Using ssoadm CLI to list a server configuration, I found out that the Directory Configuration information is not returned.
If you reference the OpenAM documentation, you would also realize there is no property listed in Servers > Directory Configuration section.
1) Now, for best practice, we would definitely not want to use cn=Directory Manager to bind to OpenDJ. A better approach is to create a service account.
2) In production, especially when a pair of external OpenDJ is deployed, we would want to add Server2 to point to the 2nd external OpenDJ.
For (1), this can be easily solved by:
a. Create the service account prior to installation & configuration of OpenAM
b. In the OpenAM configuration file,
DATA_STORE=dirServer
DIRECTORY_SSL=SIMPLE
:
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=password
Change DS_DIRMGRDN and DS_DIRMGRPASSWD to the service account.
For (2), I have no idea how to script this. For now, I would have to manually add in via OpenAM Administration console.
Technically, I know this Directory Configuration is stored as XML in one of the LDAP attributes. Is this the challenge in not able to add/retrieve the information? I do not know.
Less than ideal.
See ssoadm get-svrcfg-xml and set-svrcfg-xml. Not quite the easiest way to script things, but hey, you can always raise RFEs in JIRA :)
ReplyDeleteHey, it works! But of course, painful. And prone to error since it's XML. I'm not inclined to recommend this method to customers though. :)
ReplyDeleteOk, will raise a RFEs when I'm free up from this project.