In this deployment example, the new user data store is created within the same Directory Servers as the Access Manager configuration store. In most cases, the new data store would be created in a different Directory Server.
As a root user log in to the Directory Server 1 host.
Run the netstat command to be sure the that the Directory Server administration port is open.
# cd /var/opt/mps/serverroot
# netstat —an | grep 1391
* 1390 *.* 0 0 49152 0 LISTEN
If the administration server is not running, start it now:
# ./start-admin
Start the Directory Server console.
# ./startconsole &
Log in to the Directory Server console using the following information:
cn=Directory Manager
d1rm4n4ger
http://DirectoryServer-1.example.com:1391
Expand the example.com domain, the DirectoryServer-1.example.comnode, and the Server Group object.
You should see three Directory Server objects: an Administration Server, Directory Server (ds-config), and Directory Server (am-config).
Right-click the Server Group object, and choose “Create Instance Of.”
Choose Sun JavaTM System Directory Server.
In the Create New Instance dialog, provide the following information and then click OK:
am-users
1489
dc=company,dc=com
cn=Directory Manager
d1rm4n4ger
d1rm4n4ger
nobody
In the navigation tree, the new instance Directory Server (am-users) is added to the Server Group list.
In the navigation tree, click the Directory Server (am-users) to open its console.
Verify that the Server status indicates “Started.”
Click Open, then click the Directory tab.
In the DirectoryServer-1.example.com:1489 node, you should see the new user data store base suffix dc=company,dc=com .
As a root user log in to the Directory Server 2 host.
Run the netstat command to be sure the that the Directory Server administration port is open.
# cd /var/opt/mps/serverroot
# netstat —an | grep 1391
* 1390 *.* 0 0 49152 0 LISTEN
If the administration server is not running, start it now:
# ./start-admin
Start the Directory Server console.
# ./startconsole &
Log in to the Directory Server console using the following information:
cn=Directory Manager
d1rm4n4ger
http://DirectoryServer-2.example.com:1391
Expand the example.com domain, the DirectoryServer-2.example.comnode, and the Server Group object.
You should see three Directory Server objects: an Administration Server, Directory Server (ds-config), and Directory Server (am-config).
Right-click the Server Group object, and choose “Create Instance Of.”
Choose Sun Java System Directory Server.
In the Create New Instance dialog, provide the following information and then click OK:
am-users
1489
dc=company,dc=com
cn=Directory Manager
d1rm4n4ger
d1rm4n4ger
nobody
In the navigation tree, the new instance Directory Server (am-users) is added to the Server Group list.
In the navigation tree, click the Directory Server (am-users) to open its console.
Verify that the Server status indicates “Started.”
Click Open, then click the Directory tab.
In the DirectoryServer-2.example.com:1489 node, you should see the new user data store base suffix dc=company,dc=com .
You only have to perform these steps on Directory Server 1. With multi-master replication enabled, all changes to the directory are automatically replicated to Directory Server 2.
Log in to the Directory Server 1 console using the following information.
cn=Directory Manager
d1rm4n4ger
http://DirectoryServer-1.example.com:1391
In the navigation pane, expand the example.com suffix, and expand the Server Group objects.
Under Server Group, click the am-usersinstance.
In the am-users console properties page, click Open.
Click the Directory tab,
Select New Instance, and then open the new instance.
Click the Directory tab.
Right click the dc=company, dc=com suffix, and choose “Create a new Organization Unit.”
In the Create New Organizational Unit dialog, in the Name field, enter users, and then click OK.
On the Directory tab, click the dc=company,dc=com suffix. You should see the new users instance in the list.
In this procedure, you create four special accounts for the following users:
The user userdbadmin will be used by the AccessManager servers to connect to the user data store for data management purposes.
The user userdbauthadmin will be used by the AccessManager servers to authenticate users to the user data store.
The user testuser1 will be used to verify that the Policy Agent is configured properly.
The user testuser2 will be used to verify the working of the Policy Agent.
Create an LDIF file named /tmp/am-users.ldif.
The file should contain the following users:
dn: uid=userdbadmin,ou=users,dc=company,dc=com uid: userdbadmin givenName: UserDB objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: Admin cn: UserDB Admin userPassword: 4serd84dmin dn: uid=userdbauthadmin,ou=users,dc=company,dc=com uid: userdbauthadmin givenName: UserDB objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: AuthAdmin cn: UserDB AuthAdmin userPassword: 4serd84uth4dmin dn: uid=testuser1,ou=users,dc=company,dc=com uid: testuser1 givenName: Test objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: User1 cn: Test User1 userPassword: password dn: uid=testuser2,ou=users,dc=company,dc=com uid: testuser2 givenName: Test objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: User2 cn: Test User2 userPassword: password
Import the LDIF file into the Directory Server-1 server.
# cd /var/opt/mps/serverroot/shared/bin # ./ldapmodify -h DirectoryServer-1.example.com -p 1489 -D "cn=Directory Manager" -w d1rm4n4ger -a -f /tmp/am-users.ldif adding new entry uid=userdbadmin,ou=users,dc=company,dc=com adding new entry uid=userdbauthadmin,ou=users,dc=company,dc=com |
Verify that the new users were imported to Directory Server 1 with no errors.