Change default ‘new user’ DN

[John]

Hi All!

I was wondering if anyone has ever, or knows how to change the default settings that new users or groups are created with.

Currently, I have a realm with two different datastores, an embedded OpenDJ and a non-embedded OpenDJ. My goal is to have new users saved to the non-embedded datastore with a DN of:
uid=user,ou=people,dc=example,dc=com

I figured out that OpenAM tries to save it to the non-embedded OpenDJ if I remove the embedded one, but it tries to save the new entry into:
uid=user,ou=people,dc=openam,dc=forgerock,dc=org

I’ve looked for this setting everywhere and cannot seem to find it, does anyone have any ideas?

[Andy Cory]

Hi John

How are you creating the users? If you use the self-service REST API or the built-in AM XUI, the entries will be created in the LDAP organisation DN specified in the datastore definition. If you have removed the embedded datastore definition, leaving just your external DJ definition, check that the LDAP organisation DN in the ‘Server Settings’ tab (assuming a recent AM version) in the definition is what you expect. The container (e.g. ou=people) the users will be created in is defined in the ‘User Configuration’ tab of the datastore definition.

(It is best to have only one datastore defined in a realm – the product supports having more than one, but ForgeRock do not recommend doing so.)

-Andy

[John]

Never mind, I just realized what I was doing. I was using a non-administrative port on OpenDJ to do writes, which wasn’t working obviously, and kept looking at the universal ID. But thank you for the explanation Andy, it definitely helped me sort things out!

[Author]

Posts