Arguments allow you to specify the information used by the modes to manage the LDAP policy store. If you do not specify arguments, smldapsetup uses the values configured in the Policy Server Management Console.
Note: smldapsetup does not allow spaces between an argument and its value. For example, the -h argument should be specified as follows:
smldapsetup ldmod -hldapserver.mycompany.com
The arguments you can specify in an smldapsetup call are listed below:
Specifies the fully qualified name of the LDAP server; the relative name, if the machines are in the same domain (-hldapserver); or the IP address (-h123.12.12.12). If you do not specify a host, smldapsetup uses the previously configured value as the default.
Example: -hldapserver.mycompany.com
Specifies a non-standard LDAP port. The LDAP port must be specified if the LDAP server is using a non-standard port or if you are moving a server to a new server that uses a different port, such as moving from a server using SSL to one that is not. If a port is not specified, the previous configuration values are used. If no previous port configuration has been specified, smldapsetup uses the default ports 389, if SSL is not being used, or 636, if SSL is being used.
Specifies the LDAP user name of a user with the power to create new LDAP directory schema and entries. This is not necessarily the user name of the LDAP server administrator. If you do not specify a user name, smldapsetup uses the previously configured name as the default.
Specifies the password for the user identified in the -d argument. If you do not specify a password, smldapsetup uses the previously configuration value.
Example: -wMyPassword123
Specifies the distinguished name of the node in the LDAP tree where SiteMinder will search for the policy store schema. If you do not specify a root, smldapsetup uses the previously configured root.
Example: -ro=security.com
When specified with smldapsetup ldgen, generates an LDIF file that can delete the SiteMinder schema. The generated file must be used with smldapsetup ldmod to remove the schema.
Skips automatic detection of LDAP servers and specify type of LDAP policy store where n is one of the following:
iPlanet v4 LDAP servers.
Active Directory LDAP servers.
Oracle Internet Directory.
iPlanet v5.
Sun Directory Servers.
Active Directory Application Mode (ADAM).
Specifies the absolute or relative path to an LDIF file from the directory in which smldapsetup is being executed.
Example: -f../siteminder/db/smldap.ldif
Default: if you do not specify a path, smldapsetup uses the current directory as the default.
Specifies the absolute or relative path, including filename and extension, of the ldapmodify command line utility. Ldapmodify is used to configure the server schema using the LDIF format commands. LDAP servers and SiteMinder provide a copy of ldapmodify. If the utility is not in the default location, use this argument to specify its location.
Specify -ssl1 to use an SSL-encrypted connection to the LDAP server, and -ssl0 to use a non-SSL connection. If you do not specify a value for -ssl, smldapsetup uses the previously configured value. If the LDAP connection has not been configured before, the initial default value is 0.
This argument must be specified when using an SSL encrypted
(-ssl1) LDAP connection. Specifies the path of the directory where the SSL client certificate database file, which is usually called cert7.db for the Netscape Navigator Web browser, exists.
Example: If cert7.db exists in /app/siteminder/ssl, specify -c/app
/siteminder/ssl when running smldapsetup ldmod -f/app/siteminder/pstore.ldif -p81 -ssl1 -c/app/siteminder/ssl.
Note: For policy stores using an SSL-encrypted connection to Sun Java System LDAP, make sure the key3.db file exists in the same directory as cert7.db.
Enables you to use smldapsetup to set up or modify a key store if you are storing key information in a different LDAP directory. If you specify -k, smldapsetup checks to see if the Policy Server is pointing to the key store before performing any functions. If the Policy Server is not pointing to the key store, smldapsetup issues a warning. If you specify -k1, in conjunction with smldapsetup ldgen and the other arguments for a new policy store, smldapsetup creates a separate key store in the location you specify. If you do not specify -k or -k1, smldapsetup will modify the policy store.
Enables verbose mode for troubleshooting. With -v, smldapsetup logs its command-line arguments and configuration entries as it performs each step in the LDAP migration.
Specifies the distinguished name of an account that should be used by SiteMinder to make modifications to the policy store. This argument allows an administrator account to retain control of the SiteMinder schema while enabling another account that will be used for day-to-day modifications of SiteMinder data. When a change is made using the Administrative UI, the account specified by this argument is used. Be sure to enter the entire DN of an account when using this argument.
Enables quiet mode for no questions to be asked.
Creates a 6.x upgrade schema file (LDIF).
Use the -x argument with ldmod to generate replication indexes for another 5.x Sun Java System Directory Server Enterprise Edition (formerly Sun ONE/iPlanet) LDAP directory server.
This option allows you to specify a suffix other than the default parent suffix when configuring the 6.x Policy Server's schema in a Sun Java System Directory Server Enterprise Edition (formerly Sun ONE/iPlanet) LDAP directory server.
Example: assume the following:
ou=Apps,o=test.com is the Policy Store root.
o=test.com is the root suffix.
ou=netegrity,ou=Apps,o=test.com is the sub suffix.
