Previous Topic: How to Configure the Policy StoreNext Topic: Set the SiteMinder Super User Password

Installation and Upgrade GuidesPolicy Server Installation GuideConfiguring LDAP Directory Servers as a Policy or Key StoreActive Directory as a Policy StoreHow to Configure the Policy StorePoint the Policy Server to the Directory Server

Point the Policy Server to the Directory Server

You point the Policy Server to the LDAP directory server so that the Policy Server has the necessary system information and administrative privileges to read and write information to the policy store.

To point the Policy Server to the directory server

  1. Run the following command from the Policy Server host system: 
    smldapsetup status -hhost -pport -dAdminDN
-wAdminPW -rroot -ssl1/0 -ccert
    -hhost

    Specifies the IP Address of the LDAP server host system.

    -pport

    Specifies the port on which the LDAP server is listening.

    -dAdminDN

    Specifies the name of an LDAP user with privileges to create LDAP schema in the LDAP directory server.

    ADAM or AD LDS: Specifies the full domain name, including the guid value, of the directory server administrator.

    Example: CN=user1,CN=People,CN=Configuration,CN,{guid}

    -wAdminPW

    Specifies the password for an LDAP user with privileges to create LDAP schema in the LDAP directory server.

    -rroot

    Specifies the DN location of the SiteMinder data in the LDAP directory.

    ADAM or AD LDS: Specifies the existing root DN location of the application partition in the ADAM or AD LDS server where you want to put the policy store schema data.

    -ssl1|0

    Specifies an SSL connection.

    Limits: 0=no | 1=yes

    Default: 0

    -ccert

    (Only required if the ssl value is 1) Specifies the path to the directory where the SSL client certificate database file, cert7.db, exists.

    The correct configuration of the LDAP policy store connection parameters is verified.

  2. Run the following command: 
    smldapsetup reg -hhost -pport -dAdminDN
-wAdminPW -rroot -ssl1/0 -ccert

    The connection to the LDAP directory server is tested and the server is configured as a SiteMinder policy store.

Create the Policy Store Schema

You create the policy store schema so the directory server can function as a policy store and store SiteMinder objects.

Follow these steps:

  1. Run the following command from the Policy Server host system: 
    smldapsetup ldgen -ffile_name
    file_name

    Specifies the name of the LDIF file you are creating.

    An LDIF file with the SiteMinder schema is created.

  2. Run the following command: 
    smldapsetup ldmod -ffile_name
    file_name

    Specifies the name of the LDIF you created.

    The utility imports the policy store schema.

  3. Navigate to policy_server_home\xps\db and open the following file: 
    ActiveDirectory.ldif
  4. Manually replace each instance of <RootDN> with the DN that represents the policy store schema location, not the policy store object location.

    Example: If the following root DN represents the policy store object:

    ou=policystore,dc=domain,dc=com

    Replace each instance of <RootDN> with the following DN:

    dc=domain,dc=com
  5. Run the following command: 
    smldapsetup ldmod -fpolicy_server_home\xps\db\ActiveDirectory.ldif
    policy_server_home

    Specifies the Policy Server installation path.

    The policy store schema is extended. You have created the policy store schema.