i am starting testing CA Identity Manger 12.6.6 on VM environment , with windows 2012 AD on machine , SQL 2012 Database on DB machine, and the CA IM on windows 2012 machine
after installation , i installed all default componants ,
On the Management console , i have created one directory for the provisioning , and another for the Active directory to use it as user store, then i have created the environment for this AD with provisioning.
my issue that all users as normal user ,, however i mentioned the system manager, no user which login this environment appear to have system manager tasks.
anyone have an idea about what am i missing here ??
I read and try to follow https://wiki.ca.com/display/CIM12606/LDAP%20User%20Store%20Management ,,,
It seems that I faced with similiar issue. Check "Domain" value in "Connection Details" for Provisioning directory. This value is CASE SENSITIVE. By default, Provisioning domain value must be "im", not "IM".
i review your points , it was in small letters as this screenshot of the provisioning directory
also this the AD directory settings i use:
waiting for anyone advise
For you info, normally we use MS SQL database as our userstore instead of AD.
In CA IM folder \admin_tools\directoryTemplates\directory_type\RelationalDatabase there is predefined MS Sql script to build a userstore in MS SQL and to build a userstore environment in CA IM(xml).
The sql script by default, will create the userstore structure and some users. Once the DB is ready and the your CA IM environment is defined, u can you login with "superadmin" with password=password.
i can understand that is in testing , but i need to simulate the real life , so it will be AD as my organisation works.
meanwhile i am trying to use the example Neteauto to understand what the difference between my test and that sample demo
I would suggest that you do use the neteauto example. If you do, use the directory version of it. This one is more similar to AD than the RDBMS version.
And when you have everything running with neteauto, you can try to create another IME using AD as the directory.
BTW, using AD as IM userstore may get you in other type of troubles. There are both pros and cons for doing this. If you use AD as IM userstore, you cannot use the same AD as a provisioning endpoint. This would mean you would miss the password sync agent.
thanks all i follow the configuration guide , and NeteAuto ,, almost it appear that the root search and using same user all over was causing this ,,,, now I create it right.
Atle : we have lot of applications that we intend to provision within IM ,,, what do you think the best userstore to use ,, we have about 7K users in the AD
thanks for your help
Sorry wael_abdelwahab ,
Been away for a while and did not see your update/question.
Without knowing more about your intended use, my default choice is always CA directory.
But, as I said originally, there are sites that will benefit from using AD as userstore.
Thanks for your reply Atle
I started with CA directory ,, but it was some kind of mystery for me to deal with it.
most probably I will take the implementation course next week , maybe after it the mystery will gone and thing will be clearer with the IM.
I came across one of your answers which says to use MS sQL as user store.
Can you please guide me on how to do this, I have always worked on a LDAP user store and hence not very aware of the process.
Also, my environment had JBOSS 6.3 EAP so the folder structures are little different.
It would be great if you can guide me.