Valid for Active Directory user stores
Symptom:
I successfully install CA ControlMinder Enterprise Management. When I log in as the system user that I specified during installation, no tabs appear in the interface.
Solution:
When you install CA ControlMinder Enterprise Management, you provide the following Active Directory parameters:
This problem occurs when the Active Directory search root is in the same node in the directory tree as the DNs (Distinguished Names) for User DN and System User. To fix this problem, specify a search root one or more nodes higher in the directory tree than the DNs for the specified User DN and System User.
Example: The Active Directory Search Root
This example uses the following DNs for User DN and System User:
The following search root is one node higher in the directory tree than the DNs for User DN and System User. If you specify the following search root, CA ControlMinder Enterprise Management successfully installs and tabs appear in the interface:
OU=NFS,OU=ACCOUNTS,DC=EXAMPLE,DC=LAB
The following search root is in the same node in the directory tree as the DNs for User DN and System User. If you specify the following search root, CA ControlMinder Enterprise Management successfully installs but no tabs appear in the interface:
OU=ENTERPRISE,OU=NFS,OU=ACCOUNTS,DC=EXAMPLE,DC=LAB
Example: Set the Active Directory Search Root One Node Higher In the Directory Tree
This example uses the same DNs for User DN and System User as the previous example.
In this example, you specified the following search root when you installed CA ControlMinder Enterprise Management:
OU=ENTERPRISE,OU=NFS,OU=ACCOUNTS,DC=EXAMPLE,DC=LAB
Because this search root is in the same node in the directory tree as the DNs for User DN and System User, you need to specify a search root one node higher in the directory tree.
To set the Active Directory search root one node higher in the directory tree
The Directory Properties dialog appears.
Note: The file name is ac-dir.xml.
<LDAP searchroot="OU=ENTERPRISE,OU=NFS,OU=ACCOUNTS,DC=EXAMPLE,DC=LAB" secure="false"/>
<LDAP searchroot="OU=NFS,OU=ACCOUNTS,DC=EXAMPLE,DC=LAB" secure="false"/>
Note: Because you removed the Enterprise OU (Organizational Unit), this search root is one node higher in the directory tree than the previous search root.
The Update Directory page appears.
The CA Identity Minder Management Console validates the XML file and displays status information in the Directory Configuration Output field.
Note: If you receive a "Failed to Import" error, see the Cannot Import ac-dir.xml Directory Configuration File topic.
The Directories page appears.
The Environment Properties page appears.
The CA Identity Minder Management Console restarts the environment and applies your changes.
Note: For more information about how to enable and start the CA Identity Minder Management Console, see the Implementation Guide.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|