test

Sun Java System Federation Manager 7.0 User's Guide

Changing the Default Authentication Module from Flat File to LDAP

By default, users are authenticated by Federation Manager using the flat file with which it is deployed. The authentication component can be reconfigured to retrieve data from most LDAPv3–compliant directory (including Sun Java System Directory Server) rather than the default flat file.

Note –

Although Microsoft Active Directory is an LDAPv3–compliant directory, the procedure has some differences. For more information, see Changing the Default Authentication Module from Flat File to Active Directory.

This section includes the following procedures:

ProcedureTo Set LDAP as the Default Authentication Module for an Organization

  1. Use the following template, modify ROOT SUFFIX to reflect that of the organization.


    <?xml version="1.0" encoding="ISO-8859-1"?>
<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->

<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/iplanet/am/admin/cli/amAdmin.dtd"

<!--  CREATE REQUESTS -->

<Requests>
<OrganizationRequests DN="ROOT SUFFIX">
   <ModifyServiceTemplate serviceName="iPlanetAMAuthService" 
    schemaType="Organization">
     <AttributeValuePair>
       <Attribute name="iplanet-am-auth-org-config" />
         <Value>&lt;AttributeValuePair&gt;&lt;Value&gt;com.sun.identity.
          authentication.modules.ldap.LDAP REQUIRED&lt;/Value&gt;&lt;
          /AttributeValuePair&gt;</Value>
     </AttributeValuePair>
   </ModifyServiceTemplate>
</OrganizationRequests>
</Requests>

  2. Modify the following template to change the administrator's default authentication module to LDAP.


    <?xml version="1.0" encoding="ISO-8859-1"?>
<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->

<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"    
    "jar://com/iplanet/am/admin/cli/amAdmin.dtd">

<!--  CREATE REQUESTS -->

<Requests>
<OrganizationRequests DN="ROOT SUFFIX">
   <ModifyServiceTemplate serviceName="iPlanetAMAuthService"
    schemaType="Organization">
     <AttributeValuePair>
       <Attribute name="iplanet-am-auth-admin-auth-module" />
         <Value>
           &lt;AttributeValuePair&gt;&lt;Value&gt;com.sun.identity.
           authentication.modules.ldap.LDAP REQUIRED&lt;/Value&gt;&lt;
           /AttributeValuePair&gt;
         </Value>
     </AttributeValuePair>
   </ModifyServiceTemplate>
</OrganizationRequests>
</Requests>

  3. Load the modified XML files using amadmin and the format /FederationManager-base/fm/bin/amadmin —u amadmin —w password —i war—staging—directory -t name-of-XML-file.

ProcedureTo Enable an Organization to Use the LDAP Authentication Module

  1. In the Federation Manager Console, select the Organization tab.

  2. Under Organization, select the Authentication tab.

  3. Click Add.

    A list of Authentication Modules is displayed.

  4. Select LDAP from the list and click Next.

  5. Configure the attributes for the LDAP authentication module and click Assign.

  6. Under Organization, select the Authentication tab.

  7. Click the Edit button next to the Core authentication service.

    The Core attributes are displayed.

  8. Add LDAP to the Organization Authentication Modules attribute by holding down the Control key and selecting LDAP.

  9. Click Save.

    LDAP is now enabled as an authentication module for the organization. To authenticate to Federation Manager through the LDAP module, use a URL in the format protocol://host:port/deploy_URI/something?module=LDAP.