Friday, November 13, 2015

ssoadm CLI - Directory Configuration

Using ssoadm CLI to list a server configuration, I found out that the Directory Configuration information is not returned.





If you reference the OpenAM documentation, you would also realize there is no property listed in Servers > Directory Configuration section.




1) Now, for best practice, we would definitely not want to use cn=Directory Manager to bind to OpenDJ. A better approach is to create a service account.  

2) In production, especially when a pair of external OpenDJ is deployed, we would want to add Server2 to point to the 2nd external OpenDJ.




For (1), this can be easily solved by:
a. Create the service account prior to installation & configuration of OpenAM
b. In the OpenAM configuration file,

DATA_STORE=dirServer
DIRECTORY_SSL=SIMPLE
:
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=password

Change DS_DIRMGRDN and  DS_DIRMGRPASSWD to the service account.

For (2), I have no idea how to script this. For now, I would have to manually add in via OpenAM Administration console.

Technically, I know this Directory Configuration is stored as XML in one of the LDAP attributes. Is this the challenge in not able to add/retrieve the information? I do not know.


Less than ideal.

.

2 comments:

  1. See ssoadm get-svrcfg-xml and set-svrcfg-xml. Not quite the easiest way to script things, but hey, you can always raise RFEs in JIRA :)

    ReplyDelete
  2. Hey, it works! But of course, painful. And prone to error since it's XML. I'm not inclined to recommend this method to customers though. :)

    Ok, will raise a RFEs when I'm free up from this project.

    ReplyDelete