Question & Answer
Question
After switching Information Server to use an LDAP repository for authentication, how do I configure Information Server to automatically populate the users' first and last names in the Information Server Web Console?
Answer
Automatically populating the users' first and last names, as well as other LDAP attributes, in the Information Server Web Console is called Attribute Mapping.
Attribute mapping has some restrictions:
1. It is only available with Information Server 9.1 and higher.
2. It will only work when the LDAP repository is configured with Federated Repositories. The api is not available with Standalone LDAP
Once Federated Repositories has been configured, open a putty session on the services tier server and change directories to:
$IS_INSTALL_DIR/ASBServer/bin
The three most common attributes to map are the first name, last name, and email address. To map these attributes, you will need to know the equivalent LDAP attribute name. For most flavors of LDAP, these are sn for the last name, givenName for the first name and mail for the email. The common name (cn) for the group names is typically mapped as well.
Run the command:
./DirectoryAdmin.sh/bat -sam -um "<ldapAttributeName>=<ISAttributeName>,<ldapAttributeName2>=<ISAttributeName2>,..."
For example:
./DirectoryAdmin.sh/bat -sam -um "mail=mail,sn=lastName,givenName=firstName" -gm "cn=name"
Once this is complete, restart WebSphere.
For more detailed information on Attribute mapping, please refer to the IBM Knowledge Center page on the DirectoryAdmin tool - Accessing LDAP attributes.
For mapping some of the more uncommon attributes, refer to tech note:
http://www-01.ibm.com/support/docview.wss?uid=swg21667145
If you are running Information Server 11.3, please refer to the following tech note for recommended fix packs:
http://www-01.ibm.com/support/docview.wss?uid=swg21699884
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21980111