Symantec Access Management

Tech Tip : CA Single Sign-On : Error importing CA Identity Manager Schema into CA SSO Policy Store

  • 1.  Tech Tip : CA Single Sign-On : Error importing CA Identity Manager Schema into CA SSO Policy Store

    Posted 06-04-2018 06:18 AM

    Issue:


    We're trying to integrate Identity Manager 14.1 with CA SSO.

    https://docops.ca.com/ca-identity-manager/14-1/EN/configuring/ca-single-sign-on-integration/integrate-ca-single-sign-on-with-ca-identity-manager/import-ca-identity-manager-schema-into-the-policy-store

     

    We've extended the policy store DSA as explained in the documentation
    with the etrust_ims8.dxc, and when I import the schema it fails with
    this error:

     

    tehrh976:UH00061:/products/siteminder/CA/xps/dd$ XPSDDInstall IdmSmObjects.xdd -vT

     

    [XPSDDInstall - XPS Version 12.52.0101.640]
    Log output: /products/siteminder/CA/log/XPSDDInstall.2018-04-28_205239.log
    Initializing database, please wait...
    (INFO) : [sm-xpsxps-00120] Initializing XPS Version 12.52.0101.640
    (INFO) : [sm-xpsxps-01160] LDAP Provider Info String = CA Directory
    (INFO) : [sm-xpsxps-01120] LDAP Provider Version: supportedLdapVersion = 3
    (INFO) : [sm-xpsxps-01120] LDAP Provider Version: dxServerVersion = dxserver 12.0.18 (build 12074) Linux 64-Bit
    (INFO) : [sm-xpsxps-01160] LDAP Provider Info String = CA Directory
    (INFO) : [sm-xpsxps-00560] Database Transactions are 0.
    (INFO) : [sm-xpsxps-00300] 1 Parameter(s) loaded from Policy Store, 1 total.
    (INFO) : [sm-xpsxps-00330] Caching Policy Data...
    (INFO) : [sm-xpsxps-00310] 4941 object(s) loaded from the Policy Store.
    (INFO) : [sm-xpsxps-00430] Policy Store ID is "0000d1d5-3b70-18a4-bb70-914b0a81a07e".
    (INFO) : [sm-xpsxps-06870] XPS Auditing is enabled.
    (INFO) : [sm-xpsxps-03460] No validation warnings will be logged (controlled by CA.XPS::$LogValidationWarnings).
    (INFO) : [sm-xpsxps-00150] XPS Initialized. (1344, 0, 0)
    (INFO) : [sm-xpsxps-00150] XPS Initialized.
    (INFO) : [sm-xobfed-02577] Successfully loaded smobjadapter.
    (INFO) : [sm-xpsxps-03981] Loading file IdmSmObjects.xdd, please wait...
    Saving data from IdmSmObjects.xdd, please wait...
    (ERROR) : [sm-xpsxps-00540] Previous error occurred on object "CA.SM::IMSDirectory.SearchMaxRows"
    (FATAL) : [sm-xpsxps-04140] Save failed.
    (INFO) : [sm-xpsxps-00160] Shutting down XPS...
    (INFO) : [sm-xpsxps-00160] Shutting down XPS...
    (INFO) : [sm-xpsxps-00210] Releasing SiteMinder object store connection to XPS...
    (INFO) : [sm-xpsxps-00180] Releasing XPS configuration cache...
    (INFO) : [sm-xpsxps-00240] XPS Shutdown Complete.

     

    We suppose it's needed before launching the IM installation of
    Extensions for CA SSO.

     

    How can we solve this ?

     

    Cause:

     

    The issue seems to be related to the object

     

    "CA.SM::IMSDirectory.SearchMaxRows"

    From the ldif we find this object :

    dn: xpsXID=CA.SM::IMSDirectory.SearchMaxRows,ou=XPS,ou=PolicySvr4,ou=SiteMi
    nder,ou=Netegrity,o=policystore,c=us
    objectClass: xpsXIDKey
    objectClass: top
    xpsXID: CA.SM::IMSDirectory.SearchMaxRows
    xpsIndexedObject: xpsNumber=0000004817,ou=XPS,ou=policysvr4,ou=siteminder,ou
    =netegrity,o=policystore,c=us
    creatorsName: cn=PolicyServerAdmin,o=policystore,c=us

    You can take another backup of your store, and then delete the object,
    and then try to run the import again:

    XPSDDInstall IdmSmObjects.xdd -vT

    Resolution:

     

    To solve the issue, delete entries starting with "dn:xpsXID=CA.SM::IMSDirectory*" and run XPSDDInstall IdmSmObjects.xdd -vT following the instruction given in Identity Manager to integrate with Policy Server and Store.


    KB : KB000099493