User Management Specification

The process of deploying the portal service reference configuration establishes an LDAP directory schema and the basic tree structure of the LDAP directory. Before beginning the installation and configuration process, analyze your directory requirements and design a schema and a directory tree structure that supports your application system needs. Preparing a user management specification, in advance, ensures that you have the directory you need after having completed deployment.

LDAP Schema

Installing and configuring the reference configuration components creates a basic LDAP schema, as follows:

• When you install Directory Server, the basic schema is created.

• When you install Access Manager, the basic schema is extended to support Access Manager. (This is sometimes referred to as schema 2 in Access Manager's legacy mode.)

• After you deploy and test your reference configuration, and you begin to add custom content and service channels to your portal, you normally need to extend the LDAP schema further. Depending on the content and services your portal service will provide, you will probably need to add object classes and attributes to the schema. For more information about managing schema to support custom content, see Chapter 11, Directory Server Schema, in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.

Directory Tree

Access Manager introduced a new data structure configuration with Access Manager 7.0. The new realm mode separates configuration data and user data into different repositories, thus supporting different data formats for user data and corresponding interfaces for accessing that data. In contrast to the previous legacy mode, in which both configuration data and user data are stored in a single LDAP directory tree, realm mode enables Access Manager to plug in multiple user repositories, while storing service configuration data in a single realm repository.

The Portal Service on Application Server Cluster reference configuration is based on legacy mode configuration of Access Manager. Legacy mode fully supports Portal Server access to data. In this mode, the Access Manager service and policy configuration data are merged with user data in the same LDAP directory.

However, realm mode can also support Portal Server as long as Access Manager is configured to use the Access Manager SDK datasource plugin that Portal Server uses to access service data in Directory Server. Using Access Manager in realm mode for the reference configuration requires additional configuration to map elements in the realm repository to elements in the user repository. Nevertheless, this realm mode configuration is outside the scope of this reference configuration guide.

Installing and configuring the reference configuration in legacy mode creates a basic LDAP directory tree. Input supplied during the installation and configuration process determines the directory tree root suffix, as follows:

• When you install Directory Server, you specify the directory tree's base suffix.

• When you install Access Manager, you configure it to look for user data under the directory's root suffix.

The procedures in this guide for installing Directory Server create the directory tree structure shown in the following figure.

The root suffix in the figure is shown as dc=pstest,dc=com.

The procedures in this guide use the root suffix shown in Figure 3–2. However, you must specify a root suffix different from dc=pstest,dc=com that is suitable for your organization. For this reason, the procedures in this guide show dc=pstest,dc=com as a variable.

Additional user management specifications are needed to support custom content and service channels in your portal.

Figure 3–2 Basic LDAP Directory Tree for the Reference Configuration