Configuring Active Directory With the OpenSSO Enterprise Schema Files
The Access Manager Identity Repository (IdRepo) LDAPv3 plug-in must be able to assign the service's object class name to the user's object class attribute, so it can tell if a user has been assigned a given service. The following procedure describes how to load the OpenSSO Enterprise schema files into Active Directory and then to configure OpenSSO Enterprise to enable the OpenSSO Enterprise services.
To Configure Active Directory with OpenSSO Enterprise
Schema Files
-
Back up the am_remote_ad_schema.ldif file.
After you have unzipped opensso_enterprise_80.zip, this file is available in the following directory:
zip-root/opensso/ldif
-
In the am_remote_ad_schema.ldif file, replace @ROOT_SUFFIX@ with the root suffix of your Active Directory installation.
-
Using Active Directory tools (or another tool of your choice), load the am_remote_ad_schema.ldif file from the previous step into Active Directory.
-
Log in to the OpenSSO Administration Console. In the data store configuration page's LDAP User Attributes field, add the attribute names defined in the above LDIF file.
-
If you are writing your own service with dynamic user attributes, the service.ldif file for Active Directory must NOT have the following lines:
dn: CN=User,CN=Schema,CN=Configuration,ROOT_SUFFIX changetype: modify add: auxiliaryClass auxiliaryClass: yourClassname
Otherwise, OpenSSO Enterprise will not be able to assign the service's object class name to the user's object class attribute.
- © 2010, Oracle Corporation and/or its affiliates