Administration

The Administration service enables you to configure the OpenSSO Enterprise console at both the global level as well as at a configured realm level (Preferences or Options specific to a configured realm). The Administration service attributes are global and realm attributes.

If you have upgraded to OpenSSO Enterprise 8.0 and are running in legacy mode, a large number attributes will be displayed in the console. The complete list of attributes and their descriptions are listed in the OpenSSO Enterprise 8.0 online help and in the Sun Java System Access Manager 7.1 Administration Reference.

The attributes are:

• Federation Management

• Default Agents Container

• Maximum Results Returned From Search

• Timeout For Search

• User Search Key

• Search Return Attribute

• Maximum Entries Displayed per Page

• External Attributes Fetch

Federation Management

Enables Federation Management. It is selected by default. To disable this feature, deselect the field The Federation Management tab will not appear in the console.

Default Agents Container

Specifies the default agent container into which the agent is created. The default is Agents.

Maximum Results Returned From Search

This field defines the maximum number of results returned from a search. The default value is 100.

Do not set this attribute to a large value (greater than 1000) unless sufficient system resources are allocated.

OpenSSO Enterprise is preconfigured to return a maximum size of 4000 search entries. This value can be changed through the console or by using ldapmodify. If you wish to change it using ldapmodify,create a newConfig.xml, with the following values (in this example, nsSizeLimit: -1 means unlimited):

dn: cn=puser,ou=DSAME Users,ORG_ROOT_SUFFIX
changetype: modify
replace:nsSizeLimit
nsSizeLimit: -1

Then, run ldapmodify. For example:

setenv LD_LIBRARY_PATH /opt/SUNWam/lib/:
/opt/SUNWam/ldaplib/ldapsdk:/usr/lib/mps:/usr/share/lib/mps/secv1:/usr/lib/mps/secv1:
$LD_LIBRARY_PATH

./ldapmodify -D "cn=Directory Manager" -w "iplanet333" -c -a 
-h hostname.domain -p 389 -f  newConfig.xml

Modifications to this attribute done through LDAPModify will take precedence to those made through the OpenSSO Enterprise Console.

Timeout For Search

Defines the amount of time (in number of seconds) that a search will continue before timing out. It is used to stop potentially long searches. After the maximum search time is reached, the search terminates and returns an error. The default is 5 seconds.

Directory Server is been preconfigured with a timeout value of 120 seconds. This value can be changed through the Directory Server console or by using ldapmodify. If you wish to change it using ldapmodify,create a newConfig.xml, with the following values (this example changes the timeout from 120 seconds to 3600 seconds):

dn: cn=config
changetype: modify
replace:nsslapd-timelimit
nsslapd-timelimit: 3600

Then, run ldapmodify. For example:

setenv LD_LIBRARY_PATH /opt/SUNWam/lib/:
/opt/SUNWam/ldaplib/ldapsdk:/usr/lib/mps:/usr/share/lib/mps/secv1:/usr/lib/mps/secv1:
$LD_LIBRARY_PATH

./ldapmodify -D "cn=Directory Manager" -w "iplanet333" 
-c -a -h hostname.domain -p 389 -f  newConfig.xml

User Search Key

This attribute defines the attribute name that is to be searched upon when performing a simple search in the Navigation page. The default value for this attribute is cn.

For example, if you enter j* in the Name field in the Navigation frame, users whose names begins with "j" or "J" will be displayed.

Search Return Attribute

This field defines the attribute name used when displaying the users returned from a simple search. The default of this attribute is uid cn. This will display the user ID and the user's full name.

The attribute name that is listed first is also used as the key for sorting the set of users that will be returned. To avoid performance degradation, use an attribute whose value is set in a user's entry.

Maximum Entries Displayed per Page

This attribute allows you to define the maximum rows that can be displayed per page. The default is 25. For example, if a user search returns 100 rows, there will be 4 pages with 25 rows displayed in each page.

External Attributes Fetch

This option enables callbacks for plug-ins to retrieve external attributes (any external application-specific attribute). External attributes are not cached in the OpenSSO Enterprise SDK, so this attribute allows you enable attribute retrieval per realm level. By default, this option is not enabled