Thursday, September 3, 2009

nsRole attribute for AM Identitites

Step-1: Create a new user identity testuser1

Step-2: Create a new role identity testrole1

Step-3: Assign testrole1 to testuser1.
Sun AM uses nsRole attribute of DS to store roles for user identity. If you want to verify this, you can do ldapsearch on DS:
ldapsearch -b "dc=red,dc=iplanet,dc=com" -D "cn=Directory Manager" -w -h jackal.red.iplanet.com -p 7389 -s sub "uid=testuser1" nsRole

Step-4: Delete testrole1, then DS takes care of deleting testrole1 DN in testuser1 - nsRole attribute. This works only if Referential integrity plugin is enabled in DS. You can check if referential integrity is enabled or disabled by using:

dsconf get-server-prop -p 7389 -h jackal.red.iplanet.com -D "cn=Directory Manager" -w /opt/pass.txt | grep ref-integrity-enabled

ref-integrity-enabled : on

where dsconf if a tool obtained from DSEE installation. It is available in the following location:
/opt/SUNWdsee/ds6/bin
/opt is the default location of Sun DSEE installation.

Wednesday, September 2, 2009

command to check if referential integrity plugin is enabled on Sun DS?

dsconf get-server-prop -p 389 -h jackal.red.iplanet.com -D "cn=Directory Manager" -w /opt/pass.txt | grep ref-integrity-enabled

where dsconf if a tool obtained from DSEE installation. It is available in the following location:
/opt/SUNWdsee/ds6/bin
where /opt is the default location.