Removing Authentication Module From Auth Chain On Command Line

Someone asked me for help to correct an Access Manager 7.1 environment. The default auth chain "ldapService" was modified on this AM7.1 instance by adding anonymous module as required. However, the anonymous module was not configured right to include amadmin in the user list. After this change, amadmin can not login any more to the default auth chain.

I wrote a script to fix this quickly.

host=myds.sun.com
port=389
pass=password
rootdn="dc=sun,dc=com"
dn="ou=ldapService,ou=Configurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthConfiguration,ou=services,$rootdn"
new="iplanet-am-auth-configuration=LDAP REQUIRED "
old="iplanet-am-auth-configuration=LDAP REQUIRED Anonymous REQUIRED "

ldapmodify -D "cn=Directory Manager" -w $pass -h $host -p $port << EOF
dn: $dn
changetype: modify
delete: sunkeyvalue
sunkeyvalue: $old
EOF

ldapmodify -D "cn=Directory Manager" -w $pass -h $host -p $port << EOF
dn: $dn
changetype: modify
add: sunkeyvalue
sunkeyvalue: $new
EOF

Actually this can be fixed on console itself. Though amadmin can not login to AM7.1 by URL /amserver/UI/Login, you should be able to login by appending ?module=LDAP or ?module=DataStore to the login URL.

Comments:

Post a Comment:
Comments are closed for this entry.
About

gc

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today