Sun Java System Access Manager 7.1 Postinstallation Guide

Configuring Different Root Suffixes for the Access Manager Information Tree and User Directory Nodes

In Sun Java System Directory Server, you can separate Access Manager configuration data in the Access Manager information tree (or service management node) from the user data in the user directory (or user management node) by specifying a different root suffix for each node.

This scenario applies to deployments that want to separate the Access Manager configuration data from user data but do not support an LDAPv3 data repository. For example, deployments with Sun Java System Communications Suite products use the Access Manager SDK (AMSDK) to access user data.

If you deploying this scenario and are using the AMSDK to access user data in a Realm Mode deployment, a corresponding organization or sub-organization must exist for each realm or sub-realm. To have Access Manager create an organization or sub-organization for each realm or sub-realm, enable the Copy Realm Configuration attribute (sun-idrepo-amSDK-config-copyconfig-enabled) in the Access Manager Console for the default (top-level realm).

The following figure shows the directory structure for this scenario.

Figure A–1 Access Manager Information Tree and User Directory Nodes

This figure shows different root suffixes for the Access
Manager information tree and user data in the user directory node.

ProcedureTo Configure Different Root Suffixes for the Access Manager Information Tree and User Directory Nodes

To configure Access Manager with different suffixes for the Access Manager Information Tree (service management node) and user directory node, first install Access Manager by running the Java ES installer with the Configure Later option. Then, configure Access Manager by running the amconfig script with configuration values specified in the amsamplesilent file (or a copy of the file).

Important: Before you configure the two suffixes in the procedure below:

  1. Log in as or become superuser (root).

  2. Install Access Manager by running the Java ES installer with the Configure Later option.

  3. In the amsamplesilent file (or copy of the file), set the root suffixes as follows:

    • Set the SM_CONFIG_BASEDN variable to the root suffix of the Access Manager information tree node (service management node).

      Note: The value indicated by SM_CONFIG_BASEDN must already exist in the directory, created using Directory Server tools.

    • Set the ROOT_SUFFIX variable to the initial or root suffix of Directory Server.

  4. Set the CONFIG_* variables as follows:

    • Set CONFIG_AD to false (the default), since Sun Java System Directory Server is the configuration data store. The Directory Server schema will be loaded.

    • Set CONFIG_SERVER to the fully qualified domain name of the Directory Server host where the Access Manager Information Tree (service management data) is stored. The suffix on this host is indicated by the SM_CONFIG_BASEDN variable. The default is the value of DS_HOST.

    • Set CONFIG_PORT to the port for the Directory Server indicated by the CONFIG_SERVER variable. The default is the value of DS_PORT.

    • Set CONFIG_ADMINDN to the DN that is used to connect to the directory indicated by the CONFIG_SERVER variable. The default is "cn=dsameuser,ou=DSAME Users".

    • Set CONFIG_ADMINPASSWD to the password for CONFIG_ADMINDN. The default is the value of the ADMINPASSWD variable.

  5. Set any other variables in the amsamplesilent file (or copy of the file) as required for your deployment.

  6. Run the amconfig script with the edited amsamplesilent file (or copy of the file).

    For example, on a Solaris system with Access Manager installed in the default directory:

    # cd /opt/SUNWam/bin
    # ./amconfig ./amsamplesilent
  7. Restart the Access Manager web container.