Determine directories to federate.
On the ISAM appliance navigate to Web Settings->Runtime Component->Manage->Federated Directories.
Note the labels on the listed federated directories
Capture federation configuration section text
On the ISAM appliance navigate to Web Settings->Runtime Component->Manage->Configuration Files->ldap.conf
In the Edit window search for the sections with names like [server:<label>]. These are the sections
required to be copied to the DataPower configuration. Now is a good time to highlight and copy the section text
to your system's scratchpad.
Navigate to LDAP configuration file on DataPower gateway
On the DataPower gateway navigate to the domain with the configured Access Manager Runtime and the navigate to
Objects->Security Access Manager->Access Manager Runtime->Manage Files
Add federation configuration text to LDAP configuration file
Bring up the Edit window for the ldap.conf file by clicking on the Edit… button. Enable editting by clicking the Edit button and
paste the text captured in Step 2 to the bottom of the ldap.conf file.
Update LDAP bind password property
In each of the sections just added to the ldap.conf file there will be a property 'bind-pwd = **obfuscated**'. The bind-pwd
property value has not been copied across from the ISAM appliance. This password value should now be edited into the bind-pw property. It will
correspond to the 'bind-dn' property already in the section.
Now click 'Submit' to finally save the ldap.conf file and then 'Apply' to restart the Access Manager Runtime object.
Transferring federation SSL configuration
Determine the SSL certificate keystore on the ISAM appliance and save it to your local desktop system
The name of the keystore where the federated directory SSL certificates are stored is in Web Settings->Runtime Component->Manage->Federated Directories->SSL Settings
Then look up the keystore in System Settings->SSL Certificates
Now export the keystore artifacts ( a GSKit keydatabase file and associated stash file) which are stored in a zip file.
On your local system access the zip file and extract the actual keydb and stash files
Then upload them into the isamcert:/keytab directory in the isam domain.
Update edit of ldap.conf file ssl-keyfile entry. Stash file name is assumed.
Basic user configuration enhancement
Basic user functionality can be configured associated with federated directory configuration. There is no GUI option on either appliance for configuration of this functionality. Tranfer of configuration from ISAM to DP appliances is done by editing the same entries into the [ldap] section in the ldap.conf files of both appliances. Some 'basic user' properties are included in the federated directory sections that may already have been copied across. These will not be enabled until the 'basic-user-support = yes' entry has been added to the [ldap] section.
Note that for Active Directory based registries there is a special principal attribute that is different to the normal LDAP attribute of 'uid'
Test federation configuration has succeeded.
To check the federation has succeeded access the DataPower command line and change to the domain and ISAM mode.
Use 'list' and 'show' users to see customers via the ISAM on DP module and compare with users seen through
ISAM appliance at Web Settings->Policy Administration