Layer7 Access Management

Expand all | Collapse all

CA dir 14 as policy store

Jump to Best Answer
  • 1.  CA dir 14 as policy store

    Posted 06-27-2018 07:28 AM

    I am setting up CA dir 14 as a policy store. Here what are the ways to create the directory structure? Apart from jxplorer. Can we do it via console?

  • 2.  Re: CA dir 14 as policy store

    Posted 06-27-2018 08:27 AM

    Quick answer is no. But again, if the reference to 'console' here is regarding SiteMinder console, this is better suited for CA SSO folks to answer. You may want to post this in CA SSO communities board. From CA Directory side, one has to use some sort of LDAP browser (e.g JXplorer) to create DIT (Directory Information Tree) structure.


    You may also be able to create it via command line tools (e.g. dxmodify and/or ldapmodify) with use of LDIF file as an input to DSA but if you are new to CA Directory, your best option is to use an LDAP browser.

  • 3.  Re: CA dir 14 as policy store

    Posted 06-27-2018 08:31 AM

    Can you please share any documents for command line tools Please?

  • 4.  Re: CA dir 14 as policy store

  • 5.  Re: CA dir 14 as policy store

    Posted 06-27-2018 08:42 AM

    Thank you

  • 6.  Re: CA dir 14 as policy store
    Best Answer

    Posted 06-27-2018 08:56 AM

    Sound like you are following/referencing "create the base tree strucutre for policy store data" mentioned at:


    Configure a CA Directory Policy Store - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation 


    where a reference to JXplorer is made to create the DIT.

    If yes, here is what you can do with dxmodify.

    Create a LDIF file with following content: (assuming your DSA prefix is <c US><o psdsa>)


    dn: ou=Netegrity,o=psdsa,c=US
    objectClass: organizationalUnit
    ou: Netegrity


    dn: ou=SiteMinder,ou=Netegrity,o=psdsa,c=US
    objectClass: organizationalUnit
    ou: SiteMinder


    dn: ou=PolicySvr4,ou=SiteMinder,ou=Netegrity,o=psdsa,c=US
    objectClass: organizationalUnit
    ou: PolicySvr4


    dn: ou=XPS,ou=PolicySvr4,ou=SiteMinder,ou=Netegrity,o=psdsa,c=US
    objectClass: organizationalUnit
    ou: XPS

    Once done, while the Policy Store DSA is online, you can run the following (in add mode) from the system prompt:


    dxmodify -a -h {hostname}:{port} -f filename.ldif


    The above will create the required base structure for you. You will still need some sort of LDAP browser though to see and confirm the DIT being there.