The following attributes are used to configure an Access Manager Repository plug-in:
Specifies the location of the class file which implements the Access Manager repository plug-in.
Specifies the operations that are permitted to or can be performed on this LDAP server. The default operations that are the only operations that are supported by this LDAPv3 repository plug-in. The following are operations supported by LDAPv3 Repository Plugin:
group — read, create, edit, delete
user — read, create, edit, delete, service
agent — read, create, edit, delete
You can remove permissions from the above list based on your LDAP server settings and the tasks, but you can not add more permissions.
If the configured LDAPv3 Repository plug—in is pointing to an instance of Sun Java Systems Directory Server, then permissions for the type role can be added. Otherwise, this permission may not be added because other data stores may not support roles. The permission for the type 'role' is:
role — read, create, edit, delete
If you have user as a supported type for the LDAPv3 repository, the read, create, edit, and delete service operations are possible for that user. In other words, if user is a supported type, then the read, edit, create, edit, and delete operations allow you to read, edit, create, and delete user entries from the identity repository. The user=service operation lets Access Manager services access attributes in user entries. Additionally, the user is allowed to access the dynamic service attributes if the service is assigned to the realm or role to which the user belongs.
The user is also allowed to manage the user attributes for any assigned service. If the user has service as the operation (user=service), then it specifies that all service-related operations are supported. These operations areassignService, unassignService, getAssignedServices, getServiceAttributes, removeServiceAttributes and modifyService.
Defines the DN that points to an organization in the Directory Server to be managed by Access Manager. This will be the base DN of all operations performed in the data store.
Specifies the naming attribute of the people container if a user resides in a people container. This field is left blank if the user does not reside in a people container.
Specifies the value of the people container. The default is people.
The naming attribute of agent container if the agent resides in a agent container. This field is left blank if the agent does not reside in agent container.
Specifies the value of the agent container. The default is agents.
If enabled, the search performed in the Access Manager repository will conduct a recursive search for the specified identities. For example, a recursive search performed on the following data structure:
root realm1 subrealm11 user5 subrealm12 user6 realm2 user1 user2 subrealm21 user3 user4
will produce the following results:
If a search is performed from the root and no users are defined at this level (aside from amadmin and anonymous), the search will return users 1–6.
If a search is performed from realm1 and no users are defined, the search will return user5 and user6.
If a search is performed from realm2 (two users defined), the search will return users 1–4.
When this attribute is enabled in a realm-mode installation, Access Manager will create an equivalent organization and sub-organization for each realm and sub-realm that exists in the repository. In addition, the services that are registered to the realm/sub-realm will be registered to the new created organization/sub-organization. Both the realm DIT and the organization DIT exist within the datastore.