Installation and Upgrade GuidesSiteMinder Upgrade GuideUpgrade Procedures from 5.xStep 1: Upgrade the 5.x Policy Server to 6.xUpgrade a 5.x Policy Store › Upgrade an Active Directory Policy and Key Store

Previous Topic: Upgrade a 5.x Policy Store

Next Topic: Upgrade a CA eTrust Directory Policy Store
Upgrade an Active Directory Policy and Key Store

Important! Before running a SiteMinder utility or executable on Windows Server 2008, open the command line window with Administrator permissions. Open the command line window this way, even if your account has Administrator privileges. For more information, see the release notes for your SiteMinder component.

To upgrade an Active Directory policy and key store

  1. Create the r6.0 SP6 policy and key store schema with the following smldapsetup commands.

    Note: For more information about using the smldapsetup tool, see the Policy Server Installation Guide.

    1. smldapsetup ldgen -hhost_IP -pport -duser_dn
      -wuser_pw -rpolicy_store_root -ssl1/0 -ccert -ffilename -u
      -hhost_IP

      Specifies the IP Address of the directory server host system.

      -pport

      Specifies the port on which the directory server is listening.

      -duser_dn

      Specifies the distinguished name of a directory server user with privileges to create LDAP schema in the directory server.

      -wuser_pw

      Specifies the password for the directory server user specified by -d.

      -rpolicy_store_root

      Specifies the DN location of the SiteMinder data in the directory server.

      -ssl1/0

      (Optional) Specifies an SSL connection.

      Limits: 0=no | 1=yes

      Default: 0

      -ccert

      (Only required if the ssl value is 1) Specifies the path to the directory where the SSL client certificate database file, cert7.db, exists.

      -ffile_name

      Specifies the name of the schema (LDIF) file you are creating.

      -u

      Creates the r6.0 SP6 upgrade schema file.

    2. smldapsetup ldmod -hhost_IP -pport -duser_dn
      -wuser_pw -rpolicy_store_root -ssl1/0 -ccert -ffile_name
  2. Import the required r6.0 SP6 policy store objects by entering the following command: 
    smobjimport -isiteminder_home\db\smdif\
sm_upgrade_55_to_60sp6.smdif -dadmin_name -wadmin_pw -v -f
    siteminder_home

    Specifies the Policy Server installation path.

    -dadmin_name

    Specifies the name of the SiteMinder administrator with super user privileges.

    -wadmin_pw

    Specifies the password for the SiteMinder super user.

    -v

    Outputs error, warning, and comment messages in verbose format. Verbose format lets you monitor the status of the import.

    -f

    Overwrites duplicate policy store objects with the r6.0 SP6 policy store objects.

    Note: If an argument contains spaces, use double quotes around the entire argument.

    Example:

    smobjimport -i“C:\Program Files\CA\SiteMinder\db\
smdif\sm_ps_upgrade_55_to_60sp6.smdif” -d"SM Admin" -wPassword -v -f

Important! If you do not complete this step, the required SiteMinder objects are not added to the policy store. As a result, you cannot use the Policy Server User Interface to configure policies.