r12.0 SP3: Problem with Siteminder configuration commands & DXmanager XML configuration.

Document ID : KB000051348
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

There has been a problem determined when customers are using CA Directory r12.0 SP2 along with using DXmanager. If the customer adds the siteminder configuration commands "concurrent-bind-user", "mimic-netscape-for-siteminder" and "ignore-name-bindings", then upgrades the Directory installation to r12.0SP3, then there is a chance that the DSA's will encounter a syntax error and not start. This tech doc walks you through a scenario where this occurs, and then provide the solution to the issue.

Solution

Scenario

  • A customer has installed CA Directory Management (DXmanager) and Directory (DXserver) packages on a host. The installed version is r12.0SP2 or lower.
  • The customer uses DXmanager to configure and deploy several namespaces and instantiate DSA on the Directory server host.
  • Once the DXmanager configuration is deployed and the DSA's created on the directory host, the users add the Siteminder configuration flags to the END of the DSA's initialization file (after the XML knowledge file sourcing).
      # CA DXserver## Initialization file written by DXmanager# # logging and tracingsource "../logging/dxmanager.dxc"; # schemaclear schema;source "../schema/dxmanager.dxg"; # operational settingssource "../settings/dxmanager.dxc"; # service limitssource "../limits/dxmanager.dxc"; # ssl source "../ssld/dxmanager.dxc"; # access controlsclear access;source "../access/dxmanager.dxc"; # knowledgeclear dsas;source "../dsaconfig.xml"; set mimic-netscape-for-siteminder=true;set concurrent-bind-user=<c AU><o Democorp><ou Corporate><ou Administration><cn "Craig LINK">;set ignore-name-bindings=true;  
  • The customer then stops the DSA, runs DXsyntax to ensure that there are no syntax errors, then starts the DSAs. This ensures that there are no problems with the DSAs configuration.
  • The customer then upgrade just the Directory (DXserver) package to r12.0 SP3 (build: r12.0.4346), and then attempts to start the DSA.
  • At this point the DSA failed to start and generated the following messages in the DSAs warn log:
    [44] 20100608.123719.106 ERROR : Syntax Error: Line 31 in C:\ProgramFiles\CA\Directory\dxserver\config\servers\Democorp-Master.dxi near '='old-style item 'concurrent-bind-user' defined, can only be set by XMLconfiguration (DXManager)[44] 20100608.123719.106 ERROR : Syntax Error: Line 32 in C:\ProgramFiles\CA\Directory\dxserver\config\servers\Democorp-Master.dxi near 'true'old-style item 'ignore-name-bindings' defined, can only be set by XMLconfiguration (DXManager)[44] 20100608.123719.106 WARN : Disabling cache prior to exit 

Root Cause

The issue is occurring due to a problem with the DSA configuration parsing routines.

Solution

The solution is to relocate the three configuration items (above in red) to a location BEFORE the DSAs knowledge is sourced. e.g.

 # CA DXserver## Initialization file written by DXmanager# # logging and tracingsource "../logging/dxmanager.dxc"; # schemaclear schema;source "../schema/dxmanager.dxg"; # operational settingssource "../settings/dxmanager.dxc"; set mimic-netscape-for-siteminder=true;set concurrent-bind-user=<c AU><o Democorp><ou Corporate><ou Administration><cn "CraigLINK">;set ignore-name-bindings=true; # service limitssource "../limits/dxmanager.dxc"; # ssl source "../ssld/dxmanager.dxc"; # access controlsclear access;source "../access/dxmanager.dxc"; # knowledgeclear dsas;source "../dsaconfig.xml";   

Once the DXI file has been saved, simply stop and start the DSA.