Ignacio Lacosta

Hello,
Nowadays, we have a WebSphere (5.0.2) authenticating users stored in OpenLDAP 2.1.22, in a standard way:
User Filter (&(uid=%v)(objectclass=inetOrgPerson))
Group Filter (&(cn=%v)(objectclass=groupOfUniqueNames))
User ID Map inetOrgPerson:uid
Group ID Map *:cn
Group Member ID Map groupOfUniqueNames:uniqueMember


Example of directory:

ou=roles
cn=general
objectClass: groupOfUniqueNames
uniqueMember: cn=user1,ou=users,...
uniqueMember: cn=user2,ou=users,...
uniqueMember: cn=user3,ou=users,...
(...)

ou=users
cn:user1
objectClass: inetOrgPersn
cn: user1
uid: user1
userPassword: pwd
sn: test
givenName: user1
cn:user1
( idem )

So, the "general" role entry is a very huge entry, because it contains a lot of users. Our LDAP is suffering some performance degradation and we think that this could be one reason.

The question is: can we set the membership of a role by adding an attribute in each user record, as Tomcat does ? (In Tomcat's server.xml file, the property userRoleName points to an user attribute that is the role name)

Thanks in advance !

Ignacio.

(To Jaffer Shah)
This error reading properties is when the properties files doesn't exists in classpath or home path. This isn't exactly an error, because all MQ functions still OK.

Hi,
We have WebSphere authenticating users with external LDAP.
My question is about if is possible to have an alternate LDAP for backup purposes. The idea is to have an slave LDAP which is pointed by WebSphere only if master LDAP is out of order.
Any hint?
Thanks
Ignacio