Configuration Guide › CA SiteMinder Integration › How to Protect CA Identity Manager with SiteMinder › Install the Web Proxy Server Plug-in › Install the Proxy Plug-In on WebLogic › Configure the Apache Proxy Plug-in

Configure the Apache Proxy Plug-in

Configuring the Apache Proxy Plug-in requires editing the http.conf file.

Follow these steps:

1. Stop the Apache web server after installing a Web Agent on Solaris and copy the mod_wl_20.so file from the following location:

   weblogic_home/server/lib/solaris

   to

   apache_home/modules

2. Edit the http.conf file (located in apache_home/conf) and make the following changes:
   1. Under the load module section, add the following code:

      LoadModule weblogic_module     modules/mod_wl_20.so
      

   2. Edit the server name with the name of the Apache server system.
   3. Add an If block at the end of the file as follows:

      <IfModule mod_weblogic.c>
        WebLogicHost weblogic_server.com
        WebLogicPort 7001
        MatchExpression /iam
        MatchExpression /castylesr5.1.1
      </IfModule>
      

3. Save the http.conf file.
4. Restart the Apache web server.

Configure the SiteMinder Policy Store for CA Identity Manager

As a policy administrator you use the CA Identity Manager Administrative Tools to access the SQL scripts or LDAP schema text to add the IMS schema to the policy store. The identity administrator will have installed these tools in the Admin Tools folder. Follow one of the following procedures to configure the policy store:

Configure a Relational Database

Configure Sun Java Systems Directory Server or IBM Directory Server

Configure Microsoft Active Directory

Configure Microsoft ADAM

Configure CA Directory Server

Configure Novell eDirectory Server

Configure Oracle Internet Directory (OID)

Configure a Relational Database

After configuration, you can use your relational database as a SiteMinder policy store.

Follow these steps:

1. Configure the database as a supported SiteMinder policy store.

   Note: For configuration instructions, see the SiteMinder Policy Server Installation Guide.

2. Run the appropriate script for your database:
   • SQL: C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\policystore-schemas\MicrosoftSQLServer\ims8_mssql_ps.sql
   • Oracle: /opt/CA/IdentityManager/IAM_Suite/Identity_Manager/tools/policystore-schemas/OracleRDBMS/ims8_oracle_ps.sql

   The preceding paths are default installation locations. The location for your installation may be different.

Configure Sun Java Systems Directory Server or IBM Directory Server

To configure a Java or IBM directory server you apply the appropriate schema file.

Follow these steps:

1. Configure the directory as a supported SiteMinder policy store.

   Note: For configuration instructions, see the CA SiteMinder Policy Server Installation Guide.

2. Add the appropriate LDIF schema file to the directory. The default Windows location for the LDIF files is C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\policystore-schemas.

   Adding the following schema files for your directory:

   • IBM Directory Server:

     IBMDirectoryServer\V3.identityminder8

   • Sun Java Systems Directory Server (iPlanet):

     SunJavaSystemDirectoryServer\sundirectory_ims8.ldif

Configure Microsoft Active Directory

To configure a Microsoft Active Directory policy store, you apply the activedirectory_ims8.ldif script.

Follow these steps:

1. Configure the directory as a supported SiteMinder policy store.

   Note: For configuration instructions, see the CA SiteMinder Policy Server Installation Guide.

2. Modify the activedirectory_ims8.ldif schema file as follows:
   1. In a text editor, open the activedirectory_ims8.ldif file. The default Windows location is:

      C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\policystore-schemas\MicrosoftActiveDirectory

   2. Replace all instances of {root} with the root organization for the directory.

      The root organization must match the root organization that you specified when you configured the policy store in the Policy Server Management Console.

      For example, if the root is dc=myorg,dc=com, replace
      dn: CN=imdomainid6,CN=Schema,CN=Configuration,{root} with dn: CN=imdomainid6,CN=Schema,CN=Configuration,dc=myorg,dc=com

   3. Save the file.
3. Add the schema file as described in the documentation for your directory.

Configure Microsoft ADAM

To configure a Microsoft ADAM policy store, you apply the adam_ims8.ldif script.

Follow these steps:

1. Configure the directory as a supported SiteMinder policy store.

   Note: For configuration instructions, see the CA SiteMinder Policy Server Installation Guide.

   Make note of the CN value (the guid).

2. Modify the adam_ims8.ldif schema file as follows:
   1. Open the adam_ims8.ldif\.ldif file in a text editor. The default Windows location is:

      C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\policystore-schemas\MicrosoftActiveDirectory

   2. Replace every cn={guid} reference with the string you found when you configured the SiteMinder policy store in Step 1 of this procedure.

