Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Configure Access Manager to Manage Users in an Existing User Data Store

  1. Copy Access Manager schema to Directory Server 1.

    1. As a root user log into host DirectoryServer–1.

    2. At the command line, run the following copy command:

      # cp /var/opt/mps/serverroot/slapd-am-config/config/schema/99user.ldif   
  2. Copy Access Manager schema to Directory Server 2.

    1. As a root user, log into host DirectoryServer–2.

    2. At the command line, run the following copy command:

      # cp /var/opt/mps/serverroot/slapd-am-config/config/schema/99user.ldif   
  3. Start the Directory Server 1 console.

    # cd /var/opt/mps/serverroot
    # ./startconsole &
  4. Log in to the Directory Server 1 console using the following information:


    cn=Directory Manager



    Administration URL

  5. Create a new Access Control Instruction (ACI).

    1. In the Directory Server console, in the navigation tree, expand the Server Group object and then click on the am-users instance.

    2. On the Directory Server page for am-users, click Open.

    3. Click the Directory tab.

    4. In the navigation tree, click the dc=company, dc=com suffix.

    5. Double-click the Directory Administrators group.

    6. On the Edit Entry page for Directory Administrators, click Members.

    7. On the Static Group page, click Add.

    8. In the Search dialog, click Search.

    9. In the results list, click the User ID userdbadmin.

      The Member User ID userdbadmin is now added to the Static Group list.

      Click OK.

  6. Set access permissions.

    1. On the Directory tab, in the navigation tree, right— click the dc=company, dc=com suffix, and the select Set Access Permissions.

    2. In the Manage Access Control dialog, click New.

    3. In the Edit ACI dialog, in the ACI name field, enter Directory Administrators.

    4. In the list of Users/Groups, select All Users, and then click Remove.

    5. Click Add.

    6. In the Add Users and Groups, click Search.

    7. In the Search results list, select Directory Administrators, and then click Add.

    8. Click OK.

      The group Directory Administrators group is now displayed in the list of Users/Groups who have access permission.

    9. Click the Target tab.

    10. In the “Target directory entry,” click This Entry.

      The dc=company,dc=com suffix is displayed.

    11. Click OK.

      The Directory Administrators group is displayed in the Manage Access Control dialog.

    12. Click OK, and then log out of Directory Server 1.

  7. Restart both Directory Server 1 and Directory Server 2.

    1. Log in as a root user to the Directory Server 1 host.

      # cd /var/opt/mps/serverroot
      # ./restart
    2. Log in as a root user to the Directory Server 2 host.

      # cd /var/opt/mps/serverroot
      # ./restart

    Tip –

    If you see errors such as the following on the command line:

    [13/Oct/2006:12:43:39 -0700] - ERROR<5895> - Schema  - 
    conn=-1 op=-1 msgId=-1 - 
    User error:  Entry "cn=schema", single-valued attribute 
    "modifyTimestamp" has multiple values   

    then run the following commands:

    # cd config/schema # edit file 98am-schema.ldif 
    # remove the entries:  
    		modifiersName: cn=directory manager    
    		modifyTimestamp: 20060913190551Z 
    # cd ../.. 
    # ./restart-slapd 

  8. Restart both Access Manager 1 and Access Manager 2.

    1. Log in as a root user to the AccessManager-1 host.

      # cd /opt/SUNWwbsvr/https-AccessManager-1
      # ./stop; ./start
    2. Log in as a root user to the AccessManager-2 host.

      # cd /opt/SUNWwbsvr/https-AccessManager-2
      # ./stop; ./start