Summary:

How to configure CA Directory as a user store for Advanced Password Services (APS)

Instructions:

1. Extend the CA Directory schema for APS by copying the file CA_APS-eTrust80-user.dxc from the policy server home  <Siteminder_Home>/APS_Docs to CA directory server location: /dxserver/config/schema

2. Navigate to /dxserver/config/schema.

3. Source three files in the server-instance-name.dxg file in this directory by adding the following lines to the server-instance-name.dxg file: 

source "nsroaming.dxc";

source "sunone.dxc";

source "CA_APS-eTrust80-user.dxc";

4.  Stop then start the directory instance.

5.  Add the object class smapsInfo to each user in the directory.  Please consult your LDAP administrator or vendor for directions on how to do this in bulk.

6.  Run APSExpire from the Policy Server to set the smapsNextAction and smapsBaseDate attributes for each user in the directory.

a.      Edit the APS.cfg file on the policy server at /<policy-server-location>/bin

b.      Find the JOBONE parameter.

c.      Set JOBONE to the IP:port of the APS user directory.  (Ex:  JOBONE=10.130.110.73:1489)

d.      Run APSExpire from the command line on the policy server:

$ APSExpire JOBONE –v –lapsexpire_log.txt –oapsexpire_out.txt –e apsexpire_errors.txt

 e.      View the three logs created to confirm there are no errors.

Examples of APS specific user attributes:

<Please see attached file for image>