search cancel

Getting the error "(CIMSDsLdapProvider::SetSelfSubscribingGroupBehavior) No property sections found" after integrating CA SSO/Siteminder with CA Identity Manager


Article ID: 7236


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We have installed CA Identity Manager and integrated it with our existing CA Single Sign-On environment, and after we have defined the 4.x agent for the connection. When the IM server starts and loads the User Store configuration, it connects to the Policy Server to get some configuration from the Policy Store, and the Policy Server logs reports those error :

[IMS6DsLdapProvider.cpp:7340][ERROR][sm-log-00000] SetMetaData: GroupType is NONE, Attribute for Dynamic Groups Ignored.
[IMS6DsLdapProvider.cpp:8555][ERROR][sm-log-00000] (CIMSDsLdapProvider::SetSelfSubscribingGroupBehavior) No property sections found


Why do we have these errors ? How can we solve this ?


Policy Server : R12.6.1 on RHEL7Identity Manager : R14 on RHEL7


These errors indicate that IDM is searching for objects in the Policy Store that do no exist. Also, when using AdminUI you can see the following errors when trying to create some objects, like a Domain:

Failed to execute ModifyPolicyEvent. ERROR MESSAGE: SmApiWrappedException:Class CA.SM::UserPolicy does not have attribute CA.SM::UserPolicy.IMSEnvironmentLink

This situation can happen when there was a problem when extending the Policy Store with the IDM objects, or if it was not done at all.


You need to import the IDM objects by running the XPSDDInstall tool for the IdmSmObjects.xdd file which is located in the Policy Server \xps\dd folder, and restart the Policy Server. If you already performed that step, check the XPSDDInstall logs to see if there was a problem at the time of the execution.

You have to import also some IDM data structure to the Policy Store to complete the integration. Check the appropriate file to import from "policystore-schema" folder on the IDM server.

On Linux, they're located here :


You'll get them by installing the "Identity Manager Administrative Tools" from the Identity Manager server installer.


Additional Information

CA Identity Manager Roles and Access Control - Integration