How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I create a user data store in AM (All versions) using ssoadm?

Last updated Jan 16, 2023

The purpose of this article is to provide information on creating a user data store in AM using ssoadm. This is an external identity repository that contains user profiles or identity data (attributes) for users who have authenticated to AM.

4 readers recommend this article

Creating a data store

The properties you can set when creating a data store depend on the data store type you are creating. You can find the equivalent ssoadm attribute names by looking in the documentation for the appropriate data store type: Identity stores.


Please be aware of the following:

  • In AM 6.5.1 and later, the LDAP Server property is now sun-idrepo-ldapv3-config-ldap-server=[0] to allow the servers to be specified in a specific order. In earlier versions, it was sun-idrepo-ldapv3-config-ldap-server.
  • You cannot change the Load Schema or Load schema when saved option via ssoadm when creating a data store, as AM should not amend the directory schema. This is discussed in OPENAM-1853 (Add ssoadm flag to load schema while creating datastore).

You can create a data store via ssoadm as follows:

  1. Create a data file (called DATA_FILE to match the next command) and populate it with the required properties. The attached DATASTORE_DATA_FILE provides all the properties for the DS data store in AM 6.5.1 (with default values); you can use this as a template to create a DS data store.
  2. Enter the following command to create the data store with these settings: $ ./ssoadm create-datastore -e [realmname] -u [adminID] -f [passwordfile] -m [datastoreName] -t [datastoreType] -D DATA_FILEreplacing [realmname], [adminID], [passwordfile], [datastoreName] and [datastoreType] with appropriate values, where [datastoreType] is one of the following values (which correspond to supported data store types):
datastoreType Description
LDAPv3ForAD Active Directory
LDAPv3ForTivoli Tivoli Directory Server
LDAPv3ForAMDS Sun DS with AM schema

Refer to the release notes for a list of supported data stores. For example: Directory server requirements.

See Also

How do I understand what the user data store is used for in AM (All versions)?

How do I make a whole user data store read-only to users in AM (All versions)?

How do I change the data store minimum password length in AM (All versions) using Amster or ssoadm?

Data stores in AM

Related Training


Related Issue Tracker IDs

OPENAM-11912 (LDAPv3 data store type does not handle property 'sun-idrepo-ldapv3-config-auth-kba-attr')

OPENAM-5867 (Data Store LDAP server (admin-ordered) list is reordered by OpenAM)

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.