Previous Topic: XPSSecurityNext Topic: Policy Server Configuration Files

Policy Server GuidesPolicy Server Administration GuidePolicy Server ToolsXPSSweeper

XPSSweeper

XPSSweeper is a command-line utility that can also be run as a batch job. You can use XPSSweeper to synchronize XPS and SiteMinder policy stores. Usually, XPS synchronizes the different policy stores. However, when legacy tools are used, the policy stores may need to be resynchronized using XPSSweeper. In any case, XPSSweeper does not harm the policy stores and can be run as a precaution.

Syntax

XPSSweeper has the following format:

XPSSweeper [-f] [-s seconds] [-m entries]
[-?] [-vT | -vI | -vW | -vE | -vF]
[-l log_path] [-e err_path]

Parameters

XPSSweeper includes the following options:

-f

(Optional) Runs XPSSweeper in a loop forever.

Note: Use Control-C to exit.

-s

(Optional) Sleeps for the specified number of seconds between iterations of XPSSweeper.

-m

(Optional) Outputs a milestone message every time the specified number of entries has been logged.

-?

(Optional) Displays help information for this utility.

-vT | -vI | -vW | -vE | -vF

(Optional) Specifies when to log error information to the error file and how much information to log.

-vT

Logs detailed information so that you can TRACE errors.

-vI

Logs INFOrmation in case there is an error.

-vW

Logs error information in the event of a WARNING, ERROR, or FATAL error.

-vE

Logs error information in the event of an ERROR or FATAL error.

-vF

Logs error information in the event of a FATAL error.

-l

(Optional) Outputs logging information to the specified location.

Default: stdout

-e

(Optional) Outputs error information to the specified location.

Default: stderr

Run XPSSweeper as a Batch Job

You can run XPSSweeper as a batch job by setting the following two XPS configuration parameters using XPSConfig:

CA.XPS::$Autosweep

Specifies whether to run XPSweeper according to the Autosweep schedule or not to run XPSSweeper at all.

Type: Boolean

CA.XPS::$AutosweepSchedule

Specifies the Autosweep schedule in GMT using the following format:

DDD@{HH:MM}[,DDD@{HH:MM}] ... [,DDD@{HH:MM}]
DDD

(Optional) Specifies the day of the week:

Sun | Mon | Tue | Wed | Thu | Fri | Sat
HH

Specifies the hour.

Range: 00-23

MM

Specifies the number of minutes past the hour.

Range: 00-59

Examples:
Sun@08:30

Every Sunday at 8:30am GMT

Tue@14:00

Every Tuesday at 2:00pm GMT

15:15

Everyday at 3:15pm GMT

Sun@08:30,Tue@14:00,15:15

Every Sunday at 8:30am, every Tuesday at 2:00pm, and everyday at 3:15pm except Tuesday

Note: Multiple Autosweep times can be separated by commas, spaces, or semicolons.

Policy Servers manage XPSSweeper Autosweep times as follows:

Configure Autosweep to Run Every 24 Hours Using XPSConfig

We recommend configuring the XPSSweeper utility to run once every 24 hours. If the XPSSweeper utility does not run often enough, the Policy Server could have trouble starting. Too many tombstone objects in the policy store produce the following error:

LDAP_SIZELIMIT_EXCEEDED

Setting the XPSSweeper utility to run automatically uses the following XPS configuration parameters:

Follow these steps:

  1. Open a command-line window on the computer hosting the Policy Server.
  2. Enter the following command: 
    XPSConfig

    The Products Menu opens and lists the products.

  3. Enter XPS for Extensible Policy Store.

    The Parameters Menu opens and lists the XPS parameters.

  4. Enter 7 for Autosweep.

    The Autosweep Parameter Menu opens.

  5. Verify that the Autosweep value is set to TRUE or enter C to Change the value to TRUE.

    Note: This step specifies running XPSSweeper according to the Autosweep Schedule.

  6. Enter Q to exit the Autosweep Menu and return to the Parameters Menu.
  7. Enter 8 for AutosweepSchedule.

    The AutosweepSchedule Parameter Menu opens.

  8. Enter C to Change the value of the AutosweepSchedule parameter.
  9. Enter the time that you want for the New Value.
  10. Enter Q three times.

    The command prompt appears.