OpenAM with tomcat6 on Ubuntu 11.04

OpenAM logo

Today I’m not working the netbook, and have the space and memory to put OpenAM in a VirtualBox VM running Ubuntu Server 11.04. So that’s what I did.

Downloaded and unzipped the OpenAM 9.5.2 archive inside the VM image. Then I installed sun-java6-jdk, tomcat6 and tomcat6-admin with apt-get. For Tomcat, I carried out the release notes suggestion about editing the JAVA_OPTS to include -Xmx1024m -XX:MaxPermSize=256m. I also added an admin user with a manager role.

As there is no GUI running in the image, I stopped the VM, and then gave myself access to port 8080 on the guest from port 8080 on the host.

$ VBoxManage modifyvm OpenAM --natpf1 "openamweb,tcp,,8080,,8080"

That way I could deploy and configure OpenAM through the browser on the host. Deployment of the .war went smoothly.

After that I ran into an issue that confused me. As I installed Tomcat from apt-get rather than downloading it from Apache, the user running Tomcat is tomcat6. That user has access to places in /var/lib/tomcat6/webapps where OpenAM was deployed. Yet the configure step complained it could not write to /usr/share/tomcat6$HOME for tomcat6 according to /etc/passwd.

A link in the resulting error page sent me to an explanation about changing the configuration.dir value in /var/lib/tomcat6/webapps/openam/WEB-INF/classes/bootstrap.properties. So I created a configuration directory where tomcat6 could already write, and edited the file. But I actually ended up running sudo chmod 777 /usr/share/tomcat6 to allow the configuration process to proceed. Not that the process seems to have written anything to /usr/share/tomcat6.

(Surely there’s a better way.)

One more note: 9.5.2 seems to be missing a patch to the schema for using OpenDJ as an external configuration directory. You must set the single structural objectclass behavior to warn, or accept, rather than reject (the default).