Tech Tip : CA Single Sign-On : Policy Server::: Unable to pick up correct directory server type during PolicyStore Setup

Document created by Mukund Kalidasa Mallar Employee on Sep 8, 2017Last modified by Mukund Kalidasa Mallar Employee on Sep 8, 2017
Version 2Show Document
  • View in full screen mode

Issue Summary:

SSO Policy server fails to recognize the correct directory server type being registered while executing "smldapsetup" command during Policy store setup.

Executing "smldapsetup ldgen -fsample.ldif" during the policy store setup creates a 0KB output sample.ldif file.



  • Policy Server - 12.7
  • Policy Store - Microsoft Active Directory LDS
  • Operation system : Windows 2012 R2




This is identified to be a defect in version 12.7. SE is working on a fix.


Resolution / Workaround:

smldapsetup command provides few options for standard directory servers that can be configured with Single Sign On for policy storage.


Screenshot from smldapsetup:


smldapsetup can be executed with an argument "-m[n]" during the setup, where n will be the type number against your policy store type being used.

E.g. smldapsetup ldgen -fsample.ldif -m[10], where 10 is the directory type for AD LDS. This type number shows <win 2008> but can be used for <win2012> (tested) and then the command creates a valid schema output sample.ldif file.


Additional Information:

CA Internal :

  Defect # DE313293 - Dev fix available on Linux

  Defect # DE313845 - For Windows, fix is yet to be released.

2 people found this helpful