Configuring a Directory Server That is Provisioned With User Data

In this deployment scenario, Sun Java System Directory Server is installed with an existing directory information tree (DIT), but the schema does not include the Sun organization and user naming attributes (that is, the sunISManagedOrganization object class is not in the root suffix).

You installed Access Manager 7.1 on a host server using either of these methods:

• You ran the Java ES installer with the Configure Now option but did not load the DIT into your Directory Server.

• You ran the Java ES installer with the Configure Later option and then ran the amconfig script with DIRECTORY_MODE set to 3 or 4.

In this deployment scenario, you must load the following Access Manager LDIF files into Directory Server:

The Access Manager LDIF files are located in the following directory, depending on your platform:

• Solaris systems: /etc/opt/SUNWam/config/ldif

• Linux and HP-UX systems: /etc/opt/sun/identity/config/ldif

• Windows systems:javaes-install-dir\identity\config\ldif

  javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5.

To Configure the Directory Server Schema For Access Manager

Before You Begin

To modify the Directory Server schema, you must have the appropriate Directory Server administrator privileges and know the administrator password.

To load the LDIF files, use either the Directory Service Control Center (DSCC) or the ldapmodify utility. For information about these options, see Deciding When to Use DSCC and When to Use the Command Line in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.

1. Load the sunone_schema2.ldif and ds_remote_schema.ldif files for the Access Manager schema changes.

2. Load the sunAMClient_schema.ldif and sunAMClient_data.ldif files for the Access Manager client data and schema changes.

3. In the installExisting.ldif file, edit the passwords (userPassword entry) for the following users:

   • puser

   • dsameuser

   • amldapuser

   • amAdmin

   Note: The passwords for puser, dsameuser, and amAdmin and can be the same value, but the password for amldapuser must be a different value.

4. Load the installExisting.ldif file.

5. Add the Directory Server indexes and enable the referential integrity plug-in, as described in the following sections:

   • Indexing Access Manager Attributes in Directory Server

   • Enabling the Directory Server Referential Integrity Plug-in

6. Load the Access Manager services using the amserveradmin script:

   1. Change to the directory where the amserveradmin script is located:

      • Solaris systems: /etc/opt/SUNWam/config/ums

      • Linux systems: /etc/opt/sun/identity/config/ums

   2. Check the umsExisting.xml file and make any changes to the naming attribute values as required for your Directory Server implementation.

   3. Edit the amserveradmin script and replace ums.xml with umsExisting.xml.

   4. Run the amserveradmin script. For example:

      # ./amserveradmin "cn=amadmin,ou=people,dc=example,dc=com" "amadmin_password"

7. Restart the Access Manager web container.

   You should now be able to login to the Access Manager Admin Console.