To Create a New LDAPv3-compliant User Data Store Using the OpenSSO Administration Console

1. Log in to the OpenSSO administration console.

2. Click Access, Top-level Realm, and Data Stores.

3. On the Data Stores tab, click the Generic LDAP v3 user data store.

4. On the Generic LDAP v3 data store page, add the LDAP User object classes and attributes.

   1. If they do not already exist, add the following LDAP User Object Classes:

      inetadmin inetorgperson inetUser iplanet-am-managed-person iplanet-am-user-service iPlanetPreferences organizationalPerson person sunFederationManagerDataStore sunFMSAML2NameIdentifier sunIdentityServerLibertyPPService top

   2. If they do not already exist, add the following LDAP User Attributes:

      adminRole authorityRevocationList caCertificate cn distinguishedName dn ds-pwp-account-disabled employeeNumber facsimileTelephoneNumber givenName homePhone homePostalAddress inetUserHttpURL inetUserStatus iplanet-am-auth-configuration iplanet-am-session-add-session-listener-on-all-sessions iplanet-am-session-destroy-sessions iplanet-am-session-get-valid-sessions iplanet-am-session-max-caching-time iplanet-am-session-max-idle-time iplanet-am-session-max-session-time iplanet-am-session-quota-limit iplanet-am-session-service-status iplanet-am-static-group-dn iplanet-am-user-account-life iplanet-am-user-admin-start-dn iplanet-am-user-alias-list iplanet-am-user-auth-config iplanet-am-user-auth-modules iplanet-am-user-failure-url iplanet-am-user-federation-info iplanet-am-user-federation-info-key iplanet-am-user-login-status iplanet-am-user-password-reset-force-reset iplanet-am-user-password-reset-options iplanet-am-user-password-reset-question-answer iplanet-am-user-success-url mail manager memberOf mobile objectClass pager postalAddress postofficebox preferredlanguage preferredLocale preferredtimezone secretary sn street sunAMAuthInvalidAttemptsData sun-fm-saml2-nameid-info sun-fm-saml2-nameid-infokey sunIdentityMSISDNNumber sunIdentityServerDiscoEntries sunIdentityServerPPAddressCard sunIdentityServerPPCommonNameAltCN sunIdentityServerPPCommonNameCN sunIdentityServerPPCommonNameFN sunIdentityServerPPCommonNameMN sunIdentityServerPPCommonNamePT sunIdentityServerPPCommonNameSN sunIdentityServerPPDemographicsAge sunIdentityServerPPDemographicsBirthDay sunIdentityServerPPDemographicsDisplayLanguage sunIdentityServerPPDemographicsLanguage sunIdentityServerPPDemographicsTimeZone sunIdentityServerPPEmergencyContact sunIdentityServerPPEmploymentIdentityAltO sunIdentityServerPPEmploymentIdentityJobTitle sunIdentityServerPPEmploymentIdentityOrg sunIdentityServerPPEncryPTKey sunIdentityServerPPFacadegreetmesound sunIdentityServerPPFacadeGreetSound sunIdentityServerPPFacadeMugShot sunIdentityServerPPFacadeNamePronounced sunIdentityServerPPFacadeWebSite sunIdentityServerPPInformalName sunIdentityServerPPLegalIdentityAltIdType sunIdentityServerPPLegalIdentityAltIdValue sunIdentityServerPPLegalIdentityDOB sunIdentityServerPPLegalIdentityGender sunIdentityServerPPLegalIdentityLegalName sunIdentityServerPPLegalIdentityMaritalStatus sunIdentityServerPPLegalIdentityVATIdType sunIdentityServerPPLegalIdentityVATIdValue sunIdentityServerPPMsgContact sunIdentityServerPPSignKey telephoneNumber uid userCertificate userPassword

5. Click Save.