7.1 Creating and Configuring a New User Data Store

1. Create a user data store instance on Directory Server 1.

2. Create a user data store instance on Directory Server 2.

3. Create a new branch in the user data store.

4. Import users into the user data store.

In this deployment example, the new user data store is created within the same Directory Servers as the Access Manager configuration store. In most cases, the new data store would be created in a different Directory Server.

Figure 7–1 Directory Servers with User Data and Access Manager Configuration

To Create a User Data Store Instance on Directory Server 1

1. As a root user log in to the Directory Server 1 host.

2. Run the netstat command to be sure the that the Directory Server administration port is open.

   # cd /var/opt/mps/serverroot

   # netstat —an | grep 1391

   * 1390			*.*			0			0 49152			0 LISTEN

   If the administration server is not running, start it now:

   # ./start-admin

3. Start the Directory Server console.

   # ./startconsole &

4. Log in to the Directory Server console using the following information:

   Username

   cn=Directory Manager

   Password

   d1rm4n4ger

   Administration URL

   http://DirectoryServer-1.example.com:1391

5. Expand the example.com domain, the DirectoryServer-1.example.comnode, and the Server Group object.

   You should see three Directory Server objects: an Administration Server, Directory Server (ds-config), and Directory Server (am-config).

6. Right-click the Server Group object, and choose “Create Instance Of.”

   Choose Sun Java^TM System Directory Server.

7. In the Create New Instance dialog, provide the following information and then click OK:

   Server Identifier:

   am-users

   Network port:

   1489

   Base suffix:

   dc=company,dc=com

   Directory Manager DN:

   cn=Directory Manager

   Directory Manager Password:

   d1rm4n4ger

   Confirm password:

   d1rm4n4ger

   Server Runtime (UNIX) user ID:

   nobody

   In the navigation tree, the new instance Directory Server (am-users) is added to the Server Group list.

8. In the navigation tree, click the Directory Server (am-users) to open its console.

   Verify that the Server status indicates “Started.”

9. Click Open, then click the Directory tab.

   In the DirectoryServer-1.example.com:1489 node, you should see the new user data store base suffix dc=company,dc=com .

To Create a User Data Store Instance on Directory Server 2

1. As a root user log in to the Directory Server 2 host.

2. Run the netstat command to be sure the that the Directory Server administration port is open.

   # cd /var/opt/mps/serverroot

   # netstat —an | grep 1391

   * 1390			*.*			0			0 49152			0 LISTEN

   If the administration server is not running, start it now:

   # ./start-admin

3. Start the Directory Server console.

   # ./startconsole &

4. Log in to the Directory Server console using the following information:

   Username

   cn=Directory Manager

   Password

   d1rm4n4ger

   Administration URL

   http://DirectoryServer-2.example.com:1391

5. Expand the example.com domain, the DirectoryServer-2.example.comnode, and the Server Group object.

   You should see three Directory Server objects: an Administration Server, Directory Server (ds-config), and Directory Server (am-config).

6. Right-click the Server Group object, and choose “Create Instance Of.”

   Choose Sun Java System Directory Server.

7. In the Create New Instance dialog, provide the following information and then click OK:

   Server Identifier:

   am-users

   Network port:

   1489

   Base suffix:

   dc=company,dc=com

   Directory Manager DN:

   cn=Directory Manager

   Directory Manager Password:

   d1rm4n4ger

   Confirm password:

   d1rm4n4ger

   Server Runtime (UNIX) user ID:

   nobody

   In the navigation tree, the new instance Directory Server (am-users) is added to the Server Group list.

8. In the navigation tree, click the Directory Server (am-users) to open its console.

   Verify that the Server status indicates “Started.”

9. Click Open, then click the Directory tab.

   In the DirectoryServer-2.example.com:1489 node, you should see the new user data store base suffix dc=company,dc=com .

To Create a New Branch in the User Data Store

You only have to perform these steps on Directory Server 1. With multi-master replication enabled, all changes to the directory are automatically replicated to Directory Server 2.

1. Log in to the Directory Server 1 console using the following information.

   Username

   cn=Directory Manager

   Password

   d1rm4n4ger

   Administration URL

   http://DirectoryServer-1.example.com:1391

2. In the navigation pane, expand the example.com suffix, and expand the Server Group objects.

3. Under Server Group, click the am-usersinstance.

   In the am-users console properties page, click Open.

4. Click the Directory tab,

5. Select New Instance, and then open the new instance.

6. Click the Directory tab.

7. Right click the dc=company, dc=com suffix, and choose “Create a new Organization Unit.”

8. In the Create New Organizational Unit dialog, in the Name field, enter users, and then click OK.

   On the Directory tab, click the dc=company,dc=com suffix. You should see the new users instance in the list.

To Import Users into the User Data Store

In this procedure, you create four special accounts for the following users:

• The user userdbadmin will be used by the AccessManager servers to connect to the user data store for data management purposes.

• The user userdbauthadmin will be used by the AccessManager servers to authenticate users to the user data store.

• The user testuser1 will be used to verify that the Policy Agent is configured properly.

• The user testuser2 will be used to verify the working of the Policy Agent.

1. Create an LDIF file named /tmp/am-users.ldif.

   The file should contain the following users:

   dn: uid=userdbadmin,ou=users,dc=company,dc=com
   uid: userdbadmin
   givenName: UserDB
   objectClass: top
   objectClass: person
   objectClass: organizationalPerson
   objectClass: inetorgperson
   sn: Admin
   cn: UserDB Admin
   userPassword: 4serd84dmin
   
   dn: uid=userdbauthadmin,ou=users,dc=company,dc=com
   uid: userdbauthadmin
   givenName: UserDB
   objectClass: top
   objectClass: person
   objectClass: organizationalPerson
   objectClass: inetorgperson
   sn: AuthAdmin
   cn: UserDB AuthAdmin
   userPassword: 4serd84uth4dmin
   
   dn: uid=testuser1,ou=users,dc=company,dc=com
   uid: testuser1
   givenName: Test
   objectClass: top
   objectClass: person
   objectClass: organizationalPerson
   objectClass: inetorgperson
   sn: User1
   cn: Test User1
   userPassword: password
   
   dn: uid=testuser2,ou=users,dc=company,dc=com
   uid: testuser2
   givenName: Test
   objectClass: top
   objectClass: person
   objectClass: organizationalPerson
   objectClass: inetorgperson
   sn: User2
   cn: Test User2
   userPassword: password
   

2. Import the LDIF file into the Directory Server-1 server.

   # cd /var/opt/mps/serverroot/shared/bin # ./ldapmodify -h DirectoryServer-1.example.com -p 1489 -D "cn=Directory Manager" -w d1rm4n4ger -a -f /tmp/am-users.ldif adding new entry uid=userdbadmin,ou=users,dc=company,dc=com adding new entry uid=userdbauthadmin,ou=users,dc=company,dc=com

3. Verify that the new users were imported to Directory Server 1 with no errors.

   1. In the Directory Server console,

      Expand Directory Server 1, expand the Server Group, click am-users, and then click Open.

      Click Directory tab, expand the dc=company, dc=com suffix, and then click the users branch

   2. Verify that you can see four new users .