Bill_Patton

So... you want to create an identity manger corporate directory using ca directory

Blog Post created by Bill_Patton Employee on Jul 17, 2015

You can use this process, It is the one that I use when I create my test environment

You can also download the schema file here:

idmPerson.dxc


you will need to run the dxnewdsa command, here is the example:

 

dxnewdsa [-t type] [-l dblocation] [-s dbsize] dsaname port [prefix]

 

here is my typical command:

dxnewdsa -tdata -s500 imcorpstore 5000 ou=people,dc=im,dc=corpstore

 

After Creation check the imcoprstore.dxi
# operational settings
source "../settings/default.dxc";

open the settings file and check for:
# security controls
set min-auth = none;

Open the imcorpstore.dxc and check for:
    auth-levels   = anonymous,

Open jexplorer and connect

create an extended schema for IM:
create a file in:
D:\Program Files\CA\Directory\dxserver\config\schema

called:
idmPerson.dxc

 

Populate it with this data all the way down to the next set of double hashtags:

Or download a copy of the schema file from the link at the start of this post.

#########################################################
## Start IDMPerson attributes
#########################################################
#########################################################
## Start user attributes  Next attribute UID :205
#########################################################

schema set attribute (1.3.6.1.4.1.2552.2.2.3.200) = {
name = IDMAdminRoles
ldap-names = IDMAdminRoles
syntax = caseIgnoreString
multi-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.201) = {
name = IDMDisabled
ldap-names = IDMDisabled
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.202) = {
name = IDMForgottenQuestions
ldap-names = IDMForgottenQuestions
syntax = caseIgnoreString
multi-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.203) = {
name = IDMPasswordData
ldap-names = IDMPasswordData
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.204) = {
name = IDMIdentityPolicy
ldap-names = IDMIdentityPolicy
syntax = caseIgnoreString
multi-valued
};
#########################################################
## Stop user attributes
#########################################################
#########################################################
## Start Group attributes Next attribute UID :304
#########################################################
schema set attribute (1.3.6.1.4.1.2552.2.2.3.300) = {
name = IDMSelfSubscribing
ldap-names = IDMSelfSubscribing
syntax = caseIgnoreString
multi-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.301) = {
name = IDMDynamicGroupMembership
ldap-names = IDMDynamicGroupMembership
syntax = caseIgnoreString
multi-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.302) = {
name = IDMNestedGroupMembership
ldap-names = IDMNestedGroupMembership
syntax = caseIgnoreString
multi-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.303) = {
name = IDMAdminGroupAdmin
ldap-names = IDMAdminGroupAdmin
syntax = caseIgnoreString
multi-valued
};
#########################################################
## Stop Group attributes
#########################################################
#########################################################
## Start Custom attributes Next attribute UID :410
#########################################################
schema set attribute (1.3.6.1.4.1.2552.2.2.3.400) = {
name = idmCustom01
ldap-names = idmCustom01
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.401) = {
name = idmCustom02
ldap-names = idmCustom02
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.402) = {
name = idmCustom03
ldap-names = idmCustom03
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.403) = {
name = idmCustom04
ldap-names = idmCustom04
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.404) = {
name = idmCustom05
ldap-names = idmCustom05
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.405) = {
name = idmCustom06
ldap-names = idmCustom06
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.406) = {
name = idmCustom07
ldap-names = idmCustom07
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.407) = {
name = idmCustom08
ldap-names = idmCustom08
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.408) = {
name = idmCustom09
ldap-names = idmCustom09
syntax = caseIgnoreString
single-valued
};
schema set attribute (1.3.6.1.4.1.2552.2.2.3.409) = {
name = idmCustom10
ldap-names = idmCustom10
syntax = caseIgnoreString
single-valued
};
#########################################################
## Stop Custom attributes
#########################################################
#########################################################
## End of idmPerson attributes
#########################################################

#########################################################
## idmPerson object class (optional)
#########################################################

schema set object-class (1.3.6.1.4.1.2552.2.2.3.0) = {
name = IDMPerson
ldap-names = IDMPerson
subclass-of inetOrgPerson
may-contain
  IDMAdminRoles,
  IDMDisabled,
  IDMForgottenQuestions,
  IDMPasswordData,
  IDMIdentityPolicy,
  idmCustom01,
  idmCustom02,
  idmCustom03,
  idmCustom04,
  idmCustom05,
  idmCustom06,
  idmCustom07,
  idmCustom08,
  idmCustom09,
  idmCustom10
};

#########################################################
## End of idmPerson object class
#########################################################

#########################################################
## idmGroup object class (optional)
#########################################################

schema set object-class (1.3.6.1.4.1.2552.2.2.3.250) = {
name = IDMGroup
ldap-names = IDMGroup
subclass-of groupOfUniqueNames
may-contain
  IDMSelfSubscribing,
  IDMAdminGroupAdmin,
  IDMNestedGroupMembership,
  IDMDynamicGroupMembership
};

#########################################################
## End of idmGroup object class
#########################################################

 

 

Open:
D:\Program Files\CA\Directory\dxserver\config\servers\imcorpstore.dxi


under this line:
# schema
source "../schema/default.dxg";

Add:
source "../schema/idmPerson.dxc";

in the command line run:
dxserver init imcorpstore

Open with jexplorer

Add a new user:
uid=superadmin
Class:
IDMPerson
inetOrgPerson
organizationPerson
person
top

in the password field, specify a password.
Specify SN and CN also

add a groups OU
ou=groups
Classes: organizationalUnit
          top

On the IM server in:
D:\Program Files (x86)\CA\Identity Manager\IAM Suite\Identity Manager\tools\directoryTemplates\eTrustDirectory

copy: directory.xml and rename the copy as idmcorpstore.xml

Open the file and change:
Change this line:
<ImsManagedObject name="User" description="My Users" objectclass="top,person,organizationalperson,inetorgperson" objecttype="USER">

To include:

<ImsManagedObject name="User" description="My Users" objectclass="top,person,organizationalperson,inetorgperson,IDMPerson" objecttype="USER">


Change these attributes:

##DISABLED_STATE        to: IDMDisabled
##ADMIN_ROLE_CONSTRAINT to: IDMAdminRoles
##PASSWORD_HINT         to: IDMForgottenQuestions
##PASSWORD_DATA         to: IDMPasswordData
##IDENTITY_POLICY       to: IDMIdentityPolicy

##SELF_SUBSCRIBING_FLAG     to: IDMSelfSubscribing
##DYNAMIC_GROUP_MEMBERSHIP  to: IDMDynamicGroupMembership
##NESTED_GROUP_MEMBERSHIP   to: IDMNestedGroupMembership
##ADMIN_GROUP_ADMIN         to: IDMAdminGroupAdmin

Anything that has a:
<DataClassification name="sensitive"/>
paste this below it:
<DataClassification name="AttributeLevelEncrypt"/>

Import the directory.xml

Outcomes