5.2 Migrating Federation Manager 1 User Data from Flat Files to Directory Servers

Use the following as your checklist for migrating Federation Manager 1 user data from flat files to Directory Servers:

To Load SAMLv2 Users Schema into the Directory Servers

The Federation Manager LDIF files are located in the following directory:

/opt/SUNWam/saml2/ldif

The file ./saml2_sds_schema.ldif is for use with Sun Directory Server. The file saml2_ad_schema.ldif is for use with Microsoft Active Directory.

Load the Federation Manager schema into the Directory Servers.
# cd /opt/SUNWam/saml2/ldif # ldapmodify -D "cn=Directory Manager" -w 11111111 -h LoadBalancer-8.siroe.com -p 1389 -f saml2_sds_schema.ldif
The ldapmodify utility loads the object classes and user attributes required for Federation Manager users into the Directory Server schema.

On each of the Directory Server hosts, you can watch the error logs for LDIF errors.
# cd /var/opt/mps/serverroot/slapd-fm-users/logs # tail -f errors

Create the amadmin suffix in the Directory Server.

Create a file named amadminusers.ldif with the following entries:

dn: ou=People,o=siroeusers.com
    changetype: add
    objectClass: top
    objectClass: organizationalunit

    dn: uid=amAdmin,ou=People,o=siroeusers.com
    changetype: add
    objectclass: inetuser
    objectclass: inetorgperson
    objectclass: organizationalperson
    objectclass: person
    objectclass: top
    objectClass: iPlanetPreferences
    objectclass: inetAdmin
    inetuserstatus: Active
    cn: amAdmin
    sn: amAdmin
    userPassword: 11111111
        dn:o=siroeusers.com
    changetype:modify
    add:aci
    aci: (target="ldap:///*ou=People,o=siroeusers.com")
         (targetattr = "*") (version 3.0; 
          acl "S1IS Top-level Admin Role access allow"; 
          allow (all) userdn = "ldap:///uid=amAdmin,ou=People,
          o=siroeusers.com";)

This LDIF creates a People container and the suffix o=siroeusers.com.

Use the ldapmodify utility to load amadminusers.ldif into the Directory Servers.

# ldapmodify -D "cn=Directory Manager" -w 11111111 
-h LoadBalancer-8.siroe.com -p 1389 -f amadminusers.ldif

To Update the Federation Manager 1 AMConfig.properties File

In the Federation Manager 1 host, go to the directory that contains the file AMConfig.properties:
# cd /var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/classes/

Set the default datastore provider property:

com.sun.identity.common.datastore.provider.default=
com.sun.identity.common.LDAPDataStoreProvider

Save the file.

To Update the Federation Manager 1 serverconfig.xml File

Go to the directory that contains the file serverconfig.xml:
# cd /var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/config

Make a backup of serverconfig.xml, and then modify the following entry.

Modify the host name, port, and user DNs as in the following example:

<ServerGroup name="userdefault" minConnPool="1" 
				maxConnPool="10">
                <Server name="Server1" host="LoadBalancer-8.siroe.com" 
                port="1389" type="SIMPLE" />
                <User name="User1" type="proxy">
                        <DirDN>
                                uid=amadmin,ou=people,o=siroeusers.com
                        </DirDN>
                        <DirPassword>
                                AQICGmG7l+gzO6bjmbDBve/MqicBf/zR2I+P
                        </DirPassword>
                </User>
                <User name="User2" type="admin">
                        <DirDN>
                                uid=amadmin,ou=people,o=siroeusers.com
                        </DirDN>
                        <DirPassword>
                                AQICGmG7l+gzO6bjmbDBve/MqicBf/zR2I+P
                        </DirPassword>
                </User>
                <BaseDN>
                        ou=people,o=siroeusers.com
                </BaseDN>
        				</ServerGroup>

Save the file.

Regenerate the redeploy the Federation Manager 1 WAR file.

See To Regenerate and Redeploy the Federation Manager 1 WAR File in this manual.