test

Sun OpenSSO Enterprise 8.0 Administration Guide

Plugging in Data Stores

A data store is a database where you can store user attributes and user configuration data. OpenSSO Enterprise provides identity repository plug-ins that connect to an LDAPv3 identity repository framework. These plug-ins enable you to view and retrieve OpenSSO Enterprise user information without having to make changes in your existing user database. The OpenSSO Enterprise framework integrates data from the identity repository plug-in with data from other OpenSSO Enterprise plug-ins to form a virtual identity for each user. OpenSSO Enterprise can then use the universal identity in authentication and authorization processes among more than one identity repository. The virtual user identity is destroyed when the user's session ends.

An identity repository is a data store where information about users is stored. The data store might contain, for example, a user identifier and password, email address, application preferences and other forms of identity data. OpenSSO Enterprise provides an interface that enables a realm administrator to plug one or more identity data stores in to a realm. These plug-ins enable you to view and retrieve OpenSSO Enterprise user information without having to make changes in your existing user database. The OpenSSO Enterprise framework integrates data from the identity repository plug-in with data from other OpenSSO Enterprise plug-ins to form a virtual identity for each user. Because the plug-ins allow more than one identity data store to be configured per realm, OpenSSO Enterprise can access the many profiles of one identity across multiple identity repositories. This allows for the virtual identity for each user to be accessed for purposes of authentication and authorization. You can create a new data store instance using the following data store types:

Active Directory

This data store type uses the LDAP version 3 specification to write identity data to an instance of Microsoft Active Directory.

Generic LDAPv3

This data store type allows identity data to be written to any LDAPv3–compliant database.

Note –

If the LDAPv3 database you are using does not support Persistent Search, then you can not use the caching feature.

Sun Directory Server With OpenSSO Schema

This data store type resides in a Sun Directory Server instance and holds the OpenSSO Enterprise information tree. It differs from the OpenSSO Enterprise Repository Plug-in, in that more configuration attributes allow you to better customize the data store.

The following procedure documents how to configure a new data store.

ProcedureTo Create a New Data Store

Before You Begin

This procedure assumes you are logged into the OpenSSO console as the administrator, amAdmin.

  1. Click the Access Control tab.

  2. Click the name of the realm in which you want to add a new data store.

  3. Click the Data Stores tab.

  4. Click New from the Data Stores list.

  5. Enter a name for the data store.

  6. Select the type of data store you wish to create.

  7. Click Next.

  8. Configure the data store by entering the appropriate attribute values.

    See the Sun OpenSSO Enterprise 8.0 Administration Reference for attribute definitions.

  9. Click Finish.