Monday Apr 20, 2009
Creating an OpenSSO User Data Store Using Sun Directory Server is Like Riding a Bicycle
My instance of OpenSSO Enterprise Express Build 7 was installed with the option to use the embedded data store as a user data store. This option is for proof-of-concepts only and should not be used in real-time deployments. I wanted to check out some stuff regarding roles and, as the roles portion of OpenSSO only works with an installed Sun Directory Server, I installed Directory Server EE 6.3.
If you haven't installed OpenSSO yet, check out OpenSSO Build 2 and Glassfish: Ready to Go. It's an older entry but still works - despite the old screen shots. Once complete, proceed with the following tasks.- Make a directory named
ds. - Download Directory Server Enterprise Edition (EE) 6.3 into the
dsdirectory. - Decompress the file.
gunzip DSEE.6.3.Solaris-Sparc-full.tar.gz
tar xvf DSEE.6.3.Solaris-Sparc-full.tar
For some reason, executinggunzipandtarwith one command did not work on this compressed file. - Make a directory named
/opt/dsee. - Install the Directory Server EE software into the
/opt/dsdirectory.
/ds/DSEE_ZIP_Distribution/dsee_deploy install -i /opt/dsee - Press Enter until you reach the end of the license agreement.
- Type Yes when asked
Do you accept the license terms?and press Enter to execute. - Make a directory in which to store Directory Server EE instances.
mkdir /opt/dsee/instances - Change to the directory that contains the
dsadmcommand-line interface.
cd /opt/dsee/ds6/bin - Create a new instance of Directory Server.
./dsadm create -p 389 -P 636 /opt/dsee/instances/ example
You will be prompted to enter a password forcn=Directory Manager. - Start the
exampleinstance.
./dsadm start /opt/dsee/instances/example - Create the
dc=example,dc=comsuffix.
./dsconf create-suffix dc=example,dc=com - Type Y to accept the server certificate.
- Enter the Directory Manager password.
In the next steps, you will load the OpenSSO schema and add the Directory Server instance as a user data store with the OpenSSO console.
/Top Level Realm and added the data store to the sub realm.
- Login to the OpenSSO console as the administrator.
- Click the Access Control tab.
- Click New under Realms, enter the appropriate values and click OK to create a sub realm.
- Click the name of the new sub realm.
- Click the Data Stores tab.
- Remove the embedded data store, if applicable.
- Click New under Data Stores.
- Enter a name, select Sun DS with OpenSSO Schema, and click Next.
- Enter the appropriate server information and click OK.
- Use the fully qualified host name as a value for LDAP Server when configuring the data store.
- Set the Persistent Search Scope attribute to SCOPE_SUB as it is the default when you connect to an external LDAP directory during configuration.
- Remove
ouandpeoplefor the LDAP people container naming value and attribute. David wrote "I have no idea of why I had to blank out the 2 people container naming fields. I tried it because I used to have to do it in 7.0/7.1 but I have not had to do it in 8.0." The interesting thing about this tip is the values for those attributes are back. Maybe during restart, the attributes were repopulated?
Posted at 12:15PM Apr 20, 2009 by Michael Teger in Sun | Comments[0]
Comments: