To Configure the User Data Stores (Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover)

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

Previous: To Configure Access Manager to Use Roles from the User Data Store
Next: 7.5 (Optional) Enabling Access Manager to Manage Users in the Existing User Data Store

To Configure the User Data Stores

Delete the default data store.
1. In the sub-realm users Authentication page, click the Data Stores tab.
2. In the sub-realm users Data Stores page, mark the checkbox for amSDK1, the default data store.
3. Click Delete.

Create a new data store.
1. Click New .
2. In the “Step 1 of 2: Select Type of Data Store” page, set the following attributes:
  
  Name
  
  Enter usersLDAP.
  
  Type
  
  Choose “LDAPv3 Repository Plug-In.”
3. Click Next.
4. In the “Step 2 of 2: New Data Store” page, set the following attributes:
  Primary LDAP Server
  1. In the Add field, enter the hostname and port number for the existing directory. Use the form LoadBalancer-2.example.com:489
  2. Select the default DirectoryServer-1.example.com:1389 , and then click Remove.
  LDAP Bind DN
  
  Enter uid=userdbadmin,ou=users,dc=company,dc=com .
  
  Password for Root User Bind
  
  4serd84dmin
  
  Password for Root User Bind (confirm)
  
  4serd84dmin
  
  LDAP Organization DN
  
  Enter dc=company,dc=com.
  
  LDAP People Container Value
  
  users
  
  When this field is empty, the search for users will start from the root suffix.
  
  Persistent Search Base DN
  
  Enter dc=company,dc=com.
  These values were imported into the user data store in a previous task. See To Import Users into the User Data Store.
5. Click Finish and log out of the Access Manager console.

Restart each Access Manager server for the changes to take place.

Log in to each Access Manager host system, and restart the Web Server on each host system.

Verify that in the Access Manager console you can see the users in the external user data store.
1. Go to the Access Manager URL.
  
  http://AccessManager-1.example.com:1080/amserver/UI/Login
2. Log in to the Access Manager console using the following information:
  
  Username
  
  amadmin
  
  Password
  
  4m4dmin1
3. Click on Users Realm.
4. Click on Subjects tab.
  
  You should see three new users: authuiadmin, userdbadmin, and userdbauthadmin.

Verify that a user can successfully authenticate against the new realm.
1. Start a new browser session and log in to Access Manager.
  
  Go to the following URL:
  
  http://AccessManager-1.example.com:1080/amserver/UI/Login?realm=users
  
  The parameter realm=users specifies the new realm to use for authentication. Without the parameter, the default realm is used.
2. On the login page, provide a user login and password from the existing directory.
  
  User Name:
  
  authuiadmin
  
  Password:
  
  4uthu14dmin
  
  You should be able to log in successfully.
  
  If the login is not successful, watch the existing Directory Server access log to troubleshoot the problem.
At this point, a user can log in against the existing Directory Server if he invokes the realm=users parameter. If such a parameter is absent, the default realm is used.

Administrators who want to access the Access Manager console should log in to the default realm.

© 2010, Oracle Corporation and/or its affiliates