Installation and Upgrade Guides › Directory Configuration Guide › Critical Path inJoin Directory Server › Configure an inJoin Directory Server as a Policy Store

Configure an inJoin Directory Server as a Policy Store

You can configure a Critical Path inJoin Directory Server (IDS) as a policy store using the Critical Path's iCon GUI.

Follow these steps:

1. Start the DSA.
2. Log in to the Policy Server host system.
3. Navigate to siteminder_home\bin.

   siteminder_home

   Specifies the Policy Server installation path.

4. Run the following command:

   ldapmodify -hhost -pport -dAdminDN -wAdminPW -c
   -fsiteminder_home\db\tier2\CriticalPathIDS\IDS_Add_Schema_R12sp3.ldif
   

   -hhost

   Specifies the IP address of the LDAP server.

   -pport

   Specifies the port number of the LDAP server.

   -dAdminDN

   Specifies the name of an LDAP user with privileges to create a new LDAP schema on the LDAP directory server.

   Example: cn=manager

   -wAdminPW

   Specifies the password of the LDAP user with privileges to create a new LDAP schema on the LDAP directory server.

   -c

   Specifies continuous mode (do not stop on errors).

   -fsiteminder_home

   Specifies the Policy Server installation path.

5. Reload the schema, or verify that the schema has been updated.
6. Run the following command:

   ldapmodify -hhost -pport -dAdminDN -wAdminPW -c
   -fsiteminder_home\xps\db\tier2\criticalpath\CriticalPath.ldif
   

7. Reload the schema, or verify that the schema has been updated.
8. Go to dsa, comms, LDAP, change the "paging mode" option to "always", and restart the DSA.

   The policy store schema is created for r12.0 SP3.

9. Manually create the following root nodes using Critical Path's iCon DIT administrator interface:
   • ou=Netegrity
   • ou=SiteMinder
   • ou=PolicySvr4
   • ou=XPS
10. Copy the smreg utility to policy_server_home\bin.

    policy_server_home

    Specifies the Policy Server installation path.

11. Run the following command:

    smreg -su password
    

    password

    Specifies the password for the default SiteMinder administrator.

    Limits:

    • The password must contain at least six (6) characters and cannot exceed 24 characters.
    • The password cannot include an ampersand (&) or an asterisk (*).
    • If the password contains a space, enclose the passphrase with quotation marks.

    Note: The password is not case sensitive, except when the password is stored in an Oracle policy store.

12. Delete the smreg utility from policy_server_home\bin. Deleting smreg prevents someone from changing the password without knowing the previous one.

    The password for the default SiteMinder administrator account is set.

13. Run the following command:

    smobjimport -ipolicy_server_home/db/smdif/smpolicy.smdif
    -dsiteminder_super_user_name -wsiteminder_super_user_password -v
    

    -i

    Specifies the path and name of the import file.

    -v

    Turns on tracing and outputs error, warning, and comment messages.

    The base policy store data is imported from the file smpolicy.smdif.

14. Run the following command:

    smobjimport -ipolicy_server_home\db\smdif\ampolicy.smdif
    -dsiteminder_super_user_name -wsiteminder_super_user_password -f -v -l -c
    

    -i

    Specifies the path and name of the import file.

    -dsiteminder_super_user_name

    Specifies the name of the SiteMinder Super User account.

    -wsiteminder_super_user_password

    Specifies the password for the SiteMinder Super User account.

    -f

    Overrides duplicate objects

    -v

    Turns on tracing and outputs error, warning, and comment messages in verbose format so that you can monitor the status of the import.

    Default value: stdout

    -l

    Creates a log file.

    -c

    Indicates that the smdif input file contains unencrypted data.

    smobjimport imports the policy store objects. These objects are automatically imported to the appropriate locations.

    Note: Importing ampolicy.smdif makes available Federation Security Services, Web Service Variables, and eTelligent Rules functionality that is separately licensed from SiteMinder. If you intend on using the latter functionality, contact your CA account representative for more information on licensing.

    The Critical Path inJoin Directory Server (IDS) is configured as a policy store.

Note: You can now import the policy store data definitions.