The existing r6.x policy store schema has not changed. The r12.5 migration requires that you extend the policy store schema for policy store for objects that r12.5 requires.
If you have deployed a smkeydatabase, extend the policy store schema before upgrading your first Policy Server. Extending the schema prepares the policy store for the smkeydatabase migration to the certificate data store during a Policy Server upgrade. Extending the schema does not affect compatibility mode. The policy store continues to function as it did in r6.x.
If you have not deployed a smkeydatabase, extend the schema as part of the policy store upgrade process.
Follow these steps:
schema_extension\db\Active Directory
Example: If the following root DN represents the policy store object:
Replace each instance of <RootDN> with the following DN:
Specifies the Policy Server installation path.
smldapsetup ldmod -fpath/ActiveDirectory.ldif
Specifies the path to the schema file.
The policy store schema is extended.
Follow these steps:
schema_extension\db\Active Directory LDS
Example: {CF151EA3-53A0-44A4-B4AC-DA0EBB1FF200}
Specifies the Policy Server installation path
smldapsetup ldmod -fpath/ADLDS.ldif
Specifies the path to the schema file.
The policy store schema is extended.
Follow these steps:
schema_extension\db\CA Directory
#CA Schema source "netegrity.dxc" source "etrust.dxc"
# cache configuration set max-cache-size = 100; set cache-attrs = all-attributes; set cache-load-all = true; set ignore-name-bindings = true;
Note: The DXI file is located in DXHOME\config\servers. The max-cache-size entry is the total cache size in MB. Adjust this value according to the total memory available on the CA Directory server and overall size of the policy store.
# cache configuration #set max-cache-size = 100; #set cache-attrs = all-attributes; #set cache-load-all = true; set ignore-name-bindings = true;
# size limits set max-users = 255; set credits = 5; set max-local-ops = 100; set max-dsp-ops = 100; set max-op-size = 200; set multi-write-queue = 20000;
Note: The default DXC file is located in DXHOME\dxserver\config\limits.
# size limits set max-users = 1000; set credits = 5; set max-local-ops = 1000; set max-dsp-ops = 1000; set max-op-size = 4000; set multi-write-queue = 20000;
Note: Editing the size limits settings prevents cache size errors from appearing in your CA Directory log files.
Important! The multi‑write‑queue setting is for text–based configurations only. If the DSA is set up with DXmanager, omit this setting.
Netegrity, SiteMinder, PolicySvr4
dxserver stop DSA_Name
dxserver start DSA_Name
Specifies the name of the policy store DSA.
The policy store schema is extended.
Follow these steps:
schema_extension\db\IBM DB2
db2 -td@ [-v] -f path\DB2.sql
Specifies the path to the DB2 schema file.
The policy store schema is extended.
Follow these steps:
schema_extension\db\IBM Tivoli Directory Server
The policy store schema is extended.
Follow these steps:
schema_extension\db\Novell eDirectory
Specifies the Policy Server installation path.
ldapsearch -hhost -pport -bcontainer -ssub -DAdminDN -wAdminPW objectclass=ncpServer dn
ldapsearch -h192.168.1.47 -p389 -bo=nwqa47container -ssub -dcn=admin,o=nwqa47container -wpassword objectclass=ncpServer dn
The Novell server DN opens.
Example: If your Novell server DN value is cn=servername,o=servercontainer, replace all instances of <ncpserver> with the following value:
smldapsetup ldmod -fpath\Novell.ldif
Specifies the path to the schema file.
The policy store schema is extended.
Follow these steps:
Note: This procedure assumes that the OpenLDAP server is at /usr/local/etc/openldap and that the schema files are located in the schema subdirectory.
openldap_attribute_XPS.schema openldap_object_XPS.schema
.... ..... include /usr/local/etc/openldap/schema/openldap_attribute_XPS.schema include /usr/local/etc/openldap/schema/openldap_object_XPS.schema
The policy store schema is extended.
Follow these steps:
Run the following command:
oracle_home/ldap/bin/catalog connect=conn_str add=TRUE attribute=modifyTimestamp
Specifies the Oracle Internet Directory installation path.
Specifies the directory database connect string. If you have configured a tnsnames.ora file, then enter the net service name specified in the file.
Note: For more information about the catalog command line tool, see the Oracle documentation.
schema_extension\db\Oracle Internet Directory
Specifies the Policy Server installation path.
ldapmodify -hhost -pport -dAdminDN -wAdminPW -c -fpath\OID_10g.ldif -Z -Pcert
Specifies the IP address of the LDAP directory server.
Specifies the port number of the LDAP directory server.
Example: 3500
Specifies the name of the LDAP user who has the privileges to create the LDAP schema.
Specifies the password of the administrator that the –d option specifies.
Specifies continuous mode (do not stop on errors).
Specifies the path to the extracted schema file.
Specifies a connection that is encrypted by SSL.
Specifies the path of the directory where the SSL client certificate database file (cert7.db) exists.
If cert7.db exists in app/siteminder/ssl, specify:
The policy store schema is extended.
Follow these steps:
schema_extension\db\Red Hat Directory Server
Specifies the Policy Server installation path.
smldapsetup ldmod -fpath/RedHat_7_1.ldif
Specifies the path to the extracted schema file.
The policy store schema is extended.
Follow these steps:
Create the following root node:
schema_extension\db\Siemens DirX
Specifies the DirX installation path.
Example: C:\program files\siemens\dirx
Default values:
Note: Correct the values so they apply to your existing setup.
dirxadm schema_ext_for_XPS.adm
Note: Watch for errors.
The policy store schema is extended.
Follow these steps:
schema_extension\db\Sun Java System Directory Server
Specifies the Policy Server installation path.
smldapsetup ldmod -fpath\OracleDirectoryServer.ldif
Specifies the path to the extracted schema file.
The policy store schema is extended.
Follow these steps:
schema_extension\db\Microsoft SQL Server
The policy store schema is extended.
Follow these steps:
The policy store schema is extended.
Follow these steps:
Note: We recommend that you do not create the SiteMinder schema with the SYS or SYSTEM users. If necessary, create an Oracle user, such as SMOWNER, and create the schema with that user.
Note: If you are using sqlplus, run the schema using an @ sign.
The policy store schema is extended.
Copyright © 2012 CA Technologies.
All rights reserved.