Sun Java System Access Manager 7.1 Postinstallation Guide

Configuring a Directory Server That is Provisioned With User Data

In this deployment scenario, Sun Java System Directory Server is installed with an existing directory information tree (DIT), but the schema does not include the Sun organization and user naming attributes (that is, the sunISManagedOrganization object class is not in the root suffix).

You installed Access Manager 7.1 on a host server using either of these methods:

In this deployment scenario, you must load the following Access Manager LDIF files into Directory Server:

LDIF File 


sunone_schema2.ldif and ds_remote_schema.ldif

Access Manager schema changes 

sunAMClient_schema.ldif and sunAMClient_data.ldif

Access Manager client data and schema changes 


Access Manager entries 

The Access Manager LDIF files are located in the following directory, depending on your platform:

ProcedureTo Configure the Directory Server Schema For Access Manager

Before You Begin

To modify the Directory Server schema, you must have the appropriate Directory Server administrator privileges and know the administrator password.

To load the LDIF files, use either the Directory Service Control Center (DSCC) or the ldapmodify utility. For information about these options, see Deciding When to Use DSCC and When to Use the Command Line in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.

  1. Load the sunone_schema2.ldif and ds_remote_schema.ldif files for the Access Manager schema changes.

  2. Load the sunAMClient_schema.ldif and sunAMClient_data.ldif files for the Access Manager client data and schema changes.

  3. In the installExisting.ldif file, edit the passwords (userPassword entry) for the following users:

    • puser

    • dsameuser

    • amldapuser

    • amAdmin

    Note: The passwords for puser, dsameuser, and amAdmin and can be the same value, but the password for amldapuser must be a different value.

  4. Load the installExisting.ldif file.

  5. Add the Directory Server indexes and enable the referential integrity plug-in, as described in the following sections:

  6. Load the Access Manager services using the amserveradmin script:

    1. Change to the directory where the amserveradmin script is located:

      • Solaris systems: /etc/opt/SUNWam/config/ums

      • Linux systems: /etc/opt/sun/identity/config/ums

    2. Check the umsExisting.xml file and make any changes to the naming attribute values as required for your Directory Server implementation.

    3. Edit the amserveradmin script and replace ums.xml with umsExisting.xml.

    4. Run the amserveradmin script. For example:

      # ./amserveradmin "cn=amadmin,ou=people,dc=example,dc=com" "amadmin_password"
  7. Restart the Access Manager web container.

    You should now be able to login to the Access Manager Admin Console.