Manage EIM domain properties

Enterprise Identity Mapping (EIM) registration and identity mapping allows users to register with the EIM domain server and manage their identity mappings online.

Note: Before you enable EIM registration and identity mapping, see Interaction with an Enterprise Identity Mapping server for information on how the IBM® Welcome Page V1.1 application uses EIM and any limitations of EIM integration in the application. EIM is not available on iSeries™ servers that run OS/400® V5R1. If EIM is not available on your iSeries server, a tab for EIM administration does not appear in the IBM Welcome Page V1.1 application. Additionally, make sure that you have all the necessary PTFs applied to your server to use EIM in V5R2. See Verify the prerequisites for more information.

For more information on EIM properties and adding aliases see:

Parent topic: Administer IBM Welcome Page V1.1

Modify EIM domain properties

To modify EIM domain properties, use the IBM Welcome Page V1.1 administrator pages. Perform the following steps:
  1. Make sure that EIM is set up and started on your iSeries server.
  2. Access the IBM Survey Creator application by entering the following URL in your Web browser: 
    http://your.server.name:port/ibm-bizApps/welcome/admin.do

    where your.server.name is the name of the server where IBM Welcome Page is installed and port is the port number that was specified during installation.

  3. To modify EIM domain properties, you must log in as the application administrator.
  4. You can modify the following EIM domain properties:
    • Name
    • Parent DN
    • Administrator DN: Specify the distinguished name (DN) value of an administrator to the EIM repository.
    • Administrator password: Specify the password for the EIM administrator.
  5. Click Save Properties or Delete Properties, depending on what you want to modify.

Add your aliases to user registries

After the EIM properties have been modified, you must use iSeries Navigator to set up and administer EIM domain servers. You must add aliases to user registries that are defined for the EIM domain. Aliases provide the information that applications need to map an abstract user registry to a system host name, port, and authentication method.

Perform the following steps to add an alias to set up the system user registry for business application users:

  1. Start iSeries Navigator.
  2. Expand Domain Management.
  3. Expand the name of the EIM domain you want to manage.
  4. If necessary, enter the DN and password for your domain's administrator, and click OK.
  5. Click User Registries. A list of registries appear in the right panel.
  6. In the Enterprise Identity Mapping tasks panel, click Add a new system registry.
    Note: If the task panel is not visible, go to the top menu, click View, and select Taskpad. There should now be a check mark next to Taskpad, and the task area should be visible.
  7. In the Add System Registry window, perform the following steps:
    1. In the Registry field, specify a name for the new registry.
    2. In the Type field, select LDAP.
    3. In the Alias field, specify the hostname and TCP/IP port number that the directory server uses and that the applications are configured to use. For example, if they are configured to use the directory server at server.rchland.ibm.com port 388, enter host=server.rchland.ibm.com, port=388 as the alias.

      There are several properties that business applications observe in a user registry alias:

      • host - This is the TCP/IP host name or IP address for this user registry. Business applications may use this value if they need to communicate with the system. For example, IBM Telephone Directory uses this value to validate user requests to add identity mappings (or associations) to their EIM identifier. There is no default value for this setting. For example, host=server.rchland.ibm.com.
      • protocol - This is the protocol used to communicate with the system. Valid values are ldap and ftp where the default value is ldap. See host for details. For example, protocol=ftp.
      • port - This is the TCP/IP port number used to communicate with the system. Valid values range between 1 and 65535. The default value is 389 if the ldap protocol is used, or 20 if the ftp protocol is used. See host for details. For example, port=388
      • os400-sys - This is the os400-sys attribute value used to access OS/400 objects as entries within an LDAP-accessible directory tree. Business applications may use this value to access OS/400 user profiles that are projected as entries within a directory tree. This value is only used if the ldap protocol is used to communicate with an OS/400 system. The default value is the same as that specified for host (required). For example, os400-sys=system-A.rchland.ibm.com
      • readonly - This indicates that the user registry is only to be used to read or obtain information. If specified, business applications may use or display identity mappings (or association) mapped to this user registry, but they may not add new identity mappings or remove/modify any existing identity mapping. This setting is disabled by default. For example, readonly
      • Notes:
        • Property names and values are not case sensitive.
        • If multiple properties are specified, they must be separated by a comma (',').
        • Properties may only be specified once, per alias. (No duplicates.)
        • Only one type IBS alias is allowed, per user registry.
        • Business applications look specifically for user registries with a type IBS alias. Those without a type IBS alias are ignored.
        • Alias types are case sensitive. IBS must be specified with all upper case letters.
    4. Under the Address aliases heading, in the Type field, specify IBS (and overwrite anything that may already be shown or selected).
    5. Click Add.
    6. Click OK.

