Configuring DSEE as a User Data Store is Easy

There are two ways to configure Sun Java System Directory Server Enterprise Edition (DSEE) as the user data store for OpenSSO.

  1. By configuring DSEE as a user data store during deployment.
  2. By preparing the DSEE manually.

The first option is easy-breezy. When you first launch OpenSSO, the configurator is displayed. By checking the Load UM Schema option and pointing to the instance of DSEE, that instance will be configured as the user data store.

The second option is a little less breezy. Follow this procedure to configure DSEE manually.

  1. Load the user attribute schema and index files into DSEE using ldapmodify.

    For example:

    ldapmodify -h host -p port -D"cn=directory manager" -w passwd -c -f file-name

    TIP: If you run into a SASL BIND error, use the -x option with ldapmodify.

    The schema and index files\* are (and can be found in):

    • /path-to-context-root/fam/WEB-INF/template/sms/sunone_schema2.ldif
    • /path-to-context-root/fam/WEB-INF/template/sms/ds_remote_schema.ldif
    • /path-to-context-root/fam/WEB-INF/template/openfm/fam_sds_schema.ldif (also in /fam/ldif/ and /opensso)
    • /path-to-context-root/fam/WEB-INF/template/openfm/fam_sds_index.ldif (also in /fam/ldif/)
    • /path-to-context-root/fam/WEB-INF/template/sms/index.ldif
    • /path-to-context-root/fam/WEB-INF/template/sms/plugin.ldif

    path-to-context-root is specific to the web container on which OpenSSO is deployed.

    \*NOTE: The schema files are platform and root suffix neutral; you can retrieve these files from any instance of OpenSSO and load them to any other instance. The index files, on the other hand, are not neutral. index.ldif and fam_sds_index.ldif contain the back-end database name of the instance to which they were originally deployed. For example, if originally deployed in a system with a dc=red,dc=sun1,dc=com root suffix, an index entry might look like:

    dn: cn=nsroledn,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=memberof,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=iplanet-am-static-group-dn,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=iplanet-am-modifiable-by,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=sunxmlkeyvalue,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=o,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=ou,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=sunPreferredDomain,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=associatedDomain,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=sunOrganizationAlias,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config

    Thus, in order to use these index files on a system with the root suffix of dc=sun2,dc=com, replace all occurrences of red in the files with sun2 before loading.

  2. Prepare the DIT for the default Data Store configuration by creating the base container entries.

    1. Copy the following text into a file named /tmp/new/ldapentries.
      
      
      dn: ou=people,dc=sun,dc=com
      objectClass: top
      objectClass: organizationalUnit
      
      dn: ou=groups,dc=sun,dc=com
      objectClass: top
      objectClass: organizationalUnit
      
      

      NOTE: Be sure to replace dc=sun,dc=com with your root suffix.
    2. Run the following command:

      ldapmodify -h host -p port -D"cn=directory manager" -w passwd -c -a -f /tmp/new/ldapentries
Now you can login to OpenSSO and create a data store with the FAM schema using DSEE. The bind DN is cn=dsameuser,ou=dsame users,ROOT_SUFFIX.

Now to remind you just how easy that was - here's the Barenaked Ladies with Easy.

Comments:

Thanks, Ken, for the correction on step 2a.

Posted by DocTeger on March 21, 2008 at 08:32 AM PDT #

Hi,

Normally we have the indif.ldif file for Sun Access Manager in /etc/opt/SUNWam/config/index.ldif.

Just wanted to know after changing the cn value in the ldif, I need to do an ldapmodify in the Directory Server which i am going to use for User Store.
Thanks alot,

Posted by Ranjan on April 15, 2008 at 09:09 AM PDT #

The paths given in this entry are based on OpenSSO and Federated Access Manager - different from Access Manager. And thanks for the the ldapmodify tip, Ranjan.

Posted by DocTeger on April 15, 2008 at 11:53 PM PDT #

Post a Comment:
Comments are closed for this entry.
About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today