Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

4.6 Creating a Test User

Create a user entry in the replicated Directory Server user data instances for idpuser.

Note –

If you are using an existing user data store, create the appropriate users in it and move on to Chapter 6, Configuring OpenSSO Enterprise Realms for User Authentication.

To Import Test User Data into the Replicated Directory Server Instances

Create an LDIF file for the test user and import the file into ds1.idp-example.com. The test user data will then be replicated to ds2.idp-example.com.

Create an LDIF file with the following entries.

dn: ou=users,dc=company,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
description: Container for user entries

dn: ou=Groups,dc=company,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Groups
description: Container for group entries

dn: uid=idpuser,ou=users,dc=company,dc=com
uid: idpuser
givenName: idp
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetadmin
objectClass: inetorgperson
objectClass: inetUser
sn: user
cn: idp user
userPassword: idpuser
inetUserStatus: Active

Save the file as idp-users.ldif in the /tmp directory.

Import the LDIF file into Directory Server 1 using ldapmodify.

# cd /var/opt/mps/serverroot/dsrk6/bin
# ./ldapmodify -h ds1.idp-example.com -p 1489 
 -D "cn=Directory Manager" -w dsmanager 
 -a -f /tmp/idp-users.ldif

adding new entry ou=users,dc=company,dc=com

adding new entry ou=Groups,dc=company,dc=com

adding new entry uid=idpuser,ou=users,dc=company,dc=com

Verify that the new users were imported using ldapsearch.

# ./ldapsearch -h ds1.idp-example.com
 -b "dc=company,dc=com" -p 1489 -D "cn=Directory Manager"
 -w dsmanager "uid=idpuser"

version: 1
dn: uid=idpuser,ou=users,dc=company,dc=com
uid: idpuser
givenName: idp
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetadmin
objectClass: inetorgperson
objectClass: inetUser
sn: user
cn: idp user
userPassword: 
 {SSHA}H5LpB+QLZMoL9SiXzY/DokHKXRclELVy7w25AA==
inetUserStatus: Active

Log out of the ds1.idp-example.com host machine.

(Optional) Verify that the entries were replicated to Directory Server 2 by logging in as a root user to the ds2.idp-example.com host machine and using ldapsearch.

# cd /var/opt/mps/serverroot/dsrk6/bin
# ./ldapsearch -h ds2.idp-example.com
 -b "dc=company,dc=com" -p 1489 -D "cn=Directory Manager"
 -w dsmanager ""

version: 1
dn: dc=company,dc=com
objectClass: top
objectClass: domain
dc: company

dn: ou=users,dc=company,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users
description: Container for user entries

dn: ou=Groups,dc=company,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Groups
description: Container for group entries

dn: uid=idpuser,ou=users,dc=company,dc=com
uid: idpuser
givenName: idp
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetadmin
objectClass: inetorgperson
objectClass: inetUser
sn: user
cn: idp user
userPassword: 
 {SSHA}H5LpB+QLZMoL9SiXzY/DokHKXRclELVy7w25AA==
inetUserStatus: Active

Log out of the ds2.idp-example.com host machine.