Arguments allow you to specify the information used by the modes to manage the LDAP policy store. If you do not specify arguments, smldapsetup uses the values configured in the Policy Server Management Console.
Note: smldapsetup does not allow spaces between an argument and its value. For example, the -h argument should be specified as follows:
smldapsetup ldmod -hldapserver.mycompany.com
The arguments you can specify in an smldapsetup call are listed below:
Specifies the fully qualified name of the LDAP server; the relative name, if the machines are in the same domain (-hldapserver); or the IP address (-h123.12.12.12). If you do not specify a host, smldapsetup uses the previously configured value as the default.
Example: -hldapserver.mycompany.com
Specifies a non-standard LDAP port. The LDAP port must be specified if the LDAP server is using a non-standard port or if you are moving a server to a new server that uses a different port, such as moving from a server using SSL to one that is not. If a port is not specified, the previous configuration values are used. If no previous port configuration has been specified, smldapsetup uses the default ports 389, if SSL is not being used, or 636, if SSL is being used.
Specifies the LDAP user name of a user with the power to create new LDAP directory schema and entries. This is not necessarily the user name of the LDAP server administrator. If you do not specify a user name, smldapsetup uses the previously configured name as the default.
Specifies the password for the user identified in the -d argument. If you do not specify a password, smldapsetup uses the previously configuration value.
Example: -wMyPassword123
Specifies the distinguished name of the node in the LDAP tree where SiteMinder will search for the policy store schema. If you do not specify a root, smldapsetup uses the previously configured root.
Example: -ro=security.com
When specified with smldapsetup ldgen, generates an LDIF file that can delete the SiteMinder schema. The generated file must be used with smldapsetup ldmod to remove the schema.
Skips automatic detection of LDAP servers and specify type of LDAP policy store where n is one of the following:
iPlanet v4 LDAP servers.
Active Directory LDAP servers.
Oracle Internet Directory.
iPlanet v5.
Sun Directory Servers.
Active Directory Application Mode (ADAM).
Specifies the absolute or relative path to an LDIF file from the directory in which smldapsetup is being executed.
Example: -f../siteminder/db/smldap.ldif
Default: if you do not specify a path, smldapsetup uses the current directory as the default.
Specifies the absolute or relative path, including filename and extension, of the ldapmodify command line utility. Ldapmodify is used to configure the server schema using the LDIF format commands. LDAP servers and SiteMinder provide a copy of ldapmodify. If the utility is not in the default location, use this argument to specify its location.
Specify -ssl1 to use an SSL-encrypted connection to the LDAP server, and -ssl0 to use a non-SSL connection. If you do not specify a value for -ssl, smldapsetup uses the previously configured value. If the LDAP connection has not been configured before, the initial default value is 0.
This argument must be specified when using an SSL encrypted
(-ssl1) LDAP connection. Specifies the path of the directory where the SSL client certificate database file, which is usually called cert7.db for the Netscape Navigator Web browser, exists.
Example: If cert7.db exists in /app/siteminder/ssl, specify -c/app
/siteminder/ssl when running smldapsetup ldmod -f/app/siteminder/pstore.ldif -p81 -ssl1 -c/app/siteminder/ssl.
Note: For policy stores using an SSL-encrypted connection to Sun Java System LDAP, make sure the key3.db file exists in the same directory as cert7.db.
Enables you to use smldapsetup to set up or modify a key store if you are storing key information in a different LDAP directory. If you specify -k, smldapsetup checks to see if the Policy Server is pointing to the key store before performing any functions. If the Policy Server is not pointing to the key store, smldapsetup issues a warning. If you specify -k1, in conjunction with smldapsetup ldgen and the other arguments for a new policy store, smldapsetup creates a separate key store in the location you specify. If you do not specify -k or -k1, smldapsetup will modify the policy store.
Enables verbose mode for troubleshooting. With -v, smldapsetup logs its command-line arguments and configuration entries as it performs each step in the LDAP migration.
Specifies the distinguished name of an account that should be used by SiteMinder to make modifications to the policy store. This argument allows an administrator account to retain control of the SiteMinder schema while enabling another account that will be used for day-to-day modifications of SiteMinder data. When a change is made using the Administrative UI, the account specified by this argument is used. Be sure to enter the entire DN of an account when using this argument.
Enables quiet mode for no questions to be asked.
Creates a 6.x upgrade schema file (LDIF).
Use the -x argument with ldmod to generate replication indexes for another 5.x Sun Java System Directory Server Enterprise Edition (formerly Sun ONE/iPlanet) LDAP directory server.
This option allows you to specify a suffix other than the default parent suffix when configuring the 6.x Policy Server's schema in a Sun Java System Directory Server Enterprise Edition (formerly Sun ONE/iPlanet) LDAP directory server.
Example: assume the following:
ou=Apps,o=test.com is the Policy Store root.
o=test.com is the root suffix.
ou=netegrity,ou=Apps,o=test.com is the sub suffix.
If you do not use the -s parameter with smldapsetup, the Policy Server assigns ou=Apps,o=test.com as a parent suffix of ou=netegrity,ou=Apps,o=test.com. To change this and have the appropriate parent suffix set, run smldapsetup using the -s parameter while specifying o=test.com.
Displays the help message.
Note: If the arguments contain spaces, you must enter double quotes around the entire argument. For example, if the name of the SiteMinder administrator is LDAP user, the argument for smldapsetup would be: -d"LDAP user".
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |