Contents


About this Guide

Who Should Use This Book
What You Are Expected to Know
How This Book Is Organized
The iPlanet Directory Server Access Management Edition Documentation Set
Documentation Conventions Used in This Manual

Typographic Conventions
Terminology

Related Information

Chapter 1 DSAME Programmer's Overview

Extending iPlanet Directory Server Access Management Edition

Which APIs, SPIs, and XML Interfaces You Can Customize

Overview of Service Development Process When Extending DSAME Interfaces

Chapter 2 Pluggable Authentication SPI

Overview of Pluggable Authentication SPI
Authentication Process Overview

Client Interface (Authentication Service using HTML/HTTP)

Authentication Service Provided as HTML over HTTP(s) Interface
Authentication Framework
Authentication Plug-In Module Interfaces (SPI)

Overview of Integrating Authentication Modules in DSAME

Where to find the Public Javadocs for Authentication SPIs
Classes and Methods you must Implement when creating a custom Authentication Service
Do You need to create a Service XML for your custom Authentication Service
Core Authentication Service Defines Configuration for all Authentication Services

Understanding the screen.properties File

Product Directories where .properties and Sample .java Files are Located
Use an existing service XML file to create your Custom Authentication XML
amAuth.xml is Used for General Authentication Configuration

Writing and Integrating a Pluggable Authentication Module

Requirements and Recommendations

Recommendations

Compiling the Authentication Sample

Set Environment Variables
Run the Make Command

Integrating the Authentication Sample program
Running the Authentication Sample program
Sample Code

Sample Properties File
Sample Authentication Module Source
Sample XML Files

Resource Bundle .properties File

Chapter 3 HTML Templates

Setting up Login Pages for Different Organizations

How Authentication Templates Work

Templates for Customizing the Authentication Pages

Chapter 4 Single Sign-On

Introduction to the Single Sign-On Solution
How SSO Uses Cookies
How SSO Uses Tokens
Overview of Web-Based Single Sign On (SSO) APIs

Overview of SSO Classes/Interfaces
SSO Feature Intended for SSO Client Applications

Public SSO Classes/Interfaces

Using the SSO Samples

Compiling and Running the SSO Sample Application

SSOTokenSampleServlet.java File
SampleTokenListener.java
SSOTokenSampleServlet.java File

Chapter 5 Understanding DSAME XMLs and DTDs

Understanding DSAME Services
Things to Consider about DSAME Services

Internal Services vs. External Services
Service Schema defines service attributes and optionally default values

What Happens When you Register a Service
Overview of Services Management in DSAME

Services Management Module in DSAME
Global Attributes
Organization Attributes
Dynamic Attributes
Policy Attributes
User Attributes
Defining and Adding Services to DSAME

Adding a Custom Service to DSAME
When You Create a Service XML, Attributes Must be Defined (Default Values are Optional, but Recommended)
Attribute value in schema provides a default value for administrators and users
Defining an empty attribute value in Schema
Using DSAME to manage attributes in your existing DIT
When Adding a new Service or Application, You must Define Schema (Object classes and attributes) in Directory Server
Adding an Existing Application to DSAME
Enabling a Service for an Organization or Role in DSAME console

Defining Global Attribute Types in a Service
Defining Organization Attributes in a Service
Defining Dynamic Attributes in a Service

Organizations and Dynamic Attributes

Defining Dynamic and Policy Attributes
Roles in DSAME

What Happens when a User is Assigned to a Role
Overview of Roles in DSAME
How DSAME uses Roles

Roles
CoS
CoSQualifiers used by DSAME
Organizations and CoS
Registering a Service Creates a CoS Definition and CoS Template
Roles in DSAME are at a higher level of abstraction than Directory server roles
How Organizations and Roles use Dynamic Attributes
How Dynamic Attributes are used in Roles
How Dynamic Attributes are used in Organizations and Roles
How DSAME Dynamic and Policy Attributes Use CoS
Roles and Dynamic Attributes
Conflicts with multiple organizations or roles
Conflicts and Dynamic (or Policy) Attributes

Roles

Organizations and CoS
Roles and CoS

Roles and ACIs

Defining Policy Attributes in a Service

Policy Attributes

Administrators can assign policies to organizations or roles in DSAME console
Policy Service XML
Roles and Policy (Aggregation)

Overview of User Management Module
Adding User Attributes to DSAME
Defining User Attributes in a Service

User is considered a Service in DSAME

Customizing User Pages

Extending what DSAME displays on the User Page in DSAME console

How the "any" Attribute can be used in Service XML Files
Extending the amEntrySpecific.xml File

Adding attributes Common to all Users to the User Service in DSAME

Customizing Organization Pages

Purpose of amEntrySpecific.xml File

any Attribute
Type Attribute

Cases where Service Developers must Modify the ums.xml Configuration File
What DSAME Supports in the Service Registration DTD

Service Schema Definitions Supported by DSAME 5.0
Attributes and Elements that DSAME Supports

