To Configure Different Root Suffixes for the Access Manager Information Tree and User Directory Nodes (Sun Java System Access Manager 7.1 Postinstallation Guide)

Sun Java System Access Manager 7.1 Postinstallation Guide

Previous: Configuring a User Directory on a Directory Server Instance Different From the Access Manager Information Tree Node
Next: Configuring Access Manager With Directory Server in MMR Mode

To Configure Different Root Suffixes for the Access Manager Information Tree and User Directory Nodes

To configure Access Manager with different suffixes for the Access Manager Information Tree (service management node) and user directory node, first install Access Manager by running the Java ES installer with the Configure Later option. Then, configure Access Manager by running the amconfig script with configuration values specified in the amsamplesilent file (or a copy of the file).

Important: Before you configure the two suffixes in the procedure below:

The Access Manager Information Tree (service management node), which is specified by the SM_CONFIG_BASEDN variable in the amsamplesilent file, must exist in the directory. Create this node in the directory using a tool of your choice.
The administrator and associated password, which are specified by the CONFIG_ADMINDN and CONFIG_ADMINPASSWD variables in the amsamplesilent file, must exist in the directory and must have read and write permissions to the Access Manager Information Tree (service management node), which is specified by the SM_CONFIG_BASEDN variable. During installation, Access Manager does not create this user or any ACIs in the directory.

Install Access Manager by running the Java ES installer with the Configure Later option.

In the amsamplesilent file (or copy of the file), set the root suffixes as follows:
- Set the SM_CONFIG_BASEDN variable to the root suffix of the Access Manager information tree node (service management node).
  
  Note: The value indicated by SM_CONFIG_BASEDN must already exist in the directory, created using Directory Server tools.
- Set the ROOT_SUFFIX variable to the initial or root suffix of Directory Server.

Set the CONFIG_* variables as follows:
- Set CONFIG_AD to false (the default), since Sun Java System Directory Server is the configuration data store. The Directory Server schema will be loaded.
- Set CONFIG_SERVER to the fully qualified domain name of the Directory Server host where the Access Manager Information Tree (service management data) is stored. The suffix on this host is indicated by the SM_CONFIG_BASEDN variable. The default is the value of DS_HOST.
- Set CONFIG_PORT to the port for the Directory Server indicated by the CONFIG_SERVER variable. The default is the value of DS_PORT.
- Set CONFIG_ADMINDN to the DN that is used to connect to the directory indicated by the CONFIG_SERVER variable. The default is "cn=dsameuser,ou=DSAME Users".
- Set CONFIG_ADMINPASSWD to the password for CONFIG_ADMINDN. The default is the value of the ADMINPASSWD variable.

Set any other variables in the amsamplesilent file (or copy of the file) as required for your deployment.

Run the amconfig script with the edited amsamplesilent file (or copy of the file).

For example, on a Solaris system with Access Manager installed in the default directory:
```
# cd /opt/SUNWam/bin
# ./amconfig ./amsamplesilent
```

Restart the Access Manager web container.