siteminder indexes are broken

book

Article ID: 141955

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We'd like to know the best approach to recover an ODSEE LDAP Policy
Store replica, which data and indexes are broken.

We followed those steps :

  1. Point Policy server 1 to Policy store 1 that needs to be
     recovered and shut down policy server 2
  2. Run policy server configuration wizard and initialize policy
     store 1 indstance.
  3. Run XPSImport and import all objects from policy store 2.
  4. Enable replication from PS2 to PS1 and PS2 to PS1
  5. Then init-repl-agmt from PS2 to PS1 first. Once completed then do
     it from PS1 to PS2 (I did not do this in my earlier attempts).

 

 

Environment

 

Policy Server 12.52SP1 on RedHat 6;
Policy Store on LDAP ODSEE 11.1.1.7;

 

Resolution

 

At first glance, as the Policy Store 2 runs find and the data /
indexes are healthy, then I would recommend you to initialize the
Policy Store 1 from scratch and make it as replica of Policy
Store 2. As the Policy Store 1 will be a replica of the Policy Store
2, you don't have to fully configure it as Policy Store, but as a
replica which should get the data from the Policy Store 2.

Configure an Oracle Directory Server as a Policy Store

  Oracle Directory Server Enterprise Edition Considerations

    Replicate an Oracle Directory Server Enterprise Edition Policy
    Store

      A UserRoot and a PolicySvr4 database is created. The PolicySvr4
      database has suffix mappings pointing to it. To replicate this
      policy store, set up a replication agreement for the PolicySvr4
      database directory.

      Note: More information about a replication agreement, see the
      Oracle .

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-an-oracle-directory-server-as-a-policy-store.html

Consider also to apply on the ODSEE ldap server the latest patches
availalble for the version you run.