"bdaw" wrote : | If you have experience with it | with respect to my responsibility I should have that experience - at least for what we needed. The resources are not "easy" to read, because you don't get the whole picture at once. Therefore I would try to summarize that picture: 1) Intentity Management is configured in one xml file, which defines the "datasources" where the "identity objects" are read from (and optionally written to). It merges the identity objects retrieved from all defined datasources. 2) A datasource may be defined "homeFor", "responsibleFor" "identity objects" 3) Identity objects may be: User, Group, Role 4) A datasource may point to a database or an LDAP tree. An LDAP tree can be defined to be read-only, which in turn means, that all data read from it cannot be changed in the portal. 5) A datasource defines the attribute mapping: logical user attribute <-> ldap attribute for existing/common attributes 6) The existing user attributes can be extended outside of the xml file by a comma separated list of their names. Values are of type String. If users are configured to be read from a read-only LDAP tree, these attributes are written in the database, which is always needed. The ability of defining custom user attributes for a portal is quite necessary, think of a b2b portal which requires each user to accept the "terms of use" or other legal aspects. Links @SAP: Indentiy Management: http://help.sap.com/saphelp_nw2004s/helpdata/en/64/3843ed5a85d84ab4e4bd12... Adding Custom Attributes to the User Profile: http://help.sap.com/saphelp_nw2004s/helpdata/en/44/0316d50bbe025ce1000000... Structure of a Data Source Configuration File: http://help.sap.com/saphelp_nw2004s/helpdata/en/bd/e8fc3f8fc2c542e1000000... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3987758#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...