OAM’s default user store is weblogic’s embedded ldap
server which is not a recommended user store for production environment.
After
OAM installation it is suggested to set Oracle Internet Directory as OAM’s
primary identity store.
Steps
to configure OAM to use OID as Identity Store:
1.
Create a group called “Administrators” in OID under dc= <your_domain>,
cn=groups using ODSM
2.
Create a user in OID under dc= <your_domain>, cn=users (This user will be
used to connect to login to oam console)
3.
Add this user to the “Administrator” group in OID. Use ODSM to create
user/group in OID 11g
4.
Login to OAM Console (http://server:7001/oamconsole where 7001 is Weblogic
admin server port on which OAM is deployed)
5.
Click tab “System Configuration” and select User Identity Stores under Data
Source
6.
From Actions -> select Create
7.
Specify OID server location and credentials along with Users and Groups search
base and click on Test Connections
8.
Click Apply when connection is successful
9.
Select newly created User Store from OAM Console and click “Set as System
Store”. Also select “Set as Default Store”
10.
Add the group Administrator that was created in OID to this Identity Store
which will make users under this group to act as ‘admin’ for OAM. Click Apply.
11.
In OAM console under System Configuration tab, go to Access
Manager->Authentication modules–> LDAP Authentication Module.
Double
click LDAP and change identity store to the New System Store value–> Click
Apply
12.
Log out from OAM console and login using newly created user in OID
