We have installed CA Identity Manager and integrated it with our existing CA Single Sign-On environment, and after we have defined the 4.x agent for the connection. When the IM server starts and loads the User Store configuration, it connects to the Policy Server to get some configuration from the Policy Store, and the Policy Server logs reports those error :
[IMS6DsLdapProvider.cpp:7340][ERROR][sm-log-00000] SetMetaData: GroupType is NONE, Attribute for Dynamic Groups Ignored.
[IMS6DsLdapProvider.cpp:8555][ERROR][sm-log-00000] (CIMSDsLdapProvider::SetSelfSubscribingGroupBehavior) No property sections found
Why do we have these errors ? How can we solve this ?
These errors indicate that IDM is searching for objects in the Policy Store that do no exist. Also, when using AdminUI you can see the following errors when trying to create some objects, like a Domain:
Failed to execute ModifyPolicyEvent. ERROR MESSAGE: SmApiWrappedException:Class CA.SM::UserPolicy does not have attribute CA.SM::UserPolicy.IMSEnvironmentLink
This situation can happen when there was a problem when extending the Policy Store with the IDM objects, or if it was not done at all.
You need to import the IDM objects by running the XPSDDInstall tool for the IdmSmObjects.xdd file which is located in the Policy Server \xps\dd folder, and restart the Policy Server. If you already performed that step, check the XPSDDInstall logs to see if there was a problem at the time of the execution.
You have to import also some IDM data structure to the Policy Store to complete the integration. Check the appropriate file to import from "policystore-schema" folder on the IDM server.
On Linux, they're located here :
You'll get them by installing the "Identity Manager Administrative Tools" from the Identity Manager server installer.