I need to setup MS SQL as a user store on IDM 12.6.5.
The Jboss version is 6.3 EAP.
Can you please guide me on how to do this, I have always worked on a LDAP user store and hence not very aware of the process.
Later I need to migrate the users in CA Directory ( which is acting as current user store ) to this RDBMS based user store.
Also, my environment had JBOSS 6.3 EAP so the folder structures are little different.It would be great if you can guide me.
In the bookshelf there is an example of setting up the Neteauto sample using a relation database.
This should give you some hints in how to set up a relation database as userstore
This has been also discussed and resolve in a dedicated Support case. Some highlights:
- Design of MSSQL schema (tables / columns etc) should be done onsite, using suitable experts.
- The configuration guide https://docops.ca.com/cim/12-6-7/EN/configuring should be use for general guidance. https://docops.ca.com/cim/12-6-7/EN/configuring/relational-database-management in particular.
- There are also some examples for RDBMS Corporate store available under IM Admin Tools for guidance for configuring the dir,xml to be used:
..\CA\Identity Manager\IAM Suite\Identity Manager\tools\directoryTemplates ..\CA\Identity Manager\IAM Suite\Identity Manager\tools\samples\NeteAutoRdb\fwSampleRDB
- You could utilize free tools such as Ldif2csv for converting actual user data.
Till the official documentation (referring to JBoss 5.x path) gets updated - In JBoss 6.x EAP, we use <JBOSS_HOME>\standalone\configuration\standalone-full.xml (for a single node) or standalone-full-ha.xml for cluster member to define both jndi-name (steps 3-5) as well as for defining a Security Realm for the JDBC Data Source."
I am using the same method and created the userstore on SQL server (I used the neteauto scenario but I didn't use the role sample from it , just create new standard role) , and it is working fine
but I have a note, that the password of the account in the userstore is saved in plain text inside the database table, so I can list the tbluser table and see all the passors.
how can I fore the IM to store the password in encrypted form in the RDB ??
You need to configure the password attribute in the dir.xml to be stored encrypted
<ImsManagedObjectAttr physicalname="tblUsers.password" description="Password" displayname="Password" valuetype="String" wellknown="%PASSWORD%" maxlength="0">
More information can be found in the configuration guide,
Modify Attribute Descriptions - CA Identity Manager - 12.6.07 - CA Technologies Documentation
CA Tech Support
Thanks RinatM for your help
I guess you have clear how to create the directory and provisioning direcotorio. Do you require a step-by-step description?
or just you need to know which configuration files must be modified in JBOSS