CA SSO R12.8 Installation & Configuration queries

Document ID : KB000117752
Last Modified Date : 18/10/2018
Show Technical Document Details
Question:
We're setting the Policy Server registry to connect to the LDAP Policy
Store with a plain text password, then the Policy Server still can
connect to the LDAP Policy Store.

We'd like to know if this is as expected and the underlined reason for 
that behavior. 

In the Policy Server registry, we've modified the following 

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore=281504719 
AdminDN= cn=Directory Manager; REG_SZ 
AdminPW= {RC2}88/212fUIqNTlL0iZDPAJ4WgRuR8+juL; REG_SZ 

to 

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore=281504719 
AdminDN= cn=Directory Manager; REG_SZ 
AdminPW= password; REG_SZ 

and we can start the Policy Server as this one connects succesfully to 
the LDAP Policy Store still. 

smps.log 

[1539/140436049700672][Wed Oct 03 2018 16:22:57][SmObjProvider.cpp:243][INFO][sm-Server-02830] Initializing policy store provider 'LDAP:' 
[1539/140436049700672][Wed Oct 03 2018 16:22:57][SmObjProvider.cpp:282][INFO][sm-Server-02840] Loading of policy store provider extension DLL: 'smobjldapims' succeeded. 
[1539/140436049700672][Wed Oct 03 2018 16:22:57][SmLdapPs.cpp:253][INFO][sm-Ldap-02140] SSL client init will not be attempted - no certificate database defined 
[1539/140436049700672][Wed Oct 03 2018 16:22:58][smldaputils.cpp:523][INFO][sm-Ldap-00540] Opening policy store connection to LDAP server: ' 127.0.0.1:389 ' 
[1539/140436049700672][Wed Oct 03 2018 16:22:58][SmLdapBulkSearch.cpp:174][CreateRoot][INFO][sm-xpsxps-01160] LDAP Provider Info String = Sun-Directory-Server/11.1.1.7.171017 B2017.1007.1406 
[1539/140436049700672][Wed Oct 03 2018 16:22:58][SmLdapBulkSearch.cpp:228][CreateRoot][INFO][sm-xpsxps-01120] LDAP Provider Version: supportedLDAPVersion = 2 
[1539/140436049700672][Wed Oct 03 2018 16:22:58][SmLdapBulkSearch.cpp:228][CreateRoot][INFO][sm-xpsxps-01120] LDAP Provider Version: supportedLDAPVersion = 3 
[1539/140436049700672][Wed Oct 03 2018 16:22:58][SmLdapBulkSearch.cpp:236][CreateRoot][INFO][sm-xpsxps-01130] LDAP Provider Vendor: vendorName = Oracle Corporation 
[1539/140436049700672][Wed Oct 03 2018 16:22:58][SmLdapBulkSearch.cpp:228][CreateRoot][INFO][sm-xpsxps-01120] LDAP Provider Version: vendorVersion = Sun-Directory-Server/11.1.1.7.171017 
[1539/140436049700672][Wed Oct 03 2018 16:22:58][SmLdapBulkSearch.cpp:228][CreateRoot][INFO][sm-xpsxps-01120] LDAP Provider Version: dataversion = 020181003142123020181003142123 
 
Answer:
Indeed, if you put the password in plain text it will still be able to
connect to the Policy Store. This is as expected. And we recommend to
set it using the smconsole in order to have it encrypted. You can use
also smldapsetup command line to set it encrypted too. This facility
is there to help to make connection to the Policy Store when only
editing the sm.registry file is possible.