Access Management 7.2.2

Set up directory schemas with LDIF

AM installation deploys several LDIF files that can be used to create the schemas required by AM. LDIF files are available for Microsoft Active Directory, Microsoft Active Directory Lightweight Directory Services, Oracle Directory Server Enterprise Edition, ForgeRock Directory Services, Oracle Unified Directory, and IBM Tivoli Directory Server.

The following tables provide descriptions for each LDIF file:

Microsoft Active Directory LDIF Files
LDIF File Description

ad_config_schema.ldif

Obsolete. Active Directory is not supported as a configuration store.

ad_dashboard.ldif

LDIF to support the dashboard service.

ad_deviceprint.ldif

LDIF to support the device print service.

ad_kba.ldif

LDIF to support the User Self-Service’s knowledge-based questions and answers service.

ad_oathdevices.ldif

LDIF to support registered devices for the OATH authentication service.

ad_pushdevices.ldif

LDIF to support registered devices for the PUSH notification service.

ad_user_schema.ldif

LDIF for the user schema.

ad_webauthndevices.ldif

LDIF to support registered devices for the Web Authentication (WebAuthn) authentication service.

Microsoft Active Directory Lightweight Directory Services LDIF Files
LDIF file Description

adam_dashboard.ldif

LDIF to support the dashboard service.

adam_deviceprint.ldif

LDIF to support the device print service.

adam_kba.ldif

LDIF to support the User Self-Service’s knowledge-based questions and answers.

adam_oathdevices.ldif

LDIF to support registered devices for the OATH authentication service.

adam_pushdevices.ldif

LDIF to support registered devices for the PUSH notification service.

adam_user_schema.ldif

LDIF for the user schema.

adam_webauthndevices.ldif

LDIF to support registered devices for the Web Authentication (WebAuthn) authentication service.

Oracle Directory Server Enterprise Edition LDIF Files
LDIF file Description

amsdk_plugin

Folder containg the AM SDK LDIF files: amsdk_init_template.ldif and amsdk_sunone_schema2.ldif.

odsee_config_index.ldif

LDIF for the ODSEE configuration indexes.

odsee_config_schema.ldif

LDIF for the ODSEE configuration schema.

odsee_dashboard.ldif

LDIF to support the dashboard service.

odsee_deviceprint.ldif

LDIF to support the device print service.

odsee_kba.ldif

LDIF to support the User Self-Service’s knowledge-based questions and answers.

odsee_oathdevices.ldif

LDIF to support registered devices for the OATH authentication service.

odsee_pushdevices.ldif

LDIF to support registered devices for the PUSH notification service.

odsee_user_index.ldif

LDIF for the user respository indexes.

odsee_user_schema.ldif

LDIF for the user repository schema.

odsee_userinit.ldif

LDIF for the setting up user session initialization.

odsee_webauthndevices.ldif

LDIF to support registered devices for the Web Authentication (WebAuthn) authentication service.

DS LDIF Files
LDIF file Description

oath_2fa.ldif

LDIF for the OATH two-factor authentication service.

opendj_aci_lift_user_password_restriction.ldif

LDIF to add an ACI entry to the root suffix to allow users to modify the user password attribute.

opendj_aci_remove_blanket_deny_all.ldif

LDIF to lift any user password restrictions for upgrade.

opendj_add_kba_attempts.ldif

LDIF to upgrade a user data store from a version earlier than AM 6 to support account lockout when the user fails to answer their security questions a number of times.

opendj_config_schema.ldif

LDIF for the DS configuration schema.

opendj_dashboard.ldif

LDIF to support the dashboard service.

opendj_deviceprint.ldif

LDIF to support the device print service.

opendj_deviceprofiles.ldif

LDIF to support storage of device information, collected by the SDK device authentication nodes.

Apply this LDIF if you intend to use the ForgeRock SDK for device profiling.

opendj_embinit.ldif

LDIF for the DS user management and SMS/configuration datastore schema for evaluation (embedded DS) deployments.

opendj_kba.ldif

LDIF to support the User Self-Service’s knowledge-based questions and answers.

opendj_oathdevices.ldif

LDIF to support registered devices for the OATH authentication service.

opendj_pushdevices.ldif

LDIF to support registered devices for the PUSH notification service.

opendj_remove_config_schema.ldif

LDIF to remove the configuration schema.

opendj_remove_user_schema.ldif

LDIF to remove the user schema.

opendj_retry_limit_node_count.ldif

LDIF to upgrade the identity store to support persisting failed login attempts to the user’s profile when using the Retry Limit Decision node.

There are no equivalent files for other supported directory servers. Adapt the contents of the opendj_retry_limit_node_count.ldif file to work with your directory server.

opendj_uma_audit.ldif

LDIF to add auditing capabilities for the UMA service.

opendj_uma_labels_schema.ldif

LDIF to add a schema for the UMA service labels.

opendj_uma_pending_requests.ldif

LDIF to add pending requests for the UMA service.

opendj_uma_resource_set_labels.ldif

LDIF to support labels for UMA resources.

opendj_uma_resource_sets.ldif

LDIF to support UMA resources.

opendj_update_aci_kba_attempts.ldif

LDIF to upgrade a user data store from a version earlier than AM 6 to support account lockout when the user fails to answer their security questions a number of times.

opendj_user_index.ldif

LDIF for the user respository indexes.

opendj_user_schema.ldif

LDIF for the user repository schema.

opendj_userinit.ldif

LDIF for the setting up user session initialization.

opendj_webauthndevices.ldif

LDIF to support registered devices for the Web Authentication (WebAuthn) authentication service.

push_2fa.ldif

LDIF for the push two-factor authentication service. Not required if you installed DS 7.1 or later by using the am-identity-store setup profile.

Tivoli LDIF Files
LDIF file Description

tivoli_dashboard.ldif

LDIF to support the dashboard service.

tivoli_deviceprint.ldif

LDIF to support the device print service.

tivoli_kba.ldif

LDIF to support the User Self-Service’s knowledge-based questions and answers.

tivoli_oathdevices.ldif

LDIF to support registered devices for the OATH authentication service.

tivoli_pushdevices.ldif

LDIF to support registered devices for the PUSH notification service.

tivoli_user_schema.ldif

LDIF for the user repository schema.

tivoli_webauthndevices.ldif

LDIF to support registered devices for the Web Authentication (WebAuthn) authentication service.

Copyright © 2010-2024 ForgeRock, all rights reserved.