[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forgerock-openam
Subject:    [OpenAM] Questions with regard to OpenLDAP
From:       bernhard.thalmayr () painstakingminds ! com (Bernhard Thalmayr)
Date:       2012-06-29 15:45:41
Message-ID: 4FEDCDA5.4070902 () painstakingminds ! com
[Download RAW message or body]

Am 6/29/12 1:52 PM, schrieb Isaac Hailperin:
> Hi,
> 
> a few questions:
> 
> * In order to use OpenLDAP as a user store, I need to add some
> attributes and object classes. At least, thats what I learn from [1].
> What are they exactly used for? Do users need these additional
> attributes in order to be authenticated? or authorized, or ...?

These attributes (and objectclasses) are only needed if you want to use 
specific OpenAM services which have to store their state within th 
idenity object in the data store.

E.G. user-level session timeouts (session services), OpenAM account 
lockout, persistent federation,


> 
> * If I want to use an existing OpenLDAP directory, do I need to change
> it? Just adding the schema, or will all the users need to be modified?
> (i.e. adding attributes from the newly added schema)


You don't need to modify the entries in the data store to let OpenAM 
consume that identity information.

You may adjust the data store config to make OpenAM only consume those 
information needed. The default show every possibly attribute. If you're 
familiar with LDAP this should be straigth forward. If not ...

> 
> * If I have configured OpenAM with OpenLDAP as a user store (I just
> provided the ldap credentials to the OpenDJ Dialog, is that the way to
> go?),

Yes.

However you have to decide with auth-module to use (datastore vs. LDAP 
auth) ... you might be better of with LDAP-auth module.



  where does OpenAM store session data, such as which user has
> gotten wich authorization, or who is authenticated?


  Does that also go
> into OpenLDAP, or is that stored in the config store?

This is OpenAM internal ...

  Would it be
> possible to store this data in an external database such as mysql?

not yet

-Bernhard

> 
> Regards,
> Isaac
> 
> 
> [1]
> http://www.packtpub.com/sites/default/files/0226OS-Chapter-8-Identity-Stores.pdf?utm_source=packtpub&utm_medium=free&utm_campaign=pdf
>  
> _______________________________________________
> OpenAM mailing list
> OpenAM at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam
> 
> 


-- 
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

bernhard.thalmayr at painstakingminds.com - Solution Architect

This e-mail may contain confidential and/or privileged information.If 
you are not the intended recipient (or have received this email in 
error) please notify the sender immediately and delete this e-mail. Any 
unauthorized copying, disclosure or distribution of the material in this 
e-mail is strictly forbidden.


[prev in list] [next in list] [prev in thread] [next in thread]