366 Security in WebSphere Application Server Version 6.1 and J2EE 1.4 on z/OS
Also, federated repositories provides some user and group management
features. This is possible because federated repository is accessed with read
and write permissions. This user and group management is available through the
administrative console, through command-line utilities, or using public APIs.
Table 10-1 Federated repositories versus other user registry options
When you use the federated repositories functionality, all of the configured
repositories, which you specify as part of the federated repository configuration,
become active. It is required that the user ID, and the distinguished name (DN)
for an LDAP repository, be unique in multiple user repositories that are
configured under the same federated repository configuration.
10.4.2 Our federated repositories scenario
Our federated repositories scenario relies on the LDAP tree and on the
environment that we described in 10.2, “Our scenario and our environment” on
Federated repositories Other user registry
Supported registries File-based
DB (via wsadmin)
Local operating system
Ye s N o
Read/write Read only
Chapter 10. User registries 367
In this section we focus on configuring WebSphere Application for z/OS for a
federated repository composed of z/OS LDAP TDBM and IBM Tivoli Directory
Server. See Figure 10-19.
Figure 10-19 Our federated repositories scenario
The itsoitds organization unit is supported by ITDS. The itsotdbm organization
unit is supported by z/OS LDAP TDBM. In this scenario we federate those two
subtrees in order to make them available to WebSphere as one LDAP tree
whose root organization is itso.
This federation is transparent to WebSphere Application Server for z/OS. Users
and groups can be accessed in both subtrees simultaneously.
In the following section we start to federate z/OS LDAP TDBM. Then we validate
that it works also with native authentication, and finally we federate ITDS. At the