|
|
|
Important! Before running a SiteMinder utility or executable on Windows Server 2008, open the command line window with Administrator permissions. Open the command line window this way, even if your account has Administrator privileges. For more information, see the release notes for your SiteMinder component.
To configure policy store data in an LDAP directory server manually
Specifies the Policy Server installation path.
smldapsetup status -hhost -pport -dAdminDN -wAdminPW -rrootDN -ssl1/0 -ccert smldapsetup reg -hhost -pport -dAdminDN -wAdminPW -rrootDN -ssl1/0 -ccert
Specifies the name or IP address of the LDAP directory server.
Specifies the port on which the LDAP directory server is listening.
Specifies the name of an LDAP user with privileges to create LDAP schema in the LDAP directory server. This user appears in the Admin Username field on the Data tab of the Policy Server Management Console after you run the smldapsetup utility.
ADAM and AD LDS: Specifies the full domain name, including the guid value, of the directory server administrator.
Example: CN=user1,CN=People,CN=Configuration,CN,{guid}
Specifies the password for the administrator DN.
Specifies the DN location of the SiteMinder data in the LDAP directory server.
ADAM and AD LDS: Specifies the existing root DN location of the application partition in the directory server where the policy store schema must be created.
If you are connecting to the LDAP directory server over SSL, specify -ssl1 and -ccert
Specifies the path of the directory where the SSL client certificate database file (cert7.db) exists.
Note: If client certificate database file exists in /app/siteminder/ssl, specify -capp/siteminder/ssl.
The smldapsetup utility tests the connection to the LDAP directory server. If the connection is successful, smldapsetup configures the Policy Server to use the LDAP directory server as the policy store.
smldapsetup ldgen -ffile_name smldapsetup ldmod -ffile_name
Specifies the name of the LDIF file you are creating.
Example: smldapsetup ldmod -fpstoreschema.ldif
smreg -su super_user_password
Specifies the password for the SiteMinder super user account.
Note: Be sure that there is a space between -su and the password.
Deleting the smreg utility prevents someone from changing the super user password without knowing the previous one.
smobjimport -isiteminder_home\db\smdif\smpolicy.smdif -dSM_super_user_name -wsuper_user_password -v
Specifies the Policy Server installation path.
Specifies the name of the file containing the default policy store objects that are imported into the policy store.
Note: When manually configuring a policy store on Windows, you can import one of the following:
The file named smpolicy–secure provides additional security through enhanced default Web Agent configuration parameters.
Specifies the name of the SiteMinder administrator with super user privileges.
Specifies the password for the SiteMinder super user.
Note: If an argument contains spaces, use double quotes around the entire argument.
Windows example: smobjimport -i“C:\Program Files\Netegrity\siteminder\db\smdif\smpolicy.smdif” -d"SM Admin"
-wPassword -v
UNIX example: smobjimport -i$NETE_PS_ROOT/db/smdif/smpolicy.smdif
-d"SM Admin" -wPassword -v
Outputs error, warning, and comment messages in verbose format so you can monitor the status of the import.
Be aware of the following:
Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the release notes for your SiteMinder component.
The stoplight icon changes from green to red.
(UNIX systems) Enter the commands stop–all followed by start–all.
The policy store is configured and you can log into the Policy Server User Interface.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |