I am receiving the error " Exception in SmDsObj: Failed to retrieve directory services provider from registry " in the smps.log on Policy Server Startup. This is a new install Policy Server 12.6.01 on Red Hat Linux 7. According to Error Messages - CA Single Sign-On - 12.6.01 - CA Technologies Documentation , this means that the policy server failed to lookup a DS provider. The documentation recommends to check if the provider shared library can be loaded by the policy server process. Which library is the provider shared library and where is it located? I am able to communicate over port 389 from policy server to Directory Services, but it appears the underlying ldap client is not loading properly.
Hi Doyle, I believe you have not selected the correct Namespace while configuring the user directory. Try using LDAP namespace in the user directory object.
If you look at the sm.registry file inside <ps_install_directory>/siteminder/registry/ , you will see that the default namespace providers are defined as below:
So, If you are using LDAP: name space, it tries to load smdsldap.so library.
If you are using ODBC: namespace, it tries to load smdsodbc.so library.
Both these provider libraries are loacted at <ps_install_directory>/siteminder/lib directory. See below :
I would suggest to verify if you are using the correct namespace for your Policystore/KeyStore.
If it still doesn't work, then try starting PS with strace and see if it points to any permission related issues etc :
strace -Ff -t -i -v -o strace.log -s 16384 <command to start PS>
e.g.strace -Ff -t -i -v -o strace.log -s 16384 ./start-ps
Let me know if any questions.
Ujwol's Single Sign-On Blog
I am using a AD namespace. Strace results show no reference to either libsmdsldap.so or libsmdsodbc. I do however see the following entry
12704 16:18:35 [00007fd51469d6c7] open("/app/CA/siteminder/bin/libsmds.so", O_RDONLY|O_CLOEXEC <unfinished ...>12703 16:18:35 [00007f50ec73c615] <... stat resumed> 0x7ffdc87c0540) = -1 ENOENT (No such file or directory)12704 16:18:35 [00007fd51469d6c7] <... open resumed> ) = -1 ENOENT (No such file or directory)12703 16:18:35 [00007f50ec73c6c7] open("/app/jdk/jdk1.8.0_111/jre/libpthread.so.0", O_RDONLY|O_CLOEXEC <unfinished ...>12704 16:18:35 [00007fd51469d6c7] open("/app/CA/siteminder/lib/libsmds.so", O_RDONLY|O_CLOEXEC <unfinished ...>
Those files do exist under the those directory paths
I believe this will be the problem :
you write: I am using a AD namespace.
The AD namespace is only usable on Windows platforms and on Unix you need to use the LDAP namespace.
The reason for that is the "AD" actually calls Microsoft system .dll's to implement the user store functionality. It was a tradeoff, it then gives close interaction with AD, but obviously is not callable from Unix platforms.
The LDAP namespace with AD Enhanced setting is generally what is used to access the remote Active Directory store from a Siteminder Linux platform.
Cheers - Mark