Creating an OpenSSO User Data Store Using Sun Directory Server is Like Riding a Bicycle

My instance of OpenSSO Enterprise Express Build 7 was installed with the option to use the embedded data store as a user data store. This option is for proof-of-concepts only and should not be used in real-time deployments. I wanted to check out some stuff regarding roles and, as the roles portion of OpenSSO only works with an installed Sun Directory Server, I installed Directory Server EE 6.3.

If you haven't installed OpenSSO yet, check out OpenSSO Build 2 and Glassfish: Ready to Go. It's an older entry but still works - despite the old screen shots. Once complete, proceed with the following tasks.
  1. Make a directory named ds.
  2. Download Directory Server Enterprise Edition (EE) 6.3 into the ds directory.
  3. Decompress the file.
    gunzip DSEE.6.3.Solaris-Sparc-full.tar.gz
    tar xvf DSEE.6.3.Solaris-Sparc-full.tar

    For some reason, executing gunzip and tar with one command did not work on this compressed file.
  4. Make a directory named /opt/dsee.
  5. Install the Directory Server EE software into the /opt/ds directory.
    /ds/DSEE_ZIP_Distribution/dsee_deploy install -i /opt/dsee
  6. Press Enter until you reach the end of the license agreement.
  7. Type Yes when asked Do you accept the license terms? and press Enter to execute.
  8. Make a directory in which to store Directory Server EE instances.
    mkdir /opt/dsee/instances
  9. Change to the directory that contains the dsadm command-line interface.
    cd /opt/dsee/ds6/bin
  10. Create a new instance of Directory Server.
    ./dsadm create -p 389 -P 636 /opt/dsee/instances/ example
    You will be prompted to enter a password for cn=Directory Manager.
  11. Start the example instance.
    ./dsadm start /opt/dsee/instances/example
  12. Create the dc=example,dc=com suffix.
    ./dsconf create-suffix dc=example,dc=com
  13. Type Y to accept the server certificate.
  14. Enter the Directory Manager password.
    In the next steps, you will load the OpenSSO schema and add the Directory Server instance as a user data store with the OpenSSO console.

Because my installation initially used the embedded data store as a user store I was not able to select this Directory Server instance during configuration so I had to follow the instructions, Loading the OpenSSO Schema into Sun Java System Directory Server.

Finally, add the data store to a realm. I created a sub realm to the /Top Level Realm and added the data store to the sub realm.
  1. Login to the OpenSSO console as the administrator.
  2. Click the Access Control tab.
  3. Click New under Realms, enter the appropriate values and click OK to create a sub realm.
  4. Click the name of the new sub realm.
  5. Click the Data Stores tab.
  6. Remove the embedded data store, if applicable.
  7. Click New under Data Stores.
  8. Enter a name, select Sun DS with OpenSSO Schema, and click Next.
  9. Enter the appropriate server information and click OK.

At this point, I was able to create users using the OpenSSO console and the instance of Directory Server. I did have a some issues though viewing users I had imported from an LDIF file. Trainer extraordinaire David Goldsmith gave me these tips which worked.
  • Use the fully qualified host name as a value for LDAP Server when configuring the data store.
  • Set the Persistent Search Scope attribute to SCOPE_SUB as it is the default when you connect to an external LDAP directory during configuration.
  • Remove ou and people for the LDAP people container naming value and attribute. David wrote "I have no idea of why I had to blank out the 2 people container naming fields. I tried it because I used to have to do it in 7.0/7.1 but I have not had to do it in 8.0." The interesting thing about this tip is the values for those attributes are back. Maybe during restart, the attributes were repopulated?
So in honor of David and his bicycling ways, here is Queen with Bicycle Race, complete with footage from the bicycle race that was filmed especially for this video...back in the day. Those who were around...back in the day...might remember this footage. To you others, some quick elements are NSFW.

Comments:

Post a Comment:
Comments are closed for this entry.
About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today