Using a Router DSA inside Identity Manager to relay data to your Corporate user stores

Document ID : KB000006040
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When Identity Manager is setup with Multiple CA Directories User Stores and the primary node goes down. There is a delay in switching over to the secondary User Store. 

Environment:
Identity Manager setup with CA Directory as the Corporate User Stores
Resolution:

1)       Create Router DSA using a command similar to this ----     Dxnewdsa -trouter CorporateRouter 11389 “o=CA Technologies,c=US”

dx install command.png

Adjust the command to match your specific environment. You will need to set the prefix to match your data DSA’s but you need to go back one group. You can verify your current prefix by opening the dxc file (C:\Program Files\CA\Directory\dxserver\config\knowledge) that belongs to your data DSA’s.

**Notice that the prefix in the command is backwards when compared to the .dxc files see images below**

 

Data prefix example

Data prefix.png

Router prefix example

Router Prefix.png

1½) Stop all DSA’s so we can make edits to the files. Run the command dxserver stop all

 

1   2) Once Router DSA is created open the CorporateRouter.dxc which can be found here ("C:\Program Files\CA\Directory\dxserver\config\knowledge\CorporateRouter.dxc") and add the line “trust-flags   = allow-check-password, trust-conveyed-originator” (remove the quotes)

 

     3)    You also need to add this line to ALL the Data DSA’s DXC file. This can be found in the same location as step 4. (C:\Program Files\CA\Directory\dxserver\config\knowledge\CorporateUserStore.dxc)

(C:\Program Files\CA\Directory\dxserver\config\knowledge\CorpStore2.dxc)

 

*** Please ensure that this line is added AFTER auth-levels for BOTH data and router DSA’s. The order matters or it will throw an error ***

Step3 Sample.png

4) Create a .dxg file inside the following location (C:\Program Files\CA\Directory\dxserver\config\knowledge\)  that contains the source of each .dxc For example the file would contain the following

 

 

source "CorporateUserStore.dxc";

source "CorporateRouter.dxc";

 

source "CorpStore2.dxc";

DXG Sourcing.png

To easily create the DXG file you can copy an existing DXC file type and change simply change the extension to a DXG. Then once you open the file you can clear the content and imput the sourcing which you can find above.

5) Go to the following location (C:\Program Files\CA\Directory\dxserver\config\servers) Open each dxi file for the data DSA’s and the router DSA and modify the # Knowledge section to source the .dxg file we created in step 6. See image below. 

Step 5 sample.png

6) Run dxsyntax if there are no errors run the command dxserver start all

7) Log into the IM Management console. Export the Corporate User store. Open the export and adjust the segment “Connection host” to fit your newly created router DSA. Import the adjusted Corporate User store file. (In case of any issues please keep a backup of the 

You can also make the service start on failure as this DSA should never fail or have difficulties restarting. However if it does the service would then bounce right back up.