Select a repository
By default, IDM uses an embedded ForgeRock Directory Services (DS) instance for its internal repository. This means that you don’t need to install a database to evaluate the software. Before you use IDM in production, you must replace the embedded DS repository with a supported repository. For supported versions, refer to Supported Repositories:
-
DS repositories do not support storage of audit or workflow data. Do not enable logging to the repository if you are using a DS repository. -
MariaDB
The MySQL repository instructions are also applicable to MariaDB.
You must also decide how IDM should map objects to the tables in a JDBC database or to organizational units in DS:
-
Generic mapping, which allows you to store arbitrary objects without special configuration or administration.
-
Explicit mapping, which maps specific objects and properties to tables and columns in the JDBC database or to organizational units in DS.
By default, IDM uses a generic mapping for user-definable objects, for both a JDBC and a DS repository. A generic mapping speeds up initial deployment, and can make system maintenance more flexible by providing a stable database structure. In a test environment, generic tables let you modify the user and object model easily, without database access, and without the need to constantly add and drop table columns. However, generic mapping does not take full advantage of the underlying database facilities, such as validation within the database and flexible indexing. Using an explicit mapping generally results in a substantial performance improvement. It is therefore strongly advised that you change to an explicit mapping before deploying in a production environment. If you are integrating IDM with AM, and using a shared DS repository, you must use an explicit schema mapping.
IDM provides a sample configuration, for each JDBC repository, that sets up an explicit mapping for the managed user object, and a generic mapping for all other managed objects. This configuration is defined in the files named /path/to/openidm/db/repository/conf/repo.jdbc-repository-explicit-managed-user.json
. To use this configuration, copy the file that corresponds to your repository to your project’s conf/
directory, and rename it repo.jdbc.json
. Run the sample-explicit-managed-user.sql
data definition script (in the path/to/openidm/db/repository/scripts
directory) to set up the corresponding tables when you configure your JDBC repository.
This section describes how to set up IDM to work with each of the supported repositories, and lists the minimum rights required for database installation and operation.
For information about the repository configuration, refer to Store managed objects in the repository. For more information about generic and explicit mappings, refer to Object mappings.