Patrick-Dussault

Install CA Directory on RedHat 5

Blog Post created by Patrick-Dussault Employee on Oct 13, 2017

get CMD12165049E.ISO package

 

# mkdir -p /mnt/disk
# mount -o loop CMD12165049E.ISO /mnt/disk
# cd /mnt/disk
# ./dxinstall.sh

 

choose 1. Install Directory Management package (DXmanager, JXweb)
Specify the Java Binary to use [/etc/alternatives/java] /opt/jre1.6.0_22/bin/java
Do you want to change the directory ? (y/n) [n] enter
Please select an option (1,2,3,4,5) [2] enter
Enter the command required, or [Return] to quit. [] Proceed
Do you want to install the DXwebserver software? (y/n/i/q) [y] y
Enter a GID for etrdir, or leave blank to accept the system default []
Enter the login shell for the dsa account [/bin/csh] /bin/bash
Enter a UID for dsa, or leave blank to accept the system default []
The dsa account requires a password
New UNIX password : password
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password: password
Please specify the DXwebserver installation directory [/opt/CA/Directory/dxwebserver]
Do you want to change the directory ? (y/n) [n]
Do you want to specify the DXwebserver port numbers? (y/n) [n]
Do you want to start it now? (y/n) [y]
Do you want to install the DXmanager software (y/n/i/q) [y]
Enter the DXmanager Superuser name [dxmanager]
Enter DXmanager Superuser password: password
Confirm DXmanager Superuser password: password

 

get DVD11092737E.ISO

 

# mkdir -p /mnt/disk
# mount -o loop DVD11092737E.ISO /mnt/disk
# cd /mnt/disk
# ./dxinstall.sh

 

Please select an option (1,2,3,4,5) [2] enter
Enter the command required, or [Return] to quit. [] Proceed
Do you want to install the DXserver software? (y/n/i/q) [y] y
Please specify the DXserver installation directory [/opt/CA/Directory/dxserver]
Do you want to change the directory ? (y/n) [n]
Do you wish to setup DXadmind? (y/n) [y] n
Do you want to view the Readme file for this release? (y/n) [y] n

 

Install capki

 

# cd /mnt/disk/linux_x86/capki
# ./setup install caller=ETRDIR env=all verbose

 

Create a Policy Store :

 

# cd /opt/CA/Directory/dxserver
# export DXHOME=`pwd`
# cd bin/
# ./dxnewdsa ps12sp3cr08 10001 "dc=training,dc=com"

 

From the Policy Server, transfer the following files files to
/root/download

netegrity.dxc
etrust.dxc

# cp /root/download/*.dxc /opt/CA/Directory/dxserver/config/schema/
# cd /opt/CA/Directory/dxserver/config/schema/
# cp -p default.dxg ps12sp3cr08.dxg
# nano -w ps12sp3cr08.dxg

 

add at the very end of the file :
#CA Schema
source "netegrity.dxc";
source "etrust.dxc";
# cd ../servers/
# nano -w ps12sp3cr08.dxi

 

change
# schema
source "../schema/default.dxg";
to
# schema
source "../schema/ps12sp3cr08.dxg";

 

at the end of the file, add :
# cache configuration
set ignore-name-bindings=true;
# nano -w ../limits/default.dxc
change
set max-users = 255;
to
set max-users = 1000;
add
set credits = 5;
change
set max-local-ops = 100;
to
set max-local-ops = 1000;
change
set max-op-size = 200;
to
set max-op-size = 4000;

 

Be sure that everingthing is owned by dsa user created by the installer
# chown -R dsa:etrdir /opt/CA/Directory/dxserver/*
# chown -R dsa:etrdir /opt/CA/Directory/dxwebserver/*
# su - dsa
$ cd bin
$ ./dxserver start ps12sp3cr08

Configure the dxserver as Policy Store

connect host rh5-ps-2.training.com as anonymous
Base DN: dc=training,dc=com
OK
connect
in Explore
create under com - > training
New
Enter RDN: ou=Netegrity
select organizationalunit

OK
submit
refresh
under Netegrity
New
Enter RDN: ou=SiteMinder
select organizationalunit

OK
submit
refresh
under SiteMinder
New
Enter RDN: ou=PolicySvr4
select organizationalunit

OK
submit
refresh

create a user under dc=training,dc=com as cn=siteminder,dc=training,dc=com
cn of the user will be cn=siteminder
sn of the user will be sn=siteminder
edit the userpassword and set "password" as password
this user should have objectClass :

inetOrgPerson
organizationalPerson
person
top

 

Configure the connection to the Policy Store with

Admin Username : cn=siteminder,dc=training,dc=com
Password : password
Confirm Password : password
Root DN : dc=training,dc=com

c:\> smreg -su password
c:\> smobjimport -ihome\db\smdif\smpolicy.smdif -dsiteminder -wpassword -v
c:\> smobjimport -ihome\db\smdif\ampolicy.smdif -dsiteminder -wpassword -v -l -f -c
c:\> XPSDDInstall -ihome\xpd\dd\SmObjects.xdd
c:\> XPSDDInstall -ihome\xpd\dd\EPMObjects.xdd
c:\> XPSDDInstall -ihome\xpd\dd\SecCat.xdd
c:\> XPSDDInstall -ihome\xpd\dd\FssSmObjects.xdd
c:\> XPSRegClient siteminder:password -adminui-setup

Outcomes