      For example, if the guid string is CN={39BC711D-7F27-4311-B6C0-68FDEE2917B8}, then replace every cn={guid} reference with CN={39BC711D-7F27-4311-B6C0-68FDEE2917B8}.

   3. Save the file.
3. Add the schema file as described in the documentation for your directory.

Configure CA Directory Server

To configure a CA Directory server you create a custom schema file. In the steps that follow, dxserver_home is the directory where CA Directory is installed. The default source location for this file on Windows is C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\policystore-schemas\eTrustDirectory.

Follow these steps:

1. Configure the directory as a supported SiteMinder policy store.

   Note: For configuration instructions, see the CA SiteMinder Policy Server Installation Guide.

2. Copy etrust_ims8.dxc to dxserver_home\config\schema.
3. Create a custom schema configuration file as follows:
   1. Copy the dxserver_home\config\schema\default.dxg to dxserver_home\config\schema\company_name-schema.dxg.
   2. Edit the dxserver_home\config\schema\company_name-schema.dxg file by adding the following lines to the bottom of the file:

      # Identity Manager Schema
      source "etrust_ims8.dxc";
      

4. Edit the dxserver_home\bin\schema.txt file by adding the contents of etrust_ims_schema.txt to the end of the file. The default source location for this file on Windows is C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\policystore-schemas\eTrustDirectory.
5. Create a custom limits configuration file as follows:
   1. Copy the dxserver_home\config\limits\default.dxc to dxserver_home\config\limits\company_name-limits.dxc.
   2. Increase the default size limit to 5000 in the dxserver_home\config\limits\company_name-limits.dxc file as follows:

      set max-op-size=5000
      

      Note: Upgrading CA Directory overwrites the limits.dxc file. Therefore, make sure that you reset max-op-size to 5000 after the upgrade is completed.

6. Edit the dxserver_home\config\servers\dsa_name.dxi as follows:

   # schema
   source "company_name-schema.dxg";
   
   #service limits
   source "company_name-limits.dxc";
   

   where dsa_name is the name of the DSA using the customized configuration files.

7. Run the dxsyntax utility.
8. Stop and restart the DSA as the dsa user to make the schema changes take effect, as follows:

   dxserver stop dsa_name
   dxserver start dsa_name
   

Configure Novell eDirectory Server

To configure a Novell eDirectory Server policy store, you apply the novell_ims8.ldif script.

Follow these steps:

1. Configure the directory as a supported SiteMinder policy store.

   Note: For configuration instructions, see the CA SiteMinder Policy Server Installation Guide.

2. Find the Distinguished Name (DN) of the NCPServer for your Novell eDirectory Server by entering the following information in a command window on the system where the Policy Server is installed:

   ldapsearch -h hostname -p port -b container -s sub 
   -D admin_login -w password objectClass=ncpServer dn
   

   For example:

   ldapsearch -h 192.168.1.47 -p 389 -b "o=nwqa47container" -s sub -D "cn=admin,o=nwqa47container" -w password objectclass=ncpServer dn
   

3. Open the novell_ims8.ldif file.
4. Replace every NCPServer variable with the value you found in Step 2.

   The default location for novell_ims8.ldif on Windows is:

   C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\policystore-schemas\NovelleDirectory

   For example, if the DN value is cn=servername,o=servercontainer, you would replace every instance of NCPServer with cn=servername,o=servercontainer.

5. Update the eDirectory Server with the novell_ims8.ldif file.

   See the Novell eDirectory documentation for instructions.

Configure Oracle Internet Directory (OID)

To configure an Oracle Internet Directory you update the oracleoid ldif file.

Follow these steps:

1. Configure the directory as a supported SiteMinder policy store.

   Note: For configuration instructions, see the CA SiteMinder Policy Server Installation Guide.

2. Update the Oracle Internet Directory Server with the oracleoid_ims8.ldif file. The default installation location for this file on Window is:

   install_path\policystore-schemas\OracleOID\

   See the Oracle Internet Directory documentation for instructions.

Verify the Policy Store

To verify the policy store, confirm the following points:

• Your Policy Server log does not contain a section of warnings that begins with the following code:

  *** IMS NO SCHEMA BEGIN
  

  This warning appears only if you have installed the Extensions for the SiteMinder Policy Server, but you have not extended the policy store schema.

• The CA Identity Manager objects exist in the policy store database or directory. The CA Identity Manager objects begin with an ims prefix.