I need to setup MS SQL as a user store on IDM 12.6.5.
The Jboss version is 6.3 EAP.
Can you please guide me on how to do this, I have always worked on a LDAP user store and hence not very aware of the process.
Later I need to migrate the users in CA Directory ( which is acting as current user store ) to this RDBMS based user store.
Also, my environment had JBOSS 6.3 EAP so the folder structures are little different.It would be great if you can guide me.
I guess you have clear how to create the directory and provisioning direcotorio. Do you require a step-by-step description?
or just you need to know which configuration files must be modified in JBOSS
In the bookshelf there is an example of setting up the Neteauto sample using a relation database.
This should give you some hints in how to set up a relation database as userstore
This has been also discussed and resolve in a dedicated Support case. Some highlights:
- Design of MSSQL schema (tables / columns etc) should be done onsite, using suitable experts.
- The configuration guide https://docops.ca.com/cim/12-6-7/EN/configuring should be use for general guidance. https://docops.ca.com/cim/12-6-7/EN/configuring/relational-database-management in particular.
- There are also some examples for RDBMS Corporate store available under IM Admin Tools for guidance for configuring the dir,xml to be used:
..\CA\Identity Manager\IAM Suite\Identity Manager\tools\directoryTemplates ..\CA\Identity Manager\IAM Suite\Identity Manager\tools\samples\NeteAutoRdb\fwSampleRDB
- You could utilize free tools such as Ldif2csv for converting actual user data.
Till the official documentation (referring to JBoss 5.x path) gets updated - In JBoss 6.x EAP, we use <JBOSS_HOME>\standalone\configuration\standalone-full.xml (for a single node) or standalone-full-ha.xml for cluster member to define both jndi-name (steps 3-5) as well as for defining a Security Realm for the JDBC Data Source."
I am using the same method and created the userstore on SQL server (I used the neteauto scenario but I didn't use the role sample from it , just create new standard role) , and it is working fine
but I have a note, that the password of the account in the userstore is saved in plain text inside the database table, so I can list the tbluser table and see all the passors.
how can I fore the IM to store the password in encrypted form in the RDB ??
You need to configure the password attribute in the dir.xml to be stored encrypted
<ImsManagedObjectAttr physicalname="tblUsers.password" description="Password" displayname="Password" valuetype="String" wellknown="%PASSWORD%" maxlength="0">
More information can be found in the configuration guide,
Modify Attribute Descriptions - CA Identity Manager - 12.6.07 - CA Technologies Documentation
CA Tech Support
Thanks RinatM for your help