Installation GuidesPolicy Server Installation GuideConfiguring LDAP Directory Servers as a Policy or Key StoreCA Directory as a Policy StoreHow to Configure the Policy Store › Create the Policy Store Schema

Previous Topic: Create a DSA for the Policy Store

Next Topic: Open the DSA
Create the Policy Store Schema

You create the policy store schema so the directory server can function as a policy store and store SOA Security Manager objects.

Important! By default, CA Directory configuration files are read–only. Any CA Directory files that you are instructed to modify, must be updated for write permission. Once the files are updated, you can revert the permission to read–only.

To create the Policy Store schema

  1. Copy the following files into the CA Directory DXHOME\config\schema directory:
    DXHOME

    Specifies the Directory Server installation path.

    Note: The netegrity.dxc file is installed with the Policy Server in policy_server_home\eTrust. The etrust.dxc file is installed with the Policy Server in siteminder_home\xps\db.

    siteminder_home

    Specifies the policy server installation path.

  2. Create a new SOA Security Manager schema file by copying the default.dxg schema file and renaming it.

    Note: The default.dxg schema file is located in DXHOME\config\schema\default.dxg.

    Example: copy the default.dxg schema file and rename the copy to smdsa.dxg

  3. Add the following lines to the bottom of the new SOA Security Manager schema file: 
    #CA Schema

    source "netegrity.dxc";

    source "etrust.dxc";
  4. Edit the DSA's DXI file (DSA_Name.dxi) by changing the schema from default.dxg to the new SOA Security Manager schema file.
    DSA_Name

    Represents the name of the DSA you created using the dxnewdsa utility.

    Note: the DSA's DXI file is located in DXHOME\config\servers.

  5. Add the following lines to the end of the DSA's DXI file: 
    # cache configuration
set ignore-name-bindings = true;
  6. Open the DSA's default DXC file (default.dxc).

    Note: The default DXC file is located in DXHOME\dxserver\config\limits.

  7. Edit the settings to match the following: 
    # size limits
set max-users = 1000;
set credits = 5;
set max-local-ops = 1000;
set max-op-size = 4000;
set multi-write-queue = 20000;

    Note: Editing the size limits settings prevents cache size errors from appearing in your CA Directory log files.

    Important! The multi-write-queue setting is for text–based configurations only. If the DSA is set up with DXmanager, omit this setting.

  8. Save the DXC file.
  9. As the DSA user, stop and restart the DSA using the following commands: 
    dxserver stop DSA_Name
dxserver start DSA_Name
    DSA_Name

    Specifies the name of the DSA.

    The policy store schema is created.