In this deployment scenario, Sun Java System Directory Server is installed with an existing directory information tree (DIT), but the schema does not include the Sun organization and user naming attributes (that is, the sunISManagedOrganization object class is not in the root suffix).
You installed Access Manager 7.1 on a host server using either of these methods:
You ran the Java ES installer with the Configure Now option but did not load the DIT into your Directory Server.
You ran the Java ES installer with the Configure Later option and then ran the amconfig script with DIRECTORY_MODE set to 3 or 4.
In this deployment scenario, you must load the following Access Manager LDIF files into Directory Server:
sunone_schema2.ldif and ds_remote_schema.ldif
Access Manager schema changes
sunAMClient_schema.ldif and sunAMClient_data.ldif
Access Manager client data and schema changes
Access Manager entries
The Access Manager LDIF files are located in the following directory, depending on your platform:
Solaris systems: /etc/opt/SUNWam/config/ldif
Linux and HP-UX systems: /etc/opt/sun/identity/config/ldif
javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5.
To modify the Directory Server schema, you must have the appropriate Directory Server administrator privileges and know the administrator password.
To load the LDIF files, use either the Directory Service Control Center (DSCC) or the ldapmodify utility. For information about these options, see Deciding When to Use DSCC and When to Use the Command Line in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.
Load the sunone_schema2.ldif and ds_remote_schema.ldif files for the Access Manager schema changes.
Load the sunAMClient_schema.ldif and sunAMClient_data.ldif files for the Access Manager client data and schema changes.
In the installExisting.ldif file, edit the passwords (userPassword entry) for the following users:
Note: The passwords for puser, dsameuser, and amAdmin and can be the same value, but the password for amldapuser must be a different value.
Load the installExisting.ldif file.
Add the Directory Server indexes and enable the referential integrity plug-in, as described in the following sections:
Load the Access Manager services using the amserveradmin script:
Change to the directory where the amserveradmin script is located:
Solaris systems: /etc/opt/SUNWam/config/ums
Linux systems: /etc/opt/sun/identity/config/ums
Check the umsExisting.xml file and make any changes to the naming attribute values as required for your Directory Server implementation.
Edit the amserveradmin script and replace ums.xml with umsExisting.xml.
Run the amserveradmin script. For example:
# ./amserveradmin "cn=amadmin,ou=people,dc=example,dc=com" "amadmin_password"
Restart the Access Manager web container.
You should now be able to login to the Access Manager Admin Console.