W.ZH Dec 2013
For being able to map external user/groups to UCM roles you will need to use Credential Maps. In this way, a user login from the WLS to access the UCM content, could be able to be mapped to a role inside the UCM, by his group or by his user name defined inside the WLS or external LDAP.
User “editor1” is in the group of “Editor” (You can use administrator group too) in the embedded LDAP of the WLS. There is a piece of the content in the UCM server, located in the “Public” security group, created by the “weblogic” user. By default, this “Public” security group content can be read by any user. But for the editing permission of this content, you must at least have the “contributor” role in the UCM. User “editor1” will be the external user to UCM, do not have any role info by default in the UCM. when you login by editor1, it by default has the “guest” role to read a content in UCM. If we want the eidtor1 to have more permission to content, what we need to do is to map the “Editor” group to the “contributor” role in the UCM.
1. Suppose you have created user “editor1” is in the “Editor” group in the embedded LDAP of WLS.
2. On UCM – Administration – Credential Maps, add a map (for eg : testMap), put the following mapping content :
( if you want only one user is mapped, you should use:
&editor1, contributor )
3. Save/ update this map changes
4. In the UCM server, Navigate to <domain_home>/ucm/cs/data/providers/jpsuserprovider and open provider.hda in edit mode.
Add “ProviderCredentialsMap=testMap” before the end.
5. Save the file and restart UCM server. Make sure that WLS admin is running as well since that is needed for UCM JPS provider to be up.
6. After UCM is restarted, login with user editor1.
7. After user editor1 login, you can try checkin check out content features.
8. If you running the webcenter application, contributor role in fact give you the edit ablity to the content related taskflow, such as you can use ctrl+shift+c to trigger the ADF page to contribute mode to edit it on web page.
9. By similar method, external LDAP user’s group can be mapped to UCM role too.