Sun Identity Manager 8.1 Resources Reference

ProcedureConfiguring Directory Server for Use with the LDAP Adapter

  1. From the directory server configuration tab, click on the Replication folder, then select the “Enable change log” box. For 5.0 and later servers, you must also enable the RetroChangelog Snapin. On the configuration tab go to the plugin object, select the Retro change log plugin and enable it.

  2. To verify that the server is configured to maintain special attributes for newly created or modified entries, in the Directory Server console, click the Configuration tab, then select the root entry in the navigation tree in the left pane.

  3. Click the Settings subtab and verify that the Track Entry Modification Times box is checked.

    The server adds the following attributes to a newly created or modified entry to determine if an event was initiated from Identity Manager.

    • creatorsName: The DN of the person who initially created the entry.

    • modifiersName: The DN of the person who last modified the entry.

  4. Connect to a directory server through SSL in which a self-signed certificate has been implemented by performing the following procedure:

    • Export the CA certificate from the directory server to a temporary file. For example, on Sun Java System Directory Server, enter the following command:

      certutil -L -d DB_Directory -P slapd-HostName- -n Nickname -a > ds-cert.txt
    • Import this certificate into your keystore.

    • cd $JAVA_HOME/jre/lib/security
      keytool -import -file PathTo/ds-cert.txt -keystore ./cacerts
       -storepass changeit -trustcacerts