Specify The Global ID Attribute For Users And Groups

objectGUID

For Active Directory, remember the samAccountName attribute has a 20 character limit; other IDs used by IBM Connections have a 256 character limit.

dominoUNID

If the bind ID for the Domino LDAP does not have sufficient manager access to the Domino directory, the Virtual Member Manager (VMM) does not return the correct attribute type for the Domino schema query; DN is returned as the VMM ID. To override VMM's default ID setting, add the following line to the <config:attributeConfiguration> section of the wimconfig.xml file:

<config:externalIdAttributes

name="dominoUNID"/>

nsuniqueid

GUID

If the organization already uses a unique identifier for each user and group, we can configure IBM Connections to use that identifier.

The wimconfig.xml file is stored in...

AIX

/usr/IBM/WebSphere/AppServer/profiles/profile_name/config/cells/cell_name/wim/config

Linux

/opt/IBM/WebSphere/AppServer/profiles/profile_name/config/cells/cell_name/wim/config

Windows

drive:\IBM\WebSphere\AppServer\profiles\profile_name\config\cells\cell_name\wim\config

IBM recommends that you do not allow the GUID of a user to change. If we change the GUID, the user will not have access to their data unless you re-synchronize the LDAP and Profiles database with the new GUID. When you change the GUID and run the sync_all_dns batch file, the user's GUID is initially changed in the Profiles database, and then propagated to the other components using the user life cycle commands. Be sure when we are running sync_all_dns that an unchanged field is used as the hash. See the Synchronizing source changes such as LDAP with Profiles and Managing user data using Profiles administrative commands. for more information.

Parent topic: Set up federated repositories

Related: Prepare to configure the LDAP directory Inactivate users to manage users with administrative commands Sync LDAP with Profiles