If Federation Manager is working solely against an LDAPv3–compliant directory, you must create two users in the directory with the correct read and write privileges to the ou=services tree: amadmin and dsameuser. See serverconfig.xml Users.
Install Federation Manager according to the instructions in Chapter 2, Installing and Deploying Federation Manager.
Edit the default ServerGroup in the serverconfig.xml file as follows:
Change the host, port, and type attributes of the Server tag to reflect your directory's installation.
Change the DirDN and DirPassword attributes of the User tag in both the proxy and admin entries to reflect an existing user DN and password (encrypted using ampassword). Alternately, you can create a new administrator in the directory. This new user must have read, search, write and delete permission on the ou=services subtree of the directory information tree (DIT) containing the Federation Manager configuration data once the data store has been changed to Open LDAP.
Ensure the proper user permissions have been allocated. This should be done after running fmff2ds.
Change the values of the BaseDN to that of the parent DN containing the configuration data. For example, dc=sun,dc=com.
Edit the AMConfig.properties file as follows:
Change the value of the
com.sun.identity.sm.sms_object_class_name property to
If the DirDN specified in the step
above is different from the default amadmin, you
need to modify the com.sun.identity.authentication.special.users property by adding (or replacing) the specified DN of the
directory's super user. This property may contain a pipe-separated
list of user DNs as in:
AMConfig.properties is located in the /exploded-FM-WAR-directory/WEB-INF/classes directory where exploded-FM-WAR-directory is the directory to which the Federation Manager WAR was deployed.
Run fmff2ds according to the information in Building and Loading LDIF Configuration Data Using fmff2ds.
Restart the web container.
Federation Manager is now communicating with Directory Server.