Automatically map LDAP ‘maximouser’ role before building maximo.ear file

One of the tedious steps of using LDAP with Maximo is the fact that you have to map users/groups to the Enterprise Application after you deploy the maximo.ear file everytime and if you forget, then your users won’t be able to login to Maximo.

Previously, this is what you had to do to add LDAP groups to ‘maximousers’ in WebSphere.

After you deploy your maximo.ear, you had to click on Enterprise Applications -> MAXIMO -> Security role to user/group mapping, check ‘maximouser’ role and click ‘Map Users…’ or ‘Map Groups…’.  This was too much to remember for me… so there has to be another way!

The best way is by modifying the ibm-application-bnd.xmi file.  Navigate to SMP\maximo\applications\maximo\META-INF\ibm-application-bnd.xmi.  Open this in your favorite XML text editor.  You will find a row:

<groups xmi:id="Group_1077125442441" name="maximousers"/>

This row is added by default for Maximo so all you need to do is add the users/groups as a new row.  For example:

<groups xmi:id="Group_1435264713368" name="customgroup" accessId="group:defaultWIMFileBasedRealm/cn=customgroup,ou=groups,o=ibm.com"/>

Let’s break this line down.  the “xmi:id” is just a name with a unix timestamp and it can be whatever you want.  You can keep the timestamp, just make sure the value is unique.  The “name” is the value of the group from your Active Directory.  The “accessId” is contains repository name the distinguished name of the group.  The “defaultWIMFileBasedRealm” is defined in your Global security -> Federated repositories.  This is the default value in WebSphere.  Then you need the distinguished name of the group.

The final result should look like this:

<?xml version="1.0" encoding="UTF-8"?>
<applicationbnd:ApplicationBinding xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:applicationbnd="applicationbnd.xmi" xmi:id="ApplicationBinding_1077125442431">
  <authorizationTable xmi:id="AuthorizationTable_1077125442431">
    <authorizations xmi:id="RoleAssignment_1077125442431">
      <role href="META-INF/application.xml#SecurityRole_1077125442431"/>
      <groups xmi:id="Group_1077125442441" name="maximousers"/>
      <groups xmi:id="Group_1435264713368" name="customgroup" accessId="group:defaultWIMFileBasedRealm/cn=customgroup,ou=groups,o=ibm.com"/>
    </authorizations>
  </authorizationTable>
  <application href="META-INF/application.xml#Application_1077125442441"/>
</applicationbnd:ApplicationBinding>

Now you can just build maximo.ear and deploy!

Did You Know...

As Maximo Experts, we have developed several add-on products for Maximo that mobilize the work force, simplifies assignments, provides ad-hoc reporting capabilities and facilitates the seamless integration of Service Requests into Maximo.

Check out our products by clicking on the following links: EZMaxMobile, EZMaxPlanner and EZMaxRequest.

Find Out More

Leave a Reply