I am trying to configure an external admin store for my policy server, using openLDAP server.
When I try to set up the connection to the external admin store something goes wrong:
cn=Manager,dc=company,dc=com is the administrator for my slapd, I can bind successfully using this DN & password.
However, when I use "cn=Manager,dc=company,dc=com" & password I get an unexpected error: This cn=Manager has maximal privileges.
I am trying to add an external admin store so that I can create a new admin user to administrate the SiteMinder SPS Proxy UI. Please let me know what I might be doing wrong.
Try to the connect ldap with different ldap super admin account.
or try to create Admin users using XPSSecurity and try to move them to external store using SM AdminUI.
I have verified that cn=Manager should be able to make an ldap connection using JXplorer. I have created a user called spsadmin and given them appropriate access rights to the LDAP database. Spsadmin can read/write the contents of dc=company,dc=com.
No matter what, I see the error above when trying to configure an openLDAP external administrator store.
Can you elaborate on your second suggestion? I have not been able to locate XPSSecurity in the policyserver/bin directory - where does it live?
XPSSecurity should be in installation/bin, if its not there, you find it under the directory where you have extracted the .zip you downloaded for policy server.
run XPSSecurity without options
it would bring up menu, select new admin
create the admin
then go to adminui,
under adminstrators, look for configuration... follow the steps to move the admin to external store
How did you configure your policy store?
use smconsole to check whether you are able to connect to the policy store. If you are able to open jxplorer, under policysvr4, you should be able to see SmAdmin4, which should have a GUID starting with 12...
I would love to do this - but I can't manage to connect to an external admin store. I have been trying to use my policy-store as an external admin store but the system keeps rejecting it - it validates the user's credentials but then says that some error has kept the process from completing...
This works for me, I know my policy store works OK [I use it for BASIC HTTP AUTH with a simple webagent, seems to work OK]. I just need to configure an external admin store, in order to be able to define an administrator to log into the SPS Proxy UI....
What objects must exist inside of an OpenLDAP directory to support its use as an External Administrator Store?