Add aliases to other system or application user registries

Perform the following steps to add an alias to set up other system or application user registries:
  1. Start iSeries Navigator.
  2. Expand Domain Management.
  3. Expand the name of the EIM domain you want to manage.
  4. If necessary, enter the DN and password for your domain's administrator, and click OK.
  5. Click User Registries. A list of registries appear in the right panel.
  6. In the Enterprise Identity Mapping tasks panel, click Add a new system registry to add a new system user registry, or Add a new application registry to add a new application user registry.
    Note: If the task panel is not visible, go to the top menu, click View, and select Taskpad. There should now be a check mark next to Taskpad, and the task area should be visible.
  7. In the Add System Registry window or Add Application Registry window, perform the following steps:
    1. In the Registry field, specify a name for the new registry.
    2. If you are using the Add System Registry wizard, skip to step 7.c. If you are using the Add Application Registry wizard, in the Parent registry field, specify the name of the system user registry of which this application user registry is a subset.
    3. In the Type field, select the type of user registry definition that you want to add. You may choose a predefined type, or enter a value that meets your needs.
    4. In the Alias field, specify the properties that business applications must use in the event they need to communicate with the system. See explanation of alias properties for details.

      There are several properties that applications observe in a user registry alias:

      • host - This is the TCP/IP host name or IP address for this user registry. Business applications may use this value if they need to communicate with the system. For example, IBM Telephone Directory uses this value to validate user requests to add identity mappings (or associations) to their EIM identifier. There is no default value for this setting. For example, host=server.rchland.ibm.com.
      • protocol - This is the protocol used to communicate with the system. Valid values are ldap and ftp where the default value is ldap. See host for details. For example, protocol=ftp
      • port - This is the TCP/IP port number used to communicate with the system. Valid values range between 1 and 65535. The default value is 389 if the ldap protocol is used, or 20 if the ftp protocol is used. See host for details. For example, port=388
      • os400-sys - This is the os400-sys attribute value used to access OS/400 objects as entries within an LDAP-accessible directory tree. Business applications may use this value to access OS/400 user profiles that are projected as entries within a directory tree. This value is only used if the ldap protocol is used to communicate with an OS/400 system. The default value is the same as that specified for host (required). For example, os400-sys=system-A.rchland.ibm.com
      • readonly - This indicates that the user registry is only to be used to read or obtain information. If specified, business applications may use or display identity mappings (or association) mapped to this user registry, but they may not add new identity mappings or remove/modify any existing identity mapping. This setting is disabled by default. For example, readonly.
      • Notes:
        • Property names and values are not case sensitive.
        • If multiple properties are specified, they must be separated by a comma (',').
        • Properties may only be specified once, per alias. (No duplicates.)
        • Only one type IBS alias is allowed, per user registry.
        • Business applications look specifically for user registries with a type IBS alias. Those without a type IBS alias are ignored.
        • Alias types are case sensitive. IBS must be specified with all upper case letters.
    5. Under the Address aliases heading, in the Type field, specify IBS (and overwrite anything that may already be shown or selected).
    6. Click Add.
    7. Click OK.

You should now see your new registry in the list of system registries. This registry represents the directory server used by the applications. The alias you added to it allows the Web applications to identify it.

You may now add other registries that represent other servers. If you add a similar alias, the IBM Telephone Directory V5.2 application recognizes it and allows users to self-register their personal identities for those servers.

Currently, the IBM Telephone Directory V5.2 application is the only business application that uses EIM properties. It uses EIM properties to provide automatic EIM registration and self-management of user identities. See Set up EIM registration and identity mapping in the IBM Telephone Directory V5.2 topic for more information.