In Websphere Global Security
for the Domino Federated Repository – 1.)Setting – Distinguished name of a base entry that uniquely identifies this set of entries in the realm – to match the Domino org – generally, o=org. 2.)Setting – “Distinguished name of a base entry in this repository ” to blank (empty) 3.) Edit the dmgr’s wimconfig.xml file under the profile_root/config/cells/cell_name/wim/config directory as follows (this example changes the mapping to “externalName”); From: { config:uniqueUserIdMapping propertyForInput=”uniqueName” propertyForOutput=”uniqueName”/} And then synchronize and restart the nodes and deployment manager. Please note – if you make subsequent changes to the Global Security Federated Repository area using the ISC – Step 3 may need to be redone as changes may be lost. What this does – Step 1.) Insures that the username in the LTPA token created from Domino map to an existing repository in WAS – If there is no match, you get the “user not in defined realm” error in the logs. Step 2.) Insures that Domino Flat groups can be found for policies Step 3.) Insures that the username in the LTPA token that WAS generates is resolvable by the Sametime Community Server. In general, Domino does not validate the usernames contained within the LTPA token, it grants the user “default” level access to the database based on the validity of the token. |