Symantec Access Management

  • Private Community
 View Only

  • 1.  Siteminder 12.52: External Admin Store

    Posted Aug 11, 2015 12:27 PM

    Good afternoon,

     

    I am trying to configure an external admin store for my policy server, using openLDAP server.

     

     

    When I try to set up the connection to the external admin store something goes wrong:

    cn=Manager,dc=company,dc=com is the administrator for my slapd, I can bind successfully using this DN & password.

     

    However, when I use "cn=Manager,dc=company,dc=com" & password I get an unexpected error: This cn=Manager has maximal privileges.

     

    Error:
    An unexpected error occurred while querying the directory server, please check the connection details and try again.

     

    I am trying to add an external admin store so that I can create a new admin user to administrate the SiteMinder SPS Proxy UI. Please let me know what I might be doing wrong.



  • 2.  Re: Siteminder 12.52: External Admin Store

    Posted Aug 11, 2015 03:23 PM

    Try to the connect ldap with different ldap super admin account.

     

    or try to create Admin users using XPSSecurity and try to move them to external store using SM AdminUI.



  • 3.  Re: Siteminder 12.52: External Admin Store

    Posted Aug 11, 2015 03:50 PM

    I have verified that cn=Manager should be able to make an ldap connection using JXplorer. I have created a user called spsadmin and given them appropriate access rights to the LDAP database. Spsadmin can read/write the contents of dc=company,dc=com.

     

    No matter what, I see the error above when trying to configure an openLDAP external administrator store.

     

    Can you elaborate on your second suggestion? I have not been able to locate XPSSecurity in the policyserver/bin directory - where does it live?



  • 4.  Re: Siteminder 12.52: External Admin Store

    Posted Aug 11, 2015 04:09 PM

    XPSSecurity should be in installation/bin, if its not there, you find it under the directory where you have extracted the .zip you downloaded for policy server.

     

    run XPSSecurity without options

     

    it would bring up menu, select new admin

    create the admin

     

    then go to adminui,

     

    under adminstrators, look for configuration... follow the steps to move the admin to external store

     

    How did you configure your policy store?

     

    use smconsole to check whether you are able to connect to the policy store. If you are able to open jxplorer, under policysvr4, you should be able to see SmAdmin4, which should have a GUID starting with 12...



  • 5.  Re: Siteminder 12.52: External Admin Store

    Posted Aug 11, 2015 04:31 PM

    I would love to do this - but I can't manage to connect to an external admin store. I have been trying to use my policy-store as an external admin store but the system keeps rejecting it - it validates the user's credentials but then says that some error has kept the process from completing...

     

    use smconsole to check whether you are able to connect to the policy store. If you are able to open jxplorer, under policysvr4, you should be able to see SmAdmin4, which should have a GUID starting with 12...

    This works for me, I know my policy store works OK [I use it for BASIC HTTP AUTH with a simple webagent, seems to work OK]. I just need to configure an external admin store, in order to be able to define an administrator to log into the SPS Proxy UI....



  • 6.  Re: Siteminder 12.52: External Admin Store

    Posted Aug 11, 2015 03:58 PM

    What objects must exist inside of an OpenLDAP directory to support its use as an External Administrator Store?