Manager (VMM) allows users to be members of either static or dynamic groups. Static groups are those where a persistent binding exists between a group and its members. Dynamic groups are those where a search query is defined to retrieve the members of a group. If you have your LDAP server configured to use dynamic groups, complete the steps in this task for WebSphere Portal to use dynamic group queries when you setup your LDAP server.

Perform the required tasks to configure either a stand-alone or federated LDAP server security.

The steps in this task use groupOfURLs as the object class for dynamic groups and memberURL as the dynamic membership attribute. The actual values for object classes and dynamic membership attributes can vary depending on your LDAP server. For this reason, you should export an LDIF file to verify the object classes and dynamic membership attributes. Either refer to your LDAP documentation or ask your LDAP administrator for instructions on exporting an LDIF file.

Clustered environments: Perform the following steps on the Deployment Manager then synchronize the nodes.

To configure WebSphere Portal to use dynamic groups, do the following:

1. For stand-alone LDAP server or federated LDAP server(s), perform these steps:

   1. Navigate to the following directory: wp_profile_root/cells/cell_name/wim/config.

   2. Locate and open wimconfig.xml with any text editor.

   3. Add the following line to the <config:groupConfiguration> tag:

      <config:dynamicMemberAttributes name="memberurl" objectClass="groupofurls"/>

   4. Save and close wimconfig.xml.

2. Stop and restart the appropriate servers to propagate the changes.