test

Technical Case Study: Sun Java Enterprise System SunWeb 4.0

Preparing the User Management Specification

The process of installing and configuring a Java ES deployment establishes both the LDAP schema and the basic tree structure of the LDAP directory. Before beginning the installation and configuration process, you must analyze your directory needs and develop specifications for a schema and a directory tree structure that support your Java ES deployment. At installation and configuration time, the specification ensures that the correct values are input.

This section specifies the LDAP schema and the directory tree specifications for the SunWeb deployment. It also describes how the installation and configuration process establishes the directory schema and the directory tree structure for the deployment.

The LDAP Schema

The Java ES installation and configuration process establishes an LDAP schema for the deployment. The LDAP schema is constructed in stages. Depending on the components in the deployment, the schema can be constructed by the Java ES installer, several of the configuration tools, and the LDAP commands.

With Java ES deployments in general, you need to specify the LDAP schema before you install and configure so that you can select the correct installation and configuration parameters. This section describes the LDAP schema for the SunWeb deployment and the installation parameters that you input to construct the schema.

The first step in specifying the schema for a deployment is to identify the services that the directory service must support. For the SunWeb deployment, the directory service must support the following basic services:

These requirements lead to a relatively simple schema for the SunWeb LDAP directory. To support Access Manager, the schema must be brought up to Schema 2.

Note –

Java ES solutions that use Directory Server can use either of two versions of a Sun standard LDAP schema for messaging and calendaring, which are known as Schema 1 and Schema 2. Schema 2 natively supports Access Manager and Access Manager’s single sign-on feature.

To support control of employee access to portal content, a number of object classes and attributes that correspond to the different types of portal content must be added to the schema. Access Manager uses these object classes and attributes to determine which types of content each user is allowed to view.

The installation and configuration process constructs the schema for the SunWeb deployment as follows:

  1. Installing Directory Server creates the basic schema.

  2. Installing Access Manager applies Schema 2 to the directory.

    Directory Server must be installed before Access Manager, and the Directory Server instances must be running while the Access Manager instances are installed.

  3. Adding the object classes and attributes that identify portal services and portal desktop configuration prepares the directory for use in the SunWeb deployment.

    Some of the attributes used in the SunWeb schema make use of Directory Server's filtered role feature. The roles are associated with portal display profiles that specify the personalized content for a portal user based on several attributes.

The Directory Tree Structure

The LDAP directory for a Java ES deployment can be simple or complex, depending on the organization’s needs for organizing user data. The LDAP directory for the SunWeb deployment is primarily used to support employees who use the portal service. The SunWeb directory does not need a complex tree structure to classify employee records. That type of classification is maintained in the main corporate LDAP directory.

The directory structure developed to support the SunWeb requirements is illustrated in the following figure.

Figure 4–2 LDAP Directory Tree for the SunWeb Deployment

Graphic representation of the directory tree described in the text.

The root of the SunWeb directory tree is dc=sun,dc=com. The data for SunWeb portal users is stored in ou=people,dc=sun,dc=com.