Installation and Upgrade Guides › Policy Server Installation Guide › Configuring LDAP Directory Servers as a Policy or Key Store › Oracle Directory Server Enterprise Edition as a Policy Store › How to Configure the Policy Store

How to Configure the Policy Store

To configure Oracle Directory Sever Enterprise Edition (formerly Sun Directory Server Enterprise Edition) as a policy store, complete the following procedures:

1. (Optional) If applicable, use the LDAP vendor software to create an LDAP directory server instance.
2. (Optional) If applicable, use the LDAP vendor software to create an administrative user with privileges to create, read, modify, and delete objects in the LDAP tree underneath the policy store root object.
3. Review the Oracle Directory Server considerations.
4. Point the Policy Server to the directory server.
5. Create the policy store schema.
6. Set the SiteMinder super user password.
7. Import the default SiteMinder objects.
8. Import the policy store data definitions.
9. Restart the Policy Server.
10. Prepare for the Administrative UI registration.

Oracle Directory Server Enterprise Edition Considerations

If you are using Oracle Directory Server Enterprise Edition as a policy store, consider the following.

smldapsetup and Oracle Directory Enterprise Edition

The smldapsetup utility creates the ou=Netegrity, root sub suffix and PolicySvr4 database.

root

The directory root you specified in the Root DN field on the Data tab of the Policy Server Management Console. This variable has to be either an existing root suffix or sub suffix.

Example: If your root suffix is dc=netegrity,dc=com then running smldapsetup produces the following in the directory server:

• A root suffix, dc=netegrity,dc=com, with the corresponding userRoot database.
• A sub suffix, ou=Netegrity,dc=netegrity,dc=com, with the corresponding PolicySvr4 database.

Example: If you want to place the policy store under ou=apps,dc=netegrity,dc=com, then ou=apps,dc=netegrity,dc=com has to be either a root or sub suffix of the root suffix dc=netegrity,dc=com.

If it is a sub suffix, then running smldapsetup produces the following:

• A root suffix, dc=netegrity,dc=com, with the corresponding userRoot database.
• A sub suffix, ou=apps,dc=netegrity,dc=com, with the corresponding Apps database.
• A sub suffix, ou=Netegrity,ou=apps,dc=netegrity,dc=com, with the corresponding PolicySvr4 database.

Note: For more information about root and sub suffixes, see the Oracle documentation.

Replicate an Oracle Directory Server Enterprise Edition Policy Store

SiteMinder r12.0 SP3 creates a UserRoot and a PolicySvr4 database. The PolicySvr4 database has suffix mappings pointing to it. To replicate this policy store, set up a replication agreement for the PolicySvr4 database directory.

Note: More information about a replication agreement, see the Oracle documentation.

After you create the replication agreement, replicate the SiteMinder indexes.

To replicate SiteMinder indexes

1. Generate the SiteMinder indexes:

   smldapsetup ldgen -x -findexes.ldif
   

   Important! Before running a SiteMinder utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.

2. Set up the indexes on a replica server:

   smldapsetup ldmod -x -findexes.ldif -hhost -preplicaport 
   -dAdminDN -wAdminPW
   

   host

   Specifies the replica host.

   replicaport

   Specifies the replica port number.

   AdminDN

   Specifies the replica administrator DN.

   Example: cn=directory manager

   AdminPW

   Specifies the replica administrator password.

   The SiteMinder indexes are replicated.

More Information:

smldapsetup