Symantec Access Management

  • Private Community
Back to Library

Tech Tip : CA Single Sign-On : Policy Server starting slow with ODSEE Policy Store 

Mar 31, 2017 06:32 AM

Question:

We have configured our Policy Server with a ODSEE Policy Store automatically by using the Policy Server Configuration Wizard, and the Policy Server is taking a lot of time to start. We are seeing the following messages appearing in the database logs:

 

[01/Dec/2016:01:01:01 +0000] - WARNING<20805> - Backend Database - conn=3 op=1 msgId=2 - search is not indexed base='ou=xps,ou=policysvr4,ou=siteminder,ou=netegrity,o=sso' filter='(xpstombstones=*)' scope='sub'

 

[01/Dec/2016:01:01:01 +0000] conn=3 op=249 msgId=250 - VLV 0:1000:0:0 0:0 (0)
[01/Dec/2016:01:01:01 +0000] conn=3 op=249 msgId=250 - RESULT err=12 tag=101 nentries=0 etime=41 notes=U, Sort Response Control

 

Why do we have these messages?  Are there extra configuration steps that are needed?

Environment:

Policy Server : R12.52 SP1 Policy Store : ODSEE 11.1.1.7.0

Answer:

The warning message is to let you know that the search performed is not indexed, and this explains why the Policy Server could be slow when doing those searches. This is caused by missing VLV indexes needed by the ODSEE Policy Store.

 

On the Result you can see also: RESULT err=12 tag=101 nentries=0 etime=41 notes=U, Sort Response Control, and the notes=U indicates a missing index.

 

The Policy Server Configuration Wizard will configure the default objects and the main indexes, but not the VLV browsing indexes as they require to manually modify the OracleDirectoryServerBrowse.ldif file as your root DN must be specified in it before importing. These steps must be done manually and you can find them in the Policy Server installation guide:

 

Configure an Oracle Directory Server as a Policy Store
("Create the Policy Store Schema" - Steps 5 to 9)

 

5. Edit the following ldif file:

 

policy_server_home/xps/db/OracleDirectoryServerBrowse.ldif

 

6. Confirm that the LDAP directory contains the following path before proceeding (replace the Root DN below with your own Root DN):

 

ou=xps,ou=PolicySvr4,ou=siteminder,ou=netegrity<Root_DN>

 

7. Run the following command:

 

smldapsetup ldmod -fOracleDirectoryServerBrowse.ldif -v

 

8. Stop the database and re-index the vlv indexes with the following commands:

 

dsadm stop Instance_Path
dsadm reindex -bl -t "Sort xpsSortKey" Instance_Path policysvr4
dsadm reindex -bl -t "Sort modifyTimestamp" Instance_Path policysvr4

 

dsadm reindex -b -t xpsNumber -t xpsValue -t xpsSortKey -t xpsCategory –t xpsParameter -t xpsIndexedObject -t xpsTombstone instance_path policysvr4

 

9. Start the database with the following command:

 

dsadm start Instance_Path

Additional Information:

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.