Previous Topic: Create a Directory for CA Directory

Next Topic: Start CA ControlMinder Enterprise Management

Implementation GuideInstalling the Enterprise Management ServerHow to Install the Enterprise Management Server ComponentsConfiguring the Enterprise Management Server for SUN ONE and CA DirectoryCreate an Environment for CA Directory

Create an Environment for CA Directory

Valid on Windows

After you create and configure the directory settings for CA Directory, you create an environment. An environment is a view of the user store. In an environment you manage users, groups, organizations, tasks and roles.

Note: The JBoss application server service automatically starts during Windows startup and if an environment does not exist, one is created. We recommend that you disable the automatic service startup. If the environment exists, delete it before you create the environment for CA Directory.

Before you create the environment, you must define the system manager account in CA Directory.

Important! Verify that you do not define the system manager account directly under the search root Organization Unit (OU) rather, under an Organization Unit that is located under the search root. For example, if the search root you defined is dc=company, dc-com, create the system manager account under the Users OU as follows: uid=Sysmanager,ou=Users,dc=company,dc=com

Note: For multiple domains support, define the user full DN

Follow these steps:

  1. Open the CA Identity Manager Management Console, select Environments, then select New.

    The new environment screen appears.

  2. Enter ac-env as the name of the environment, provide a description and enter ac as the public URL alias, then click Next.

    A screen appears displaying a list of available directories.

  3. Select CA Directory to associate with this environment, then click Next.
    1. (Optional) Select the directory to use as the provisioning directory for this environment, then click Next.
    2. (Optional) Specify the user account to authenticate anonymous connections with, then select Validate.

      CA Identity Manager Management Console validates the user account.

  4. Click Next to continue.
  5. Select Import Roles from File and use Browse to locate the file ac-RoleDefinitions_CADir_EN.xml, click Next.
  6. Specify the user manager account, select Add and then select Next.

    Note: For multiple domains support, specify the user full DN

    A summary screen opens.

    Important! Verify that the user manager account exists in the directory.

  7. Review the summary and click FInish.

    CA Identity Manager Management Console creates the environment

  8. Select Environments, ac-env, Advanced Settings, then click Import.

    The Import Settings window opens.

    1. Browse to the directory where you saved the ac-environmentSettings.xml file, select it, then click Finish.

      CA Identity Manager Management Console creates the environment.

  9. Select Continue then select Start.

    The environment starts up.

  10. Select Environments, ac-env, Advanced Settings, Workflow.

    The workflow properties windows opens

    1. Check the box next to the Enabled property to enable workflow and then click save.

      CA Identity Manager Management Console applies the changes to the environment.

  11. Select Environments, ac-env, System Manager.

    The System Manager windows opens.

    1. Specify the system manager user account, then select Validate.

      CA Identity Manager Management Console displays the system manager account properties.

    2. Select Next, Finish.

      CA Identity Manager Management Console displays the system manager configuration output and specifies errors, if identified.

    3. Select Continue.
  12. In the Status field, select Restart.

    CA Identity Manager Management Console restarts the environment.

  13. Restart the JBoss application server.
  14. Open a Command Prompt window and navigate to the bin directory.
  15. Run the following command to execute the CredentialSender: 
    CredentialsSender cn=root,dc=etasa dc=im,dc=etasa <communication_password> CA Portal <yes|no>

    For example:CredentialSecder cn=root,dc=etasa,dc=im,dc=esata password 20411 yes

You have defined CA ControlMinder Enterprise Management to use CA Directory. You can now log in to CA ControlMinder Enterprise Management.