test

Sun Java System Access Manager 7.1 Administration Reference

Overview

serverconfig.xml is located in / AccessManager-base /SUNWam/config/ums. It contains the parameters used by the Identity SDK to establish the LDAP connection pool to Directory Server. No other function of the product uses this file. Two users are defined in this file: user1 is a Directory Server proxy user and user2 is the Directory Server administrator.

Proxy User

The Proxy User can take on any user’s privileges (for example, the organization administrator or an end user). The connection pool is created with connections bound to the proxy user. Access Manager creates a proxy user with the DN of cn=puser,ou=DSAME Users,dc=example,dc=com. This user is used for all queries made to Directory Server. It benefits from a proxy user ACI already configured in the Directory Server and, therefore, can perform actions on behalf of a user when necessary. It maintains an open connection through which all queries are passed (retrieval of service configurations, organization information, etc.). The proxy user password is always encrypted. Proxy User illustrates where the encrypted password is located in serverconfig.xml .

Example 7–1 Proxy User In serverconfig.xml


<User name="User1" type="proxy">
<DirDN>
cn=puser,ou=DSAME Users,dc=example,dc=com
</DirDN>
<DirPassword>
AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ
</DirPassword>
</User>

Admin User

dsameuser is used for binding purposes when the Access Manager SDK performs operations on Directory Server that are not linked to a particular user (for example, retrieving service configuration information). Proxy User performs these operations on behalf of dsameuser, but a bind must first validate the dsameuser credentials. During installation, Access Manager creates cn=dsameuser,ou=DSAME Users,dc=example,dc=com . Proxy User illustrates where the encrypted dsameuser password is found in serverconfig.xml .

Example 7–2 Admin User In serverconfig.xml


 <User name="User2" type="admin">
 <DirDN>
 cn=dsameuser,ou=DSAME Users,dc=example,dc=com
 </DirDN>
 <DirPassword>
 AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ
 </DirPassword>
 </User>