Setting Up Policy and Application Stores.

This section covers setting up policy and application stores in AM.

Setting up a policy and/or application store in AM requires two procedures:

  1. Configuring the connection between AM and the directory server.

    See "To Connect AM to a Policy or Application Store".

  2. Enabling a realm to use the newly configured directory server.

    See "To Enable a Realm to use a Policy or Application Store".

To Connect AM to a Policy or Application Store

Perform the steps in this procedure to add a connection in AM to the policy or application store.

  1. In the AM console, go to Configure > Global Services > External Data Stores.

  2. On the Secondary Configurations tab, click Add a Secondary Configuration.

  3. Complete the form as follows:

    1. In the Name field, provide a name for the data store, for example, myPolicyStore

    2. In the Host Urls field, enter one or more connection strings to the stores to use. The format for each connection string is HOST:PORT, for example policies1.example.com:636.

      AM will use the first connection string in the list, unless the server is unreachable, in which case it will try the subsequent connection strings in the order they are defined.

    3. Enter the Bind DN and Bind Password of the service account AM uses to authenticate to the data store. The account needs sufficient privileges to read and write to the root suffix of the data store.

    4. Specify whether to use SSL and/or Start TLS connectivity to the data store by enabling the relevant option.

    5. Specify whether to access the data stores by using multiple directory instances in an affinity deployment, rather than a single master directory instance using an active/passive deployment.

      If you enable this option, specify each of the directory server instances that form the affinity deployment in the Host Urls field.

  4. To save your changes, click Create.

    AM will attempt to contact the data store using the specified settings. If successful, AM will attempt to make the required schema and structure changes in the data store. If the service account specified by the Bind DN property does not have permissions to alter schema and structure, you will need to manually apply the required settings. See Preparing External Stores.

    If AM was able to contact the data store using the specified settings, the connection is saved and made available for use as a policy or application store.

  5. (Optional) To edit the connection settings to a store, perform the following steps:

    1. On the Secondary Configuration tab, click the name of the data store.

    2. Edit the configuration as required, and then click Save Changes.

  6. (Optional) Repeat the steps above to add any additional policy or application stores.

You can now configure AM to use the new store. See "To Enable a Realm to use a Policy or Application Store".

To Enable a Realm to use a Policy or Application Store

Perform the following steps to configure a realm in AM to use a policy or application store.

Important

Changing the policy or application store will cause any existing policies or applications to become unavailable to the realm.

Either recreate the policies or applications manually, or use Amster to export the existing instances, then import them back after changing the stores.

  1. In the AM console, go to Realms > Realm name > Services.

  2. Configure the External Data Stores service in the realm:

    • If the External Data Stores service has not yet been added to the realm, click Add a Service, and then select External Data Stores.

    • If the External Data Stores service has already been added to the realm, click External Data Stores to edit the configuration.

  3. On the External Data Stores page, select the name of the store to use as the Policy Data Store and/or Application Data Store, and then click Save Changes.

    Note

    If you choose the Default Datastore option for either property, AM will resort to using the configuration data store that was specified during the installation of AM.

    Changes take effect immediately. New policies or applications are created in the relevant data store, if configured.

To Remove a Policy or Application Store

To be able to remove a policy or application store from AM it cannot be in use by any realm.

Perform the following steps to remove an policy or application store from a realm in AM, and delete a store from the AM instance.

  1. For each realm that is using the store, in the AM console, go to Realms > Realm Name > Services > External Data Stores, and change each of the drop-downs to either Default Datastore, or an alternative data store.

    Save your changes.

  2. Navigate to Configure > Global Services > External Data Stores > Secondary Configurations. Click the name of the store to remove, and click the delete icon.

    If the data store is still in use, you will see an error message as follows:

    Unable to modify data store instance because it is referenced by the data store service of realm /Realm Name

    Error message when removing data store.

    If you receive the error, repeat the first step to remove the unwanted store from the listed realm, and then repeat this step.

Read a different version of :