To Configure Access Manager to Use Roles from the User Data Store (Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover)

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

To Configure Access Manager to Use Roles from the User Data Store

This procedure is not required to make Access Manager work in all scenarios because not all scenarios require role support. The procedure is required in this deployment example because policies are created in later procedures, and the policies will refer to roles.

On the Access Control tab, under Realms, click the users link.

Click the Data Stores tab, and then click the usersLDAP link.

On the Edit Data Store page, in the section “LDAPv3 Plugin Supported Types and Operations,” in the Add field, enter role=read,create,edit,delete, and then click Add.

In the section, “LDAP User Attributes,” in the Add field, enter nsrole, and then click Add.

In the Add field, enter nsroledn, and then click Add.

Click Save.

Edit the Top-Level Realm.

Click Edit Realm.
1. Click Subjects > Role.
  
  Two roles employee and manager are in the Roles list.
2. Click the Users tab, and then click the testuser1 link.
3. Click on the Role tab.
  
  Verify that testuser1 is added to the manager role. The role manager is displayed in the list of selected roles.
4. Click Edit Realm —users, and then click the testuser2 link.
5. Click on the Role tab.
  
  Verify that testuser2 is added to the employee role. The role employee is displayed in the list of selected roles.
6. Click Edit Realm —users, and then click the testuser2 link.