Changing the Default Data Store for User Data to an LDAPv3–compliant Directory

After installing Federation Manager, its components are configured to work with user data that is stored in flat files. Following are the steps to change the default data store for user data from a flat file to an LDAPv3–compliant directory. User data can then be migrated to the directory based on the loaded LDIF schema. The following schemas are included with Federation Manager for this purpose.

Federation Manager does not contain scripts to migrate existing user data. Transferring any existing user data is outside the scope of this guide.

To Change the Default Data Store for User Data

If the Federation Manager WAR is exploded, you must restart the web container after making these changes. If the Federation Manager WAR is not exploded, make your changes in the staging directory, regenerate the WAR, and deploy the modified WAR. The following instructions assume that the WAR has been exploded.

1. Install your LDAPv3–compliant directory according to the product's documentation.

2. Locate the LDIF schema file for your directory server under /FederationManager-base/SUNWam/fm/ldif/.

   • Use fm_liberty_sds_schema.ldif if migrating data to Sun Java System Directory Server.

   • Use fm_liberty_ad_schema.ldif if migrating data to Microsoft Active Directory.

     You will need to replace the value of the ORG_ROOT_SUFFIX property with the appropriate root suffix before loading.

   • For all other LDAPv3–compliant directories, create an LDIF schema file accordingly.

3. Load the appropriate LDIF schema file into your directory by typing:

   ldapmodify -a -c -h host -p port -D bindDN -w bindpwd -f ldif-file

4. Enable the equality index for the iplanet-am-user-federation-info-key property in your directory server.

   If using Active Directory, indexing is already enabled through the attribute schema definition.

5. Edit the AMConfig.properties file by changing the value of the com.sun.identity.common.datastore.provider.default property from com.sun.identity.common.FileDataStoreProvider to com.sun.identity.common.LDAPDataStoreProvider

   AMConfig.properties is located in the /FederationManager-base/fmwar/web-src/WEB-INF/classes directory.

6. Modify the userdefault ServerGroup in the serverconfig.xml file as follows:

   • Change the host, port, and type attributes of the Server tag to reflect your directory's configuration.

   • Change the DirDN and DirPassword attributes in both the proxy and admin User tags to reflect an existing user DN and password (encrypted using ampassword). Alternately, you can  create a new administrator in the directory. This new user must have read, search, write and delete permission on all users to be managed.

   • Change the value of the BaseDN to that of the people container of your directory. For example, ou=People,dc=sun,dc=com.

   serverconfig.xml is located in the /exploded-FM-WAR-directory/WEB-INF/config directory where exploded-FM-WAR-directory is the directory to which the Federation Manager WAR was deployed.

7. Restart the web container.