Two users are defined in serverconfig.xml:
The Proxy User can take on any user's privileges (for example, the organization administrator or an end user). The connection pool is created with connections bound to the proxy user. Federation Manager creates a proxy user with the DN of cn=puser,ou=DSAME Users,dc=example,dc=com. This user is used for all queries made to the LDAPv3–compliant directory. It benefits from a proxy user ACI already configured in the LDAPv3–compliant directory and, therefore, can perform actions on behalf of a user, when necessary. It maintains an open connection through which all queries are passed (retrieval of service configurations, organization information, etc.). The proxy user password is always encrypted.
dsameuser, the administrator user, is used for binding purposes when the Federation Manager SDK performs operations on the LDAPv3–compliant directory that are not linked to a particular user (for example, retrieving service configuration information). The Proxy User performs these operations on behalf of the dsameuser, but a bind must first validate the dsameuser credentials. During installation, Federation Manager creates cn=dsameuser,ou=DSAME Users,dc=example,dc=com.