the circle of life
TRANSCRIPT
![Page 1: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/1.jpg)
The Circle of Life
Sjaak Ursinusilionx
Martin LeyrerIBM
![Page 2: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/2.jpg)
PLATINUM & CHAMPAGNE SPONSORS
GOLD SPONSORS
SILVER SPONSORS
BRONZE SPONSORS
![Page 3: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/3.jpg)
Martin Leyrer - IBM
• Working 5 years for IBM as an IT-Specialist
• ICS product stack since 1995
• Twitter → leyrer• Linkedin →
www.linkedin.com/in/leyrer● Blog → www.leyon.at
![Page 4: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/4.jpg)
Sjaak Ursinus - ilionx
• Working 11 Years for ilionx as aconsultant
• Working with IBM Connections since Jan 2007
• IBM Champion since start of program• Twitter → sursinus• Skype → sursinus• Linkedin → www.linkedin.com/in/sursinus• Various other social website’s
![Page 5: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/5.jpg)
Audience Participation
![Page 6: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/6.jpg)
Let's talk about users
![Page 7: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/7.jpg)
Users in Connections
• TDI• LDAP• DBMS
• Sync• Profiles• App-Support
● Websphere● LDAP
● Authentication● SSO
![Page 8: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/8.jpg)
Audience Participation
![Page 9: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/9.jpg)
What makes a Person?PEOPLEDB Profiles
Directory Service
Virtual Member Manager(VMM)
LDAP
PROF_GUID ID uniqueId UUID/GUID/UNID
PROF_DISPLAY_NAME Name cn/displayName cn/displayName
PROF_MAIL Mail mail/ibm-primaryEmail
mail/ibm-primaryEmail
PROF_SOURCE_UID DN uniqueName DN
PROF_UID UID UID UID or samAccountName
![Page 10: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/10.jpg)
Person – AD LDAP
• displayName: Martin Leyrer• cn: IBMX372• mail: [email protected]• dn:
CN=IBMX372,OU=Users,OU=example,DC=prod,DC=IBM
• sAMAccountName: IBMX372
![Page 11: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/11.jpg)
Person – IBM Domino LDAP
• displayName: Martin Leyrer/cloud• cn: Martin Leyrer• mail: [email protected]• dn: CN=Martin Leyrer,o=cloud• uid: mleyrer
![Page 12: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/12.jpg)
Audience Participation
![Page 13: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/13.jpg)
profiles_tdi.properties
• sync_updates_hash_field=uid
![Page 14: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/14.jpg)
Fixingsync_ipdates_hash_field
• If the value of the hash field in the source has changed– set this property to a different field
that has not changed– for at least one run of sync_all_dns
![Page 15: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/15.jpg)
Do you know what happens in your LDAP ...
• If a user quits• If a user goes on maternity leave
(and comes back later)• If a user goes on sabbatical (and
comes back)
![Page 16: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/16.jpg)
Do you have procedures in place ...
• If a user quits• If a user goes on maternity leave
(and comes back later)• If a user goes on sabbatical (and
comes back)
![Page 17: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/17.jpg)
PEOPLEDB / Employee Table
![Page 18: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/18.jpg)
Profile Managementwsadmin
• ProfilesService.inactivateUser(String user_email_addr)
• ProfilesService.inactivateUserByUserId(String userID)
• ProfilesService.activateUserByUserId(String user_external_id, updated_properties_list)
• ProfilesService.swapUserAccessByUserId(String userToActivate, String userToInactivate)
![Page 19: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/19.jpg)
Profile ManagementTDI
• sync_all_dns• revoke_users• Check out the samples folder of
TDISOL
![Page 20: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/20.jpg)
More Usertables
BLOGS —> ROLLERUSER
DOGEAR —> PERSON
FILES —> USER
FORUM —> DF_MEMBERPROFILE
HOMEPAGE —> PERSON
METRICS —> USER_LOGIN
MOBILE —> USERREGISTRY
OPNACT —> OA_MEMBERPROFILE
PEOPLEDB —> EMPLOYEE
SNCOMM —> MEMBERPROFILE
WIKIS —> USER
![Page 21: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/21.jpg)
More Usertables
![Page 22: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/22.jpg)
More Usertables
![Page 23: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/23.jpg)
Sync between differentusertables
• Normally done automatically• ProfilesService.
PublishUserDatapublishUserDataByUserId
• *MemberService. SyncMemberByExtId syncAllMembersByExtId
![Page 24: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/24.jpg)
Users in Websphere
![Page 25: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/25.jpg)
Websphere WIM + VMM
• WIM is the security provider within WAS
• VMM is basically an LDAP of its own• The first VMM login property is a
special one because that is mapped to userPrincipal
![Page 26: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/26.jpg)
Websphere WIM + VMM
![Page 27: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/27.jpg)
WAS / Login Properties
![Page 28: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/28.jpg)
wimconfig.xml
<config:attributes name="samAccountName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="mail" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name="userPrincipalName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
![Page 29: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/29.jpg)
LTPA Based SSO
![Page 30: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/30.jpg)
LTPA Cookie/Token
Full token string:[u:user\:defaultWIMFileBasedRealm/uid=u00acme,o=example%...]
Token is for:[u:user\:defaultWIMFileBasedRealm/uid=u00acme,o=example]
Token expires at:[2015-06-23-03:31:00 MESZ]
![Page 31: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/31.jpg)
Realm
• Realm Name gets added to Cookie and can be changed
![Page 32: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/32.jpg)
Cookie Username
• Remember „The first VMM login property is a special one because that is mapped to userPrincipal“?
![Page 33: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/33.jpg)
LTPA SSO With Domino
![Page 34: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/34.jpg)
Questions
Sjaak UrsinusIlionx
Twitter → sursinus
Skype → sursinus
Linkedin → www.linkedin.com/in/sursinus
Various other social website’s
Martin LeyrerIBM Austria
E-mail: [email protected]
Twitter: http://www.twitter.com/leyrer
Blog: http://www.leyon.at
Slideshare:http://www.slideshare.net/Martin.Leyrer
![Page 35: The Circle of Life](https://reader034.vdocuments.site/reader034/viewer/2022052308/5878bad51a28ab724c8b7671/html5/thumbnails/35.jpg)
END