Now we instantiate an authentication module and reconfigure the default ldapService authentication chain to use the new authentication module. Additionally, we will change the realm's User Profile attribute and delete the default authentication module instances. During this procedure, we also change the default user data store to the user data instance previously created.
This procedure assumes you have just completed To Create a Realm and are still logged in to the Access Manager console.
Under the Access Control tab, click the users realm.
Click the Authentication tab.
Click Advanced Properties in the General section.
On the resulting page, change the value of the User Profile attribute to Ignored.
This new value specifies that a user profile is not required by the Authentication Service to issue a token after successful authentication.
Click Save.
The profile is updated.
Click Back to Authentication.
You will return to the users realm Authentication page.
Under Module Instances section, click New.
These next steps instantiate the Data Store authentication module in the users sub-realm.
Under Authentication Chaining, click on the default ldapService chain.
These next steps reconfigure the default ldapService chain to use the new authentication module.
Under Module Instances, mark the checkbox for LDAP and Data Store.
These modules are inherited from the default top-level realm and used to authenticate to the Access Manager configuration data instance of Directory Server. They are no longer needed now that the usersDataStore authentication module instance will be used.
Click Delete
The modules are deleted and the users realm Authentication page is displayed.
Click Save.
Click the Data Stores tab.
Mark the checkbox for amConfigDS.
This is the data store inherited from the parent realm.
Click Delete.
Click New.
On the resulting page, set the following attributes:
usersLDAP
Choose Generic LDAPv3
Click Next.
On the resulting page, set the following attributes:
Enter the hostname and port number for the existing directory in the form LoadBalancer-2.example.com:489 and click Add.
Select the default LoadBalancer-1.example.com:389 and click Remove.
Enter cn=Directory Manager
Enter d1rm4n4ger
Enter d1rm4n4ger
Replace dc=example,dc=com with dc=company,dc=com
Add inetorgperson as a new value.
Replace people with users.
If this field is empty, the search for user entries will start from the root suffix.
Replace dc=example,dc=com with dc=company,dc=com
Click Finish.
Log out of the Access Manager console.