IBM BS029ML Self Help Guide - Page 102
memberDN, memberUniqueId, for IBM Tivoli Directory Server, or - jobs
![]() |
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 102 highlights
Currently, WMM support the following major commercial LDAP servers: IBM Tivoli Directory Server Microsoft® Active Directory® SunOne Directory Server IBM Lotus Domino Application Server Novell eDirectory WMM implements the wmmLDAP as an abstraction layer, in which for each type of the supported LDAP servers, WMM provides an adapter module to shield the implementation details of the LDAP servers from application developers. This way, it is able to provide a standard set of Member Repository APIs for applications, like WebSphere Portal, to manage uses and groups. Optionally, you can use a look-aside profile repository adapter to interact with a look-aside repository using one of the available commercial databases with a schema defined by the Member Manager. The look-aside repository is used to store member attributes that cannot be stored in the member's main profile repository (such as the wmmLDAP). In Member Manager, the look-aside repository is referred to as wmmLookAside and the adapter is referred to as the wmmLookAside adapter. Although you can technically use wmmLookAside in conjunction with wmmDB repository, it is likely unnecessary, since all functionalities supported by the wmmLookAside is also supported by wmmDB. Every member managed by Member Manager requires a unique identifier. A unique identifier allows a member profile to be easily retrieved. Member Manager provides two types of unique identifiers: memberDN is a distinguished name for a member, and is convenient for identification and display purposes. memberDN is unique and may be changed and reused. After a member is deleted from Member Manager, a new member can be created and reuse the memberDN of the deleted member. An example of a memberDN of a Person "Jane Doe" is "uid=janedoe,ou=people,ou=sales,o=acme.com". memberUniqueId is unique, static, and never reused. That is, once memberUniqueId for a member is created, the value of that memberUniqueId will not be changed, even if the member is deleted. A new member cannot reuse the value of the memberUniqueId of the deleted member. The memberDN therefore uniquely identifies a member at a single point in time while the memberUniqueId, due to its characteristic of never being reused, uniquely identifies a member over time. In the example above, the person "Jane Doe" may change a job and work for a new organizational unit "marketing", so the new memberDN then becomes "uid=janedoe,ou=people,ou=marketing,o=acme.com", but the memberUniqueId is still the same. The memberUniqueId in WMM can be mapped to a unique attribute in the LDAP server. The examples of memberUniqueId might be ibm-entryUUID for IBM Tivoli Directory Server, or objectGUID for Microsoft Active Directory. Depending on your usage of member profile data, you may want to use the memberDN or both the memberDN and the memberUniqueId. Since memberDN values are readable, they are suitable for display purpose. The memberUniqueId values are not guaranteed to be readable and therefore may be unsuitable for display. Since a memberDN can be changed and reused, if your application receives a memberDN from Member Manager, puts the memberDN in some form of storage, and subsequently uses that memberDN with Member Manager, there is no guarantee that memberDN will not refer to a different member than the one to which it previously referred. 88 IBM WebSphere Portal V6 Self Help Guide
![](/manual_guide/products/ibm-bs029ml-self-help-guide-6d3dd71/102.png)