Go the following directory that contains the serverconfig.xml file:
# cd /var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/config/ |
Make a backup of the file serverconfig.xml, and then make the following changes in serverconfig.xml:
In the following entry, change the host name and port number attribute values.:
<iPlanetDataAccessLayer> <ServerGroup name="default" minConnPool="1" maxConnPool="10"> <Server name="Server1" host="LoadBalancer-7.siroe.com" port="389" type="SIMPLE" /> <User name="User1" type="proxy"> <DirDN> uid=amadmin,ou=people,o=siroe.com |
Verify that the following user entries exist in the file:
<User name="User1" type="proxy"> <DirDN> uid=amadmin,ou=people,o=siroe.com </DirDN> <DirPassword> AQICGmG7l+gzO6bjmbDBve/MqicBf/zR2I+P </DirPassword> </User> <User name="User2" type="admin"~ <DirDN> uid=amadmin,ou=people,o=siroe.com </DirDN> <DirPassword> AQICGmG7l+gzO6bjmbDBve/MqicBf/zR2I+P </DirPassword> </User> |
In this deployment example, the proxy user and administrative user have the same DN. In effect, these are the same user. They are both superusers contained in the ou=service branch of the Directory Server. These users have privileges to read, write, and search the Federation Manager configuration. The user amadmin does not exist in the Directory Server at this point.
Add the user amadmin to the Directory Server.
On the Federation Manager 1 host, go to the following directory:
/opt/SUNWam/fm/bin |
Create a file named amadminconfig.ldif with the following entries:
dn=o=siroe.com changetype:modify add:aci dn: ou=People,o=siroe.com changetype: add objectClass: top objectClass: organizationalunit dn: uid=amAdmin,ou=People,o=siroe.com changetype: add objectclass: inetuser objectclass: inetorgperson objectclass: organizationalperson objectclass: person objectclass: top objectClass: iPlanetPreferences objectclass: inetAdmin inetuserstatus: Active cn: amAdmin sn: amAdmin userPassword: 11111111 aci: (target="ldap:///ou=services,*o=siroe.com") (targetattr = "*") (version 3.0; acl "S1IS Top-level Admin Role access allow"; allow (all) userdn = "ldap:///uid=amAdmin,ou=People, o=siroe.com";) |
This LDIF creates a People container and the user amAadmin with the Top-level Admin Role. The user is assigned read, write, and search privileges.
Use the ldapmodify utility to load ./amadminconfig.ldif into the Directory Server 3SP.
# ldapmodify -D "cn=Directory Manager" -w 11111111 -h LoadBalancer-7.siroe.com -f amadminconfig.ldif |