Friday Mar 21, 2008

Configuring DSEE as a User Data Store is Easy

There are two ways to configure Sun Java System Directory Server Enterprise Edition (DSEE) as the user data store for OpenSSO.

  1. By configuring DSEE as a user data store during deployment.
  2. By preparing the DSEE manually.

The first option is easy-breezy. When you first launch OpenSSO, the configurator is displayed. By checking the Load UM Schema option and pointing to the instance of DSEE, that instance will be configured as the user data store.

The second option is a little less breezy. Follow this procedure to configure DSEE manually.

  1. Load the user attribute schema and index files into DSEE using ldapmodify.

    For example:

    ldapmodify -h host -p port -D"cn=directory manager" -w passwd -c -f file-name

    TIP: If you run into a SASL BIND error, use the -x option with ldapmodify.

    The schema and index files\* are (and can be found in):

    • /path-to-context-root/fam/WEB-INF/template/sms/sunone_schema2.ldif
    • /path-to-context-root/fam/WEB-INF/template/sms/ds_remote_schema.ldif
    • /path-to-context-root/fam/WEB-INF/template/openfm/fam_sds_schema.ldif (also in /fam/ldif/ and /opensso)
    • /path-to-context-root/fam/WEB-INF/template/openfm/fam_sds_index.ldif (also in /fam/ldif/)
    • /path-to-context-root/fam/WEB-INF/template/sms/index.ldif
    • /path-to-context-root/fam/WEB-INF/template/sms/plugin.ldif

    path-to-context-root is specific to the web container on which OpenSSO is deployed.

    \*NOTE: The schema files are platform and root suffix neutral; you can retrieve these files from any instance of OpenSSO and load them to any other instance. The index files, on the other hand, are not neutral. index.ldif and fam_sds_index.ldif contain the back-end database name of the instance to which they were originally deployed. For example, if originally deployed in a system with a dc=red,dc=sun1,dc=com root suffix, an index entry might look like:

    dn: cn=nsroledn,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=memberof,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=iplanet-am-static-group-dn,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=iplanet-am-modifiable-by,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=sunxmlkeyvalue,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=o,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=ou,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=sunPreferredDomain,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=associatedDomain,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config
    dn: cn=sunOrganizationAlias,cn=index,cn=red,cn=ldbm database,cn=plugins,cn=config

    Thus, in order to use these index files on a system with the root suffix of dc=sun2,dc=com, replace all occurrences of red in the files with sun2 before loading.

  2. Prepare the DIT for the default Data Store configuration by creating the base container entries.

    1. Copy the following text into a file named /tmp/new/ldapentries.
      
      
      dn: ou=people,dc=sun,dc=com
      objectClass: top
      objectClass: organizationalUnit
      
      dn: ou=groups,dc=sun,dc=com
      objectClass: top
      objectClass: organizationalUnit
      
      

      NOTE: Be sure to replace dc=sun,dc=com with your root suffix.
    2. Run the following command:

      ldapmodify -h host -p port -D"cn=directory manager" -w passwd -c -a -f /tmp/new/ldapentries
Now you can login to OpenSSO and create a data store with the FAM schema using DSEE. The bind DN is cn=dsameuser,ou=dsame users,ROOT_SUFFIX.

Now to remind you just how easy that was - here's the Barenaked Ladies with Easy.

About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today