Using a Router DSA inside Identity Manager to relay data to your Corporate user stores
search cancel

Using a Router DSA inside Identity Manager to relay data to your Corporate user stores

book

Article ID: 6040

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

When Identity Manager is setup with Multiple CA Directories User Stores if the primary host in the IM Directory XML becomes unavailable there is a delay in switching over to the secondary User Store. The slowness will not be just temporary but will persist until the primary host becomes available again.

Environment

Identity Manager setup with CA Directory as the Corporate User Stores

Resolution

1)       Create Router DSA using a command similar to this ----     Dxnewdsa -trouter CorporateRouter 11389 “o=CA Technologies,c=US”


Adjust the command to match your specific environment. You will need to set the prefix to match your data DSA’s but you need to go back one group. You can verify your current prefix by opening the dxc file (C:\Program Files\CA\Directory\dxserver\config\knowledge) that belongs to your data DSA’s.

**Notice that the prefix in the command is backwards when compared to the .dxc files see images below**

 

Data prefix example

Router prefix example

1) Stop all DSA’s so we can make edits to the files. Run the command dxserver stop all

 

2) Once Router DSA is created open the CorporateRouter.dxc which can be found here ("C:\Program Files\CA\Directory\dxserver\config\knowledge\CorporateRouter.dxc") and add the line “trust-flags   = allow-check-password, trust-conveyed-originator” (remove the quotes)

3)   You also need to add this line to ALL the Data DSA’s DXC file. This can be found in the same location as step 4. (C:\Program Files\CA\Directory\dxserver\config\knowledge\CorporateUserStore.dxc)
(C:\Program Files\CA\Directory\dxserver\config\knowledge\CorpStore2.dxc)

 

*** Please ensure that this line is added AFTER auth-levels for BOTH data and router DSA’s. The order matters or it will throw an error ***

4) Create a .dxg file inside the following location (C:\Program Files\CA\Directory\dxserver\config\knowledge\)  that contains the source of each .dxc For example the file would contain the following.

source "CorporateUserStore.dxc";
source "CorporateRouter.dxc";
source "CorpStore2.dxc";

To easily create the DXG file you can copy an existing DXC file type and change simply change the extension to a DXG. Then once you open the file you can clear the content and imput the sourcing which you can find above.

5) Go to the following location (C:\Program Files\CA\Directory\dxserver\config\servers) Open each dxi file for the data DSA’s and the router DSA and modify the # Knowledge section to source the .dxg file we created in step 6. See image below. 


6) Run dxsyntax if there are no errors run the command dxserver start all

7) Log into the IM Management console. Export the Corporate User store. Open the export and adjust the segment “Connection host” to fit your newly created router DSA. Import the adjusted Corporate User store file. (In case of any issues please keep a backup of the 

You can also make the service start on failure as this DSA should never fail or have difficulties restarting. However if it does the service would then bounce right back up.

Attachments

1558707785396000006040_sktwi1f5rjvs16qtg.png get_app
1558707783691000006040_sktwi1f5rjvs16qtf.png get_app
1558707781832000006040_sktwi1f5rjvs16qte.png get_app
1558707780123000006040_sktwi1f5rjvs16qtd.png get_app
1558707778201000006040_sktwi1f5rjvs16qtc.png get_app
1558707776163000006040_sktwi1f5rjvs16qtb.png get_app
Powered by Wolken Software