Configuration Guides › Directory Configuration Guide › Siemens DirX EE 1.0 Directory Server › Configure a DirX EE 1.0 Directory Server as a Policy Store

Configure a DirX EE 1.0 Directory Server as a Policy Store

You can configure a Siemens DirX EE 1.0 Directory Server as a SOA Security Manager r12.1 policy store on a Windows 2000 SP4 Advanced Server.

To configure a Siemens DirX EE 1.0 Directory Server as a policy store

1. Install DirX EE 1.0.
2. Copy the following files from dir_config_home\dirxee

   to DirX_EE_install_path\scripts\stand_alone:

   • dirxabbr-ext.SiteMinderR12sp1
   • schema_EE_ext_for_SiteMinderR12sp1.adm
   • subschema_ext_for_SiteMinderR12sp1.cp
   • bind.tcl
   • setup.bat
   • GlobalVar.tcl
   • initialize_DSA.cp
   • dir_config_home

     Specifies the Directory Configuration installation path.

   • DirX_EE_install_path

     Specifies the DirX EE installation path.

3. Copy the following files from dir_config_home\xps\dirxee

   to DirX_EE_install_path\scripts\stand_alone:

   • dirxabbr-ext.XPS
   • schema_EE_ext_for_XPS.adm
   • subschema_ext_for_XPS.cp
4. Copy the following files to DirX_EE_install_path\client\conf:
   • dirxabbr-ext.SiteMinderR12sp1
   • dirxabbr-ext.XPS
5. Run setup.bat, and check the resulting log file, setup.log, for errors.
6. Rebind to the DSA using the DirXmanage tool.
   1. Download all class attribute types and nameforms from the DSA schema through the DSA administrator (cn=admin,o=company).
   2. Bind through the user (cn=user,o=company).
   3. Watch for errors.
7. (Solaris Only) Run the program setup.sh.
   1. Answer yes to the first two questions.
   2. Open another terminal window.
   3. Use dirxadm to bind as administrator.
   4. Stop and restart the server.
   5. Go back to terminal window running setup.sh, and answer yes to the last question.

      A log file of error messages is created: setup.log.

8. Create the base tree structure using the DirXmanage tool:
   1. Under o=Company, create ou=Netegrity.
   2. Under ou=Netegrity, create ou=SiteMinder.
   3. Under ou=SiteMinder, create ou=PolicySvr4.

   The policy store schema is created for r12.1.

9. Navigate to policy_server_home\bin.
   • policy_server_home

     Specifies the Policy Server installation path.

10. Run the following command:

    $ smobjimport
    -ipolicy_server_home\db\smdif\smpolicy.smdif -v
    

    • -i

      Specifies the path and name of the import file.

    • -v

      Turns on tracing and outputs error, warning, and comment messages.

      Note: You can output to a log file and check for errors.

    The base policy store data is imported from the file smpolicy.smdif.

    Note: To import data from an existing policy store, see the section on migrating policy store data in the Policy Server Installation Guide.

11. Run the following command:

    smobjimport -ipolicy_server_home\db\smdif\ampolicy.smdif
    -dsiteminder_super_user_name -wsiteminder_super_user_password -f -v -l -c
    

    • -i

      Specifies the path and name of the import file.

    • -dsiteminder_super_user_name

      Specifies the name of the SOA Security Manager Super User account.

    • -wsiteminder_super_user_password

      Specifies the password for the SOA Security Manager Super User account.

    • -f

      Overrides duplicate objects

    • -v

      Turns on tracing and outputs error, warning, and comment messages in verbose format so that you can monitor the status of the import.

      Default value: stdout

    • -l

      Creates a log file.

    • -c

      Indicates that the smdif input file contains unencrypted data.

    smobjimport imports the policy store objects. These objects are automatically imported to the appropriate locations.

    Note: Importing ampolicy.smdif makes available CA SiteMinder Federation Security Services, Web Service Variables, and eTelligent Rules functionality that is separately licensed from SOA Security Manager. If you intend on using the latter functionality, contact your CA account representative for more information on licensing.

12. Run the following command:

    smreg -su password
    

    The administrator's password is set.

13. Point the Policy Server to the DirX EE Directory Server by using the Data tab on the Policy Server Management Console.

    Sample values:

    • LDAP IP Address: 123.456.7.8
    • Root DN: o=company
    • Admin username: cn=admin,o=company
    • Admin password: direx

    The DirX EE Directory Server is configured as a policy store.

Note: You can now import the policy store data definitions.