Purpose of an XML DTD
Where you can find Further Information on XML and DTDs

Description of sms.dtd Elements and Attributes

ServicesConfiguration Element
Schema Element
Service Element
Service Name and Version Attribute List
Service Name Attribute
i18nFileName Attribute
i18nKey Attribute
i18NKey Attribute and i18NFileName Attribute
Global Attributes
Organization Attributes
Dynamic Attributes
Policy Elements
User attributes
Global Element, AttributeSchema and SubSchema Sub-elements
Attribute Schema Sub-Element
Service Sub-Schema Element
AttributeSchema Element, ChoiceValues, BooleanValues, and DefaultValues Sub-elements
AttributeSchema Attribute, name Attribute
AttributeSchema Element, Type Attribute
AttributeSchema Element, Syntax Attribute
Syntax Attribute, boolean value
Syntax Attribute, string value
AttributeSchema syntax Attribute, password value
AttributeSchema Element, ChoiceValues Sub-element
AttributeSchema Element, syntax Attribute, boolean value
AttributeSchema Element, CoSQualifier Attribute
AttributeSchema Element, any Attribute
Organization Element
Dynamic Element
Policy Element
User Element

Policy Management Module

Overview of Some Policy Concepts and Terms in DSAME

Policy Schema
Named Policy and Assigned Policy

Adding a Custom Service

High Level Flow for Creating and Registering Services
Some Things to Consider When Creating a New Service

Description of sampleMailService Files

sampleMailServiceSchema.ldif File
sampleMailService.xml File
sampleMailService.properties File
Explanation of Policy Schema Definitions in sampleMailService.xml

Policy Schema must be defined before Policy Template can be Created in DSAME Console

amAdmin.dtd Used when Performing Batch Updates to DIT

Batch Operations you can perform using the amAdmin.dtd
Files Used to perform Batch Updates to DIT

Description of amAdmin.dtd

Requests Element
OrganizationRequests Element
CreateSubOrganization Element
CreateGroup Element
CreateRole Element
CreatePolicy Element
Rule Element with ServiceName, ResourceName?, and AttributeValuePair+ Sub-Elements
GetSubOrganizations Element
GetPeopleContainers, GetGroups, and GetRoles Elements
GetUsers Element
RegisterServices and UnregisterServices Elements
ActivateServices and DeactivateServices Elements
GetActivatedServiceNames, GetRegisteredServiceNames, and GetNumberofServices Elements
DeleteSubOrganizations Element
DeletePeopleContainers Element
DeleteGroups Element
DeleteRoles Element
DeletePolicy Element
PolicyName Element
ContainerRequests Element

Sample File (createRequests.xml) to Perform batch Updates to DIT

Chapter 6 Using the Command Line Interface

Overview of the amadmin Command Line Interface Tool
How the amadmin CLI Tool Works

Service schema definition in XML and registration
Data creation in Directory Server DIT (or populating the Directory Server DIT):

What you can use the amadmin tool for

Requirements to run amadmin CLI Tool
Installation/Setup

Syntax for using the amadmin Tool

Syntax Description for the amadmin Command Line Interface Tool

Registering Services in DSAME
Registering and Unregistering a Service for an Organization

Unregistering a service
Get Number Of Services

Guidelines for Loading Services into DSAME

Make Sure you have the Necessary Files before Loading a Service
Extend the Service Schema by Loading the .ldif File
Restart the Directory Server
Specify pathname for sampleMailService.properties in jvm12.conf File
Start the Servers (Web and Directory Server )
Import the Service XML File(s)
Register the Service

Sample .ldif file that shows the objectclass of a service added to a user entry

Add the sampleMailService to the Service Hierarchy

Administration Service Attribute (iplanet-am-admin-console-service-hierarchy)

Assign Policies to the Sample Mail Service
View the Policy Profile for a Service that has been added to DSAME
View the Profile for an Added Service

Guidelines on Performing Batch Updates to User Objects in Directory Server

List of Sample XML Files for Performing Batch Updates to DIT

Steps to Perform Batch Updates to DIT

Define user objects in createRequests.xml File
Changes to make if the DSAME product is installed in Compliant mode (iPlanet DIT and schema mode)
Load the Batch Update Defined in the XML File into DSAME
Verifying that the DIT has been Populated Correctly

Verification Caution

View the .ldif File to Ensure that the objects were created in the Directory server

Tips when running amadmin Tool

Using ldapmodify versus the DSAME amadmin Tool
Benefits of using CLI and XML Files
How to Determine Attribute/Value Pairs to Provide in the XML Files
Which XML Files are Used for DSAME User Management
Explanation on Defining GetUsers in amAdmin.dtd
All Files Input with the amadmin Tool must be XML Files
Using amadmin vs. DSAME's Admin Console
Service Registration XML DTD

Deleting a Service that has been Registered and Configured
You should not delete the DAI Service (ums.xml configuration file)