Sun Java System Access Manager 7.1 Postinstallation Guide

Configuring a User Directory on a Directory Server Instance Different From the Access Manager Information Tree Node

In this deployment scenario, the Access Manager information tree is in one Sun Java System Directory Server instance, but the user directory node is in a different Directory Server instance. You want Access Manager to write to user profiles in the user directory node in order to support features such as account locking or account lockout.

In this scenario, the user directory node requires the schema that is installed into the Directory Server instance that contains the Access Manager information tree. Therefore, you must update the schema manually by loading the following two files, in order, into the Directory Server instance that contains the user directory node:

These files are available in the following directory, depending on your platform:

If you are using a directory other than Sun Java System Directory Server to store your users (for example, Microsoft® Active Directory), you must add specific object classes and attributes to that directory schema. For a list of these object classes and attributes, see Appendix B, Access Manager User LDAP Entries.