How do I create a user data store in AM (All versions) using ssoadm?
The purpose of this article is to provide information on creating a user data store in AM using ssoadm. This is an external identity repository that contains user profiles or identity data (attributes) for users who have authenticated to AM.
4 readers recommend this article
Creating a data store
The properties you can set when creating a data store depend on the data store type you are creating. You can find the equivalent ssoadm attribute names by looking in the documentation for the appropriate data store type: Identity stores.
Please be aware of the following:
- In AM 6.5.1 and later, the LDAP Server property is now sun-idrepo-ldapv3-config-ldap-server= to allow the servers to be specified in a specific order. In earlier versions, it was sun-idrepo-ldapv3-config-ldap-server.
- You cannot change the Load Schema or Load schema when saved option via ssoadm when creating a data store, as AM should not amend the directory schema. This is discussed in OPENAM-1853 (Add ssoadm flag to load schema while creating datastore).
You can create a data store via ssoadm as follows:
- Create a data file (called DATA_FILE to match the next command) and populate it with the required properties. The attached DATASTORE_DATA_FILE provides all the properties for the DS data store in AM 6.5.1 (with default values); you can use this as a template to create a DS data store.
- Enter the following command to create the data store with these settings: $ ./ssoadm create-datastore -e [realmname] -u [adminID] -f [passwordfile] -m [datastoreName] -t [datastoreType] -D DATA_FILEreplacing [realmname], [adminID], [passwordfile], [datastoreName] and [datastoreType] with appropriate values, where [datastoreType] is one of the following values (which correspond to supported data store types):
|LDAPv3ForTivoli||Tivoli Directory Server|
|LDAPv3ForAMDS||Sun DS with AM schema|
Refer to the release notes for a list of supported data stores. For example: Directory server requirements.
How do I understand what the user data store is used for in AM (All versions)?
How do I make a whole user data store read-only to users in AM (All versions)?
How do I change the data store minimum password length in AM (All versions) using Amster or ssoadm?
Related Issue Tracker IDs
OPENAM-11912 (LDAPv3 data store type does not handle property 'sun-idrepo-ldapv3-config-auth-kba-attr')
OPENAM-5867 (Data Store LDAP server (admin-ordered) list is reordered by OpenAM)