SM is unable to startup properly in R12.7. Giving errors
Article ID: 131317
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
AXIOMATICS POLICY SERVER
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
When we start our Policy Server using start-all command, the Policy
Server logs reports the error :
smps.log
[41699/140663148173088][Thu Mar 14 2019
16:07:13][SmLdapBulkSearch.cpp:749][InitReadsVLV][ERROR][sm-xpsxps-01080]
Error occurred during "SearchExt" for
"(&(xpsNumber=*)(!(xpsTombstone=*)))", text: Timed out
and as such the Policy Server doesn't work. How can we fix this ?
Server logs reports the error :
smps.log
[41699/140663148173088][Thu Mar 14 2019
16:07:13][SmLdapBulkSearch.cpp:749][InitReadsVLV][ERROR][sm-xpsxps-01080]
Error occurred during "SearchExt" for
"(&(xpsNumber=*)(!(xpsTombstone=*)))", text: Timed out
and as such the Policy Server doesn't work. How can we fix this ?
Environment
Policy Server 12.7SP0CR0 on RedHat 6;
Policy Store on Oracle Directory Server 11.1.1.7.0;
Policy Store on Oracle Directory Server 11.1.1.7.0;
Resolution
Upgrade the Oracle Directory Server to 11.1.1.7.1 or higher to fix
index problems :
5 Resolved Issues
Table 2 Issues Resolved in Release 11g Release 1 (11.1.1.7.1)
16737497 DSCONF REINDEX SUFFIX BREAKS ANCESTORID INDEX
http://docs.oracle.com/cd/E29127_01/doc.111170/e58086/toc.htm
also referenced in :
How to Tune Oracle Directory Server for Policy Store
https://communities.ca.com/docs/DOC-231148987
Then integrate the indexes to the Policy Store data following the
documentation :
5. Edit the following ldif file:
policy_server_home/xps/db/OracleDirectoryServerBrowse.ldif
6. Confirm that the LDAP directory contains the following path
before proceeding (replace the Root DN below with your own Root
DN):
ou=xps,ou=PolicySvr4,ou=siteminder,ou=netegrity<Root_DN>
Edit the following LDIF file by putting the <root dn> value from
the previous step into the two places where the file has the
value of <root dn>:
v policy_server_home/xps/db/OracleDirectoryServerBrowser.ldif
7. Run the following command:
smldapsetup ldmod -fOracleDirectoryServerBrowse.ldif -v
- Rebuild the indexes :
Configure an Oracle Directory Server as a Policy Store
dsconf reindex -h localhost -p port_number -e "ou=Netegrity,root_dn"
dsadm reindex -bl -t "Sort xpsSortKey" Instance_Path policysvr4
dsadm reindex -bl -t "Sort modifyTimestamp" Instance_Path policysvr4
dsadm reindex -b -t xpsNumber -t xpsValue -t xpsSortKey -t
xpsCategory –t xpsParameter -t xpsIndexedObject -t xpsTombstone
instance_path policysvr4
https://docops.ca.com/ca-single-sign-on/12-7/en/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-an-oracle-directory-server-as-a-policy-store
index problems :
5 Resolved Issues
Table 2 Issues Resolved in Release 11g Release 1 (11.1.1.7.1)
16737497 DSCONF REINDEX SUFFIX BREAKS ANCESTORID INDEX
http://docs.oracle.com/cd/E29127_01/doc.111170/e58086/toc.htm
also referenced in :
How to Tune Oracle Directory Server for Policy Store
https://communities.ca.com/docs/DOC-231148987
Then integrate the indexes to the Policy Store data following the
documentation :
5. Edit the following ldif file:
policy_server_home/xps/db/OracleDirectoryServerBrowse.ldif
6. Confirm that the LDAP directory contains the following path
before proceeding (replace the Root DN below with your own Root
DN):
ou=xps,ou=PolicySvr4,ou=siteminder,ou=netegrity<Root_DN>
Edit the following LDIF file by putting the <root dn> value from
the previous step into the two places where the file has the
value of <root dn>:
v policy_server_home/xps/db/OracleDirectoryServerBrowser.ldif
7. Run the following command:
smldapsetup ldmod -fOracleDirectoryServerBrowse.ldif -v
- Rebuild the indexes :
Configure an Oracle Directory Server as a Policy Store
dsconf reindex -h localhost -p port_number -e "ou=Netegrity,root_dn"
dsadm reindex -bl -t "Sort xpsSortKey" Instance_Path policysvr4
dsadm reindex -bl -t "Sort modifyTimestamp" Instance_Path policysvr4
dsadm reindex -b -t xpsNumber -t xpsValue -t xpsSortKey -t
xpsCategory –t xpsParameter -t xpsIndexedObject -t xpsTombstone
instance_path policysvr4
https://docops.ca.com/ca-single-sign-on/12-7/en/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-an-oracle-directory-server-as-a-policy-store
Feedback
Yes
No
Powered by
