Configuring external security providers
To use an external security provider, you must add the provider to the federated repository. Several types of repositories are supported, including the local operating system registry, a standalone Lightweight Directory Access Protocol (LDAP) registry, a standalone custom registry, and federated repositories.
About this task
The default installation of IBM® Business Process Manager provides a federated repository that contains the WebSphere® Application Server file registry.
The following steps show an example of configuring an LDAP security provider (such as Microsoft Active Directory) with the federated repository. For more information about how to configure other supported repositories, such as Tivoli Directory Server, refer to the Configuring LDAP as the user account registry section of the IBM Business Process Manager V7.5 Production Topologies IBM Redbook.Note: IBM recommends
that you configure the LDAP security provider using a federated repository
(also referred to as virtual member manager).
Restriction:
- You must search for users by the user ID in stand-alone LDAP user repositories. Searching for users by user first name or last name is not supported in this configuration.
- If you are using Active Directory as a user repository, and you search for a user name that contains a letter with a diacritical mark, the search will ignore the diacritical mark and will return all user names that contain the character, regardless of whether the character has a diacritical mark. For example, a search on user names that contain the letter e with an accent mark will return not just those user names, but also user names that include e with any other accent mark or e with no accent mark.
Important: The connection
with an embedded Enterprise Content Management (ECM) system might
be lost if users are deleted and recreated. Refer to Administering the technical user
for the IBM BPM document store.