To Create a New LDAPv3-Compliant User Data Store at the Command Line
The ssoadm command line tool must already be configured in the OpenSSO server.
-
Log into the OpenSSO host.
-
Download the text from Example 9–1 to a local file named datastore_opends_attrs.txt on you system. Modify the file as needed for your deployment. Be sure to replace the default OpenDS server name and port number with your OpenDS server name and port number. In the following example, the root suffix is dc=opensso,dc-Java,dc=net
-
Run the following command:
ssoadm create-datastore -m "OpenDS User Store" -t "LDAPv3" -D datastore_opends_attrs.txt -u amadmin -f /tmp/.pass_of_amadmin -e /
The file .pass_of_amadmin contains the amadmin user's password in plain text.
-
(Optional) To use this server as the LDAP authentication data store:
-
Configure the LDAP authentication instance with the bind user cn=ldapuser.
-
Configure the policy configuration service with the bind user cn=ldapuser
For more information, see the Sun OpenSSO Enterprise 8.0 Administration Reference.
-
Example 9–1 Example for LDAPv3-Compliant User Data Store
com.iplanet.am.ldap.connection.delay.between.retries=1000 RequiredValueValidator= sun-idrepo-ldapv3-config-active=Active sun-idrepo-ldapv3-config-auth-naming-attr=uid sun-idrepo-ldapv3-config-authenticatable-type=User sun-idrepo-ldapv3-config-authid=cn=openssouser,ou=opensso adminusers,dc=opensso,dc=java,dc=net sun-idrepo-ldapv3-config-authpw=amsecret12 sun-idrepo-ldapv3-config-cache-enabled=false sun-idrepo-ldapv3-config-cache-size=10240 sun-idrepo-ldapv3-config-cache-ttl=600 sun-idrepo-ldapv3-config-connection_pool_max_size=10 sun-idrepo-ldapv3-config-connection_pool_min_size=1 sun-idrepo-ldapv3-config-createuser-attr-mapping=cn sun-idrepo-ldapv3-config-createuser-attr-mapping=sn sun-idrepo-ldapv3-config-dftgroupmember= sun-idrepo-ldapv3-config-errorcodes=80 sun-idrepo-ldapv3-config-errorcodes=81 sun-idrepo-ldapv3-config-errorcodes=91 sun-idrepo-ldapv3-config-filterrole-attributes= sun-idrepo-ldapv3-config-filterrole-objectclass= sun-idrepo-ldapv3-config-group-attributes=cn sun-idrepo-ldapv3-config-group-attributes=description sun-idrepo-ldapv3-config-group-attributes=dn sun-idrepo-ldapv3-config-group-attributes=iplanet-am-group-subscribable sun-idrepo-ldapv3-config-group-attributes=objectclass sun-idrepo-ldapv3-config-group-attributes=ou sun-idrepo-ldapv3-config-group-attributes=uniqueMember sun-idrepo-ldapv3-config-group-container-name=ou sun-idrepo-ldapv3-config-group-container-value=groups sun-idrepo-ldapv3-config-group-objectclass=groupofuniquenames sun-idrepo-ldapv3-config-group-objectclass=iplanet-am-managed-group sun-idrepo-ldapv3-config-group-objectclass=iplanet-am-managed-static-group sun-idrepo-ldapv3-config-group-objectclass=top sun-idrepo-ldapv3-config-groups-search-attribute=cn sun-idrepo-ldapv3-config-groups-search-filter=(objectclass=groupOfUniqueNames) sun-idrepo-ldapv3-config-idletimeout=0 sun-idrepo-ldapv3-config-inactive=Inactive sun-idrepo-ldapv3-config-isactive=inetuserstatus sun-idrepo-ldapv3-config-ldap-server=<hostName.domain:portNumber> sun-idrepo-ldapv3-config-max-result=1000 sun-idrepo-ldapv3-config-memberof= sun-idrepo-ldapv3-config-memberurl=memberUrl sun-idrepo-ldapv3-config-nsrole= sun-idrepo-ldapv3-config-nsroledn= sun-idrepo-ldapv3-config-nsrolefilter= sun-idrepo-ldapv3-config-numretires=3 sun-idrepo-ldapv3-config-organization_name=dc=opensso,dc=java,dc=net sun-idrepo-ldapv3-config-people-container-name=ou sun-idrepo-ldapv3-config-people-container-value=people sun-idrepo-ldapv3-config-psearch-filter=(objectclass=*) sun-idrepo-ldapv3-config-psearch-scope=SCOPE_SUB sun-idrepo-ldapv3-config-psearchbase=dc=opensso,dc=java,dc=net sun-idrepo-ldapv3-config-referrals=true sun-idrepo-ldapv3-config-search-scope=SCOPE_ONE sun-idrepo-ldapv3-config-service-attributes= sun-idrepo-ldapv3-config-ssl-enabled=false sun-idrepo-ldapv3-config-time-limit=10 sun-idrepo-ldapv3-config-uniquemember=uniqueMember sun-idrepo-ldapv3-config-user-attributes=adminRole sun-idrepo-ldapv3-config-user-attributes=authorityRevocationList sun-idrepo-ldapv3-config-user-attributes=caCertificate sun-idrepo-ldapv3-config-user-attributes=cn sun-idrepo-ldapv3-config-user-attributes=distinguishedName sun-idrepo-ldapv3-config-user-attributes=dn sun-idrepo-ldapv3-config-user-attributes=employeeNumber sun-idrepo-ldapv3-config-user-attributes=facsimileTelephoneNumber sun-idrepo-ldapv3-config-user-attributes=givenName sun-idrepo-ldapv3-config-user-attributes=homePhone sun-idrepo-ldapv3-config-user-attributes=homePostalAddress sun-idrepo-ldapv3-config-user-attributes=inetUserHttpURL sun-idrepo-ldapv3-config-user-attributes=inetUserStatus sun-idrepo-ldapv3-config-user-attributes=iplanet-am-auth-configuration sun-idrepo-ldapv3-config-user-attributes=iplanet-am-session-add-session-listener-on-all-sessions sun-idrepo-ldapv3-config-user-attributes=iplanet-am-session-destroy-sessions sun-idrepo-ldapv3-config-user-attributes=iplanet-am-session-get-valid-sessions sun-idrepo-ldapv3-config-user-attributes=iplanet-am-session-max-caching-time sun-idrepo-ldapv3-config-user-attributes=iplanet-am-session-max-idle-time sun-idrepo-ldapv3-config-user-attributes=iplanet-am-session-max-session-time sun-idrepo-ldapv3-config-user-attributes=iplanet-am-session-quota-limit sun-idrepo-ldapv3-config-user-attributes=iplanet-am-session-service-status sun-idrepo-ldapv3-config-user-attributes=iplanet-am-static-group-dn sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-account-life sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-admin-start-dn sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-alias-list sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-auth-config sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-auth-modules sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-failure-url sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-federation-info sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-federation-info-key sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-login-status sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-password-reset-force-reset sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-password-reset-options sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-password-reset-question-answer sun-idrepo-ldapv3-config-user-attributes=iplanet-am-user-success-url sun-idrepo-ldapv3-config-user-attributes=mail sun-idrepo-ldapv3-config-user-attributes=manager sun-idrepo-ldapv3-config-user-attributes=memberOf sun-idrepo-ldapv3-config-user-attributes=mobile sun-idrepo-ldapv3-config-user-attributes=ds-pwp-account-disabled sun-idrepo-ldapv3-config-user-attributes=objectClass sun-idrepo-ldapv3-config-user-attributes=pager sun-idrepo-ldapv3-config-user-attributes=postalAddress sun-idrepo-ldapv3-config-user-attributes=postofficebox sun-idrepo-ldapv3-config-user-attributes=preferredlanguage sun-idrepo-ldapv3-config-user-attributes=preferredLocale sun-idrepo-ldapv3-config-user-attributes=preferredtimezone sun-idrepo-ldapv3-config-user-attributes=secretary sun-idrepo-ldapv3-config-user-attributes=sn sun-idrepo-ldapv3-config-user-attributes=street sun-idrepo-ldapv3-config-user-attributes=sun-fm-saml2-nameid-info sun-idrepo-ldapv3-config-user-attributes=sun-fm-saml2-nameid-infokey sun-idrepo-ldapv3-config-user-attributes=sunAMAuthInvalidAttemptsData sun-idrepo-ldapv3-config-user-attributes=sunIdentityMSISDNNumber sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerDiscoEntries sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPAddressCard sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPCommonNameAltCN sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPCommonNameCN sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPCommonNameFN sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPCommonNameMN sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPCommonNamePT sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPCommonNameSN sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPDemographicsAge sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPDemographicsBirthDay sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPDemographicsDisplayLanguage sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPDemographicsLanguage sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPDemographicsTimeZone sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPEmergencyContact sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPEmploymentIdentityAltO sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPEmploymentIdentityJobTitle sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPEmploymentIdentityOrg sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPEncryPTKey sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPFacadegreetmesound sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPFacadeGreetSound sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPFacadeMugShot sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPFacadeNamePronounced sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPFacadeWebSite sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPInformalName sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPLegalIdentityAltIdType sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPLegalIdentityAltIdValue sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPLegalIdentityDOB sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPLegalIdentityGender sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPLegalIdentityLegalName sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPLegalIdentityMaritalStatus sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPLegalIdentityVATIdType sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPLegalIdentityVATIdValue sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPMsgContact sun-idrepo-ldapv3-config-user-attributes=sunIdentityServerPPSignKey sun-idrepo-ldapv3-config-user-attributes=telephoneNumber sun-idrepo-ldapv3-config-user-attributes=uid sun-idrepo-ldapv3-config-user-attributes=userCertificate sun-idrepo-ldapv3-config-user-attributes=userPassword sun-idrepo-ldapv3-config-user-objectclass=inetadmin sun-idrepo-ldapv3-config-user-objectclass=inetorgperson sun-idrepo-ldapv3-config-user-objectclass=inetUser sun-idrepo-ldapv3-config-user-objectclass=iplanet-am-managed-person sun-idrepo-ldapv3-config-user-objectclass=iplanet-am-user-service sun-idrepo-ldapv3-config-user-objectclass=iPlanetPreferences sun-idrepo-ldapv3-config-user-objectclass=organizationalPerson sun-idrepo-ldapv3-config-user-objectclass=person sun-idrepo-ldapv3-config-user-objectclass=sunFederationManagerDataStore sun-idrepo-ldapv3-config-user-objectclass=sunFMSAML2NameIdentifier sun-idrepo-ldapv3-config-user-objectclass=sunIdentityServerLibertyPPService sun-idrepo-ldapv3-config-user-objectclass=top sun-idrepo-ldapv3-config-users-search-attribute=uid sun-idrepo-ldapv3-config-users-search-filter=(objectclass=inetorgperson) sun-idrepo-ldapv3-ldapv3Generic= sunIdRepoAttributeMapping= sunIdRepoClass=com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo sunIdRepoSupportedOperations=group=read,create,edit,delete sunIdRepoSupportedOperations=realm=read,create,edit,delete,service sunIdRepoSupportedOperations=user=read,create,edit,delete,service |
- © 2010, Oracle Corporation and/or its affiliates