The ConfigEngine.sh script is used to add, remove and validate entries in the Portal configuration engine. Refer to IBM Portal - Configuring wkplc.properties for the steps on how to configure the workplace properties file (wkplc.properties) so that ConfigEngine.sh can make a connection to Portal.

The wp-validate-federated-ldap-attribute-config option is used to return the currently configured LDAP attributes, like this.

/opt/WebSphere/AppServer/profiles/your_profile/ConfigEngine/ConfigEngine.sh wp-validate-federated-ldap-attribute-config

Something like this should be returned.

[wplc-validate-ldap-attribute-config] The following attributes are defined in Portal but not in LDAP – You should either flag them as unsupported or define an attribute mapping:

[wplc-validate-ldap-attribute-config] [countryName, localityName, children, ibm-primaryEmail, password, modifyTimestamp, createTimestamp, certificate, realm, ibm-jobTitle, groups, kerberosId, principalName, partyRoles, parent, changeType, viewIdentifiers, identifier]

Likewise, the /opt/WebSphere/AppServer<version>/profiles/<your profile>/config/cells/<your cell>/wim/config/wimconfig.xml should have something like this.

<config:attributeConfiguration>
  <config:attributes name="userPassword" propertyName="password"/>
    <config:attributes name="mail" propertyName="email">
    <config:entityTypes>PersonAccount</config:entityTypes>
      <config:entityTypes>Group</config:entityTypes>
    </config:attributes>
    
    <config:attributes name="createTimestamp" propertyName="createTimestamp">
      <config:entityTypes>PersonAccount</config:entityTypes>
      <config:entityTypes>Group</config:entityTypes>
    </config:attributes>
  
    <config:attributes name="fullName" propertyName="fullName">
      <config:entityTypes>PersonAccount</config:entityTypes>
      <config:entityTypes>Group</config:entityTypes>
    </config:attributes>