If you do not use the -s parameter with smldapsetup, the Policy Server assigns ou=Apps,o=test.com as a parent suffix of ou=netegrity,ou=Apps,o=test.com. To change this and have the appropriate parent suffix set, run smldapsetup using the -s parameter while specifying o=test.com.
Displays the help message.
Note: If the arguments contain spaces, you must enter double quotes around the entire argument. For example, if the name of the SiteMinder administrator is LDAP user, the argument for smldapsetup would be: -d”LDAP user".
In a Sun Java System Directory Server Enterprise Edition (formerly Sun ONE/iPlanet) directory server, smldapsetup creates the ou=Netegrity, root sub suffix and PolicySvr4 database.
The directory root you specified in the Root DN field on the Data tab of the Policy Server Management Console. This variable has to be either an existing root suffix or sub suffix.
Example: If your root suffix is dc=netegrity,dc=com then running smldapsetup produces the following in the directory server:
Example: If you want to place the policy store under ou=apps,dc=netegrity,dc=com, then ou=apps,dc=netegrity,dc=com has to be either a root or sub suffix of the root suffix dc=netegrity,dc=com.
If it is a sub suffix, then running smldapsetup produces the following:
Note: For more information about root and sub suffixes, see the Sun Microsystems documentation.
To remove the SiteMinder policy store data and schema from an LDAP directory, you must first delete the data, then remove the schema.
Important!
To remove the policy store using smldapsetup
Specifies the installed location of SiteMinder.
smldapsetup remove -hLDAP_IP_Address -pLDAP_Port -d LDAP_Admin -wLDAP_Admin_Password -rLDAP_Base_DN -v
Example: smldapsetup remove -h192.169.125.32 -p552 -d"cn=directory manager" -wfirewall -rdc=ad,dc=test,dc=com -v
Note: Removing the policy store data may take a few moments.
smldapsetup ldgen -e -fldif
Specifies the name of the LDIF file you are generating.
Example: smldapsetup ldgen -e -fdelete.ldif
smldapsetup ldmod -fldif
Specifies the name of the LDIF file you generated using smldapsetup ldgen
-e.
Example: smldapsetup ldmod -fdelete.ldif
SiteMinder provides SQL scripts that delete the SiteMinder schema from ODBC databases. The following list describes each SQL script:
Removes the SiteMinder policy store and data from an Oracle database.
If the database was created using sm_oracle_logs.sql, removes SiteMinder logs stored in an Oracle database
Removes the SiteMinder session store tables and data from an Oracle database.
Removes the SiteMinder policy store and data from an SQL database.
If the database was created using sm_mssql_logs.sql, removes SiteMinder logs stored in an SQL database
Removes the SiteMinder session store tables and data from a SQL database.
Removes the SiteMinder policy store and data from a DB2 database.
If the database was created using sm_db2_logs.sql, removes SiteMinder logs stored in a DB2 database
Removes the SiteMinder session store tables and data from a DB2 database.
The ODBC database SQL scripts are in the following location:
Specifies the Policy Server installation path.
Specifies the Policy Server installation path.
Delete the database objects by running the appropriate SQL script using DB2, SQL Plus for Oracle, or SQL Server Query Analyzer.
Note: For more information about running SQL scripts, see your database documentation.
The smpatchcheck tool lets you determine whether you have the Solaris patches required for the Policy Server and Web Agent installed on your system. Smpatchcheck can be run on the Solaris versions listed on the SiteMinder Platform Matrix. To access this matrix, go to Technical Support and search for the SiteMinder Platform Support Matrix.
To use smpatchcheck
Specifies the Policy Server installation path.
Smpatchcheck looks for each required/recommended patch and then displays its status.
For example:
Testing for Required Patches: Testing for Patch: 106327-09 ... NOT Installed Testing for Recommended Patches: Testing for Patch: 106541-08 ... Installed Testing for Patch: 106980-00 ... Installed SiteMinder Patch Check: Failed
Smpatchcheck returns one of the following messages:
One or more of the required patches is not installed.
One or more of the recommended patches is not installed.
All of the required and recommended patches are installed.
The SiteMinder Test Tool is a utility that simulates the interaction between Agents and Policy Servers. It tests the functionality of the Policy Server. During testing, the Test Tool acts as the Agent, making the same requests to the Policy Server as a real Agent. This allows you to test your SiteMinder configuration before deploying it.
Note: For further information about this tool, see the Policy Server Configuration Guide.
To change the super user password
Specifies the Policy Server installation path.
Note: If the utility is not present, you can find it in the Policy Server installation media available on the Support site.
smreg -su password
Specifies the password for the SiteMinder super user account.
Note: Be sure that there is a space between -su and the password.
The utility changes the super user account password.
Deleting the utility prevents anyone from changing the super user password.
To comply with the terms of your SiteMinder license, you can count the number of users in your SiteMinder environment. The following process describes how to configure your directories and count the SiteMinder users stored within them:
Note: For more information, see the SiteMinder Policy Server Configuration Guide.
|
Copyright © 2012 CA.
All rights reserved.
|
|