Although you can start Access Manager and log into the Access Manager console immediately after running the Java ES installer, you cannot perform basic user management operations until you complete some final configuration steps. These steps differ depending on whether or not Access Manager is using a Directory Server instance that is already provisioned with user data.
The next sections explain what to do in the following cases:
When Directory Server is already provisioned with user data, refer to Configuring Access Manager With an Existing Directory Server in the Sun Java System Access Manager 6 2005Q1 Migration Guide for a description of the final configuration steps.
When Directory Server is not yet provisioned with user data, perform the steps in the following sections:
Before performing the tasks in this section, Directory Server must be configured and running. To verify that Directory Server, is running, refer to Starting and Stopping Directory Server.
When the Directory Server referential integrity plug-in is enabled, it performs integrity updates on specified attributes immediately after a delete or rename operation. This ensures that relationships between related entries are maintained throughout the database. If the Referential Integrity Plug-in is not already enabled, perform the following procedure.
In Directory Server console, click Configuration.
In the navigation tree, double-click Plug-ins to expand the list of Plug-ins.
In the Plug-ins list, click Referential integrity postoperation.
In the properties area, check the Enable plug-in box.
Click Save.
Restart Directory Server to enable the plug-in.
Directory Server indexes improve the performance of searches of Directory Server data. The following table lists the recommended attributes that you should consider indexing for Access Manager (if they are not already indexed).
Table 6–2 Suggested Access Manager Indexes for Directory Server
Attribute |
Index Type |
nsroledn |
Equality, Presence, and Substring |
memberof |
Equality and Presence |
iplanet-am-static-group-dn |
Equality |
iplanet-am-modifiable-by |
Equality |
iplanet-am-user-federation-info-key |
Equality |
sunxmlkeyvalue |
Equality and Substring |
o |
Equality |
ou |
Equality, Presence, and Substring |
sunPreferredDomain |
Equality, Presence, and Substring |
associatedDomain |
Equality, Presence, and Substring |
sunOrganizationAlias |
Equality, Presence, and Substring |
Add indexes using either the Directory ServerConsole or the ldapmodify command-line utility. Use ldapmodify to load the Access Managerindex.ldif file, which is available in the following directory:
For Solaris OS: /etc/opt/SUNWam/config/ldif
For Linux: /etc/opt/sun/identity/config/ldif
For more information about both the Console and ldapmodify, see Chapter 10 of the Sun Java System Directory Server 5 2005Q1 Administration Guide.