How to create DIT structure for CA SSO Policy Store without use of LDAP browser

Document ID : KB000103556
Last Modified Date : 27/06/2018
Show Technical Document Details
Question:
CA Directory as a Policy Store DSA for CA SSO.

Following link describes how to create a base tree structure via LDAP browser (e.g. JXplorer).

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/installing/install-a-policy-server/configure-ldap-directory-server-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-a-ca-directory-policy-store/

Is there a way to achieve the same without use of LDAP browser? e.g. can this be done via command line tool or SM Console?
Answer:
Not sure if this can be done via SM console. Somethign you might want to find out from CA SSO side. From CA Directory side, this can absoutely be done via command line tool 'dxmodify' (comes bundled with CA Directory product) OR you can even use open source ldapmodify tool.

Here is how:

Create a LDIF file with following content: (assuming your DSA prefix is <c US><o psdsa>)

dn: ou=Netegrity,o=psdsa,c=US
objectClass: organizationalUnit
ou: Netegrity

dn: ou=SiteMinder,ou=Netegrity,o=psdsa,c=US
objectClass: organizationalUnit
ou: SiteMinder

dn: ou=PolicySvr4,ou=SiteMinder,ou=Netegrity,o=psdsa,c=US
objectClass: organizationalUnit
ou: PolicySvr4

dn: ou=XPS,ou=PolicySvr4,ou=SiteMinder,ou=Netegrity,o=psdsa,c=US
objectClass: organizationalUnit
ou: XPS

Once done, while the Policy Store DSA is online, you can run the following (in add mode) from the system prompt:

dxmodify -a -h {hostname}:{port} -f filename.ldif

The above will create the required base structure for you. You will still need some sort of LDAP browser though to see and confirm the DIT being there.