Installing and configuring the Sun Java System Directory Server

We can use a supported version of Sun Java System Directory Server as the user registry for ISAM.

Review the User registry considerations before configuring the Sun Java System Directory Server in the environment:

Basic server installation and configuration as described in the Sun Java™ System Directory Server product documentation. For example, for Sun Java System Directory Server version 7.0, see:

• Installation Guide
• Administration Guide

Then, use the same documentation to create a suffix for ISAM.

Steps

1. Create the location that maintains Security Verify Access data.

   Use the suffix DN of the location; for example: secAuthority=Default.

   The name must be in the relative distinguished name (DN) format and consist of one attribute-value pair. If multiple attribute-value pairs, separate the pairs by commas. The default location is secAuthority=Default. For more information about management domains, and creating a location for the metadata, see:

   • Security Verify Access management domains
   • Management domain location example

2. Change the name of the database when we create a suffix. Attention: Do not accept the default value for the database name when we create a suffix. By default, the location of database files for this suffix is chosen automatically by the server. By default, the suffix maintains only the system indexes. No attributes are encrypted, and replication is not configured. If you accept the default value, the Sun Java Directory Server stores the suffix under the Default database name. Your data is removed when the Sun Java Directory Server is restarted.
3. Ensure the suffix was created. If you chose to create a suffix to maintain user and group data, follow this procedure again to create another suffix either in the default database or in a new database. For example, we might create a suffix that are named o=ibm,c=us in the same database.

4. Complete the appropriate action:

   • If you did not add any suffixes other than the management domain location, configuration is complete. A directory entry for the management domain location is automatically added when the policy server is configured.

   • If we added suffixes other than the location, create directory entries for each new suffix.

5. To enable SSL communication between the Directory Server and Security Verify Access, continue with the remaining steps:
   1. Start the instance of the Sun Java System Directory Server.
   2. Obtain a certificate for the instance and store it in the key database. The certificate can be issued by a certificate authority (CA) or it can be self-signed. The certificate includes a server certificate and a private key. Use the methods that are described in the Sun Java System Directory Server documentation.

   3. Make a note of the secure SSL port number on the server. The default port number is 636.
   4. Obtain the signer certificate. If the certificate is issued by a CA, the server certificate includes a signer certificate. If the certificate is self-signed, the server certificate acts as the signer certificate.
   5. Copy the signer certificate to a temporary directory on the computer where Security Verify Access components are installed and with which we want to enable SSL communication.

What to do next

After we set up the Directory Server for use with ISAM, we can set up the policy server. Use the following values in the configuration:

• Value of LDAP administrator ID for the Sun Directory Server is cn=Directory Manager. The default value for this attribute is cn=root, however, it is not appropriate for the Sun Directory Server.
• Value of LDAP management domain location DN for the Sun Directory Server is a suffix (for example, dc=ibm,dc=isva) created under the directory instance. The default value for this attribute is blank and it is not appropriate for the Sun Directory Server.

Parent topic: User registry server installation