Symantec Access Management

  • Private Community
 View Only

 Unable to create policy store branch under root DN

Peter Birk's profile image
Peter Birk posted Jul 14, 2022 03:20 PM
Hello.  I'm new to SiteMinder and trying to install it for development purposes right now.   I'm installing SiteMinder Policy Server 12.8.06a on Windows Server 2016 10.0.14393.  I've read through the documentation and have tried many combinations of root DN and Admin DN, etc..   I continue getting the following error in the installation logs.

LDAPError: 64. LDAP error 64. Naming violation
Unable to create policy store branch under root DN

If I run the smldapsetup with -v to get a little more info, this is what comes out..

C:\Program Files\CA\siteminder>"C:\Program Files\CA\siteminder\bin\smldapsetup" ldmod -fsmldap.ldif "-iCN=Administrator,CN=Users,CN=Configuration,CN={FC60E3B4-C81D-4EAB-A22E-49C85B09118E}" -v

mode: ldmod

host: WSAMZN-JOFHMFTR.corp.amazonworkspaces.com
port: 389
root: CN=SiteMinder,DC=SAIX,DC=COM
admindn: CN=Administrator,CN=Users,CN=Configuration,CN={FC60E3B4-C81D-4EAB-A22E-49C85B09118E}
adminpw: xxxxxxxxxxx
ldif: smldap.ldif
tool: ldapmodify
ssl: 0
certdb:

--------------- Verifying LDAP settings ---------------

Directory Server: 'Active Directory Application Mode' (10)

Creating SiteMinder policy branch under root DN 'CN=SiteMinder,DC=SAIX,DC=COM'...
LDAPError: 64. LDAP error 64. Naming violation
Unable to create policy store branch under root DN


I have tried pointing the root DN to CN=Configuration,CN={FC60E3B4-C81D-4EAB-A22E-49C85B09118E} and CN=Schema,CN=Configuration,CN={FC60E3B4-C81D-4EAB-A22E-49C85B09118E} with no luck there either.. 

The CN=SiteMinder,DC=SAIX,DC=COM DN is an application partition I created when creating the Active Directory LDS instance.   I've updated the setting for ADAMAllowADAMSecurityPrincipalsInConfigPartition=1.  

The Admin DN I'm using is CN=Administrator,CN=Users,CN=Configuration,CN={FC60E3B4-C81D-4EAB-A22E-49C85B09118E} which I created in the Configuration partition per the instructions..   I added this to the Administrators Role in the same partition..   I also added this to the Administrators Role in the Application Partition.  

I think I'm missing someone in the LDAP setup regarding how to allow the Schema update.   I have updated a local Registry key per some instructions I found as well to "Allow Schema Updates = 1"..    Any ideas what I need to change to allow the policy store branch to be created under the root DN?   Thanks!