Symantec IGA

  • Private Community
 View Only

  • 1.  MS SQL User Store

    Posted Dec 10, 2015 12:10 AM

    Hi Guys,

     

    I need to setup MS SQL as a user store on IDM 12.6.5.

    The Jboss version is 6.3 EAP.

    Can you please guide me on how to do this, I have always worked on a LDAP user store and hence not very aware of the process.

    Later I need to migrate the users in CA Directory ( which is acting as current user store ) to this RDBMS based user store.

    Also, my environment had JBOSS 6.3 EAP so the folder structures are little different.It would be great if you can guide me.



  • 2.  Re: MS SQL User Store

    Posted Dec 14, 2015 04:53 AM

    In the bookshelf there is an example of setting up the Neteauto sample using a relation database.

    This should give you some hints in how to set up a relation database as userstore

     

    Cheers, Atle



  • 3.  Re: MS SQL User Store

    Broadcom Employee
    Posted Dec 14, 2015 05:05 AM

    This has been also discussed and resolve in a dedicated Support case. Some highlights:

     

    - Design of MSSQL schema (tables / columns etc) should be done onsite, using suitable experts.

    - The configuration guide https://docops.ca.com/cim/12-6-7/EN/configuring should be use for general guidance. https://docops.ca.com/cim/12-6-7/EN/configuring/relational-database-management in particular.

    - There are also some examples for RDBMS Corporate store available under IM Admin Tools for guidance for configuring the dir,xml to be used:

    ..\CA\Identity Manager\IAM Suite\Identity Manager\tools\directoryTemplates ..\CA\Identity Manager\IAM Suite\Identity Manager\tools\samples\NeteAutoRdb\fwSampleRDB

    - You could utilize free tools such as Ldif2csv for converting actual user data.

    Till the official documentation (referring to JBoss 5.x path) gets updated - In JBoss 6.x EAP, we use <JBOSS_HOME>\standalone\configuration\standalone-full.xml (for a single node) or standalone-full-ha.xml for cluster member to define both jndi-name (steps 3-5) as well as for defining a Security Realm for the JDBC Data Source."



  • 4.  Re: MS SQL User Store

    Posted Dec 16, 2015 05:54 AM

    Hello

    I am using the same method and created the  userstore on SQL server (I used the neteauto scenario but I didn't use the role sample from it , just create new standard role) , and it is working fine

    but I have a note, that the password of the account in the userstore is saved in plain text inside the database table, so I can list the tbluser table and see all the passors.

    how can I fore the IM to store the password in encrypted form in the RDB ??

     

    thanks



  • 5.  Re: MS SQL User Store

    Broadcom Employee
    Posted Dec 16, 2015 06:05 AM

    Hi

    You need to configure the password attribute in the dir.xml to be stored encrypted

     

    <ImsManagedObjectAttr physicalname="tblUsers.password" description="Password" displayname="Password" valuetype="String" wellknown="%PASSWORD%" maxlength="0">

    <DataClassification name="AttributeLevelEncrypt"/>

    <DataClassification name="sensitive"/>

    </ImsManagedObjectAttr>

     

    More information can be found in the configuration guide,

    Modify Attribute Descriptions - CA Identity Manager - 12.6.07 - CA Technologies Documentation

     

    Regards

    Rinat

    CA Tech Support



  • 6.  Re: MS SQL User Store

    Posted Dec 16, 2015 07:01 AM

    Thanks RinatM for your help



  • 7.  Re: MS SQL User Store

    Posted Dec 17, 2015 03:30 PM

    Hi Robab

     

    I guess you have clear how to create the directory and provisioning direcotorio. Do you require a step-by-step description?

    or just you need to know which configuration files must be modified in JBOSS