Symantec Access Management

Expand all | Collapse all

CA Directory 14.0

  • 1.  CA Directory 14.0

    Posted Jun 22, 2018 08:54 AM

    Hello,

     

    I have installed CA Directory 14.0 on RHEL and configured following components - Dxserver, dxagent and Management UI. Whenever a change (Edit DSA) is performed from Management UI, the same gets reflected on the server( DSA files). However, when I modify the DSA files directly on the server, the same doesn't get updated on the Management UI. This looks like an issue to me.

    After modifying any DSA file directly on the server, I do following -

    1. Restart DSA

    2. Restart dxagent

    3. Restart management UI service

     

    Is this an expected behavior or am I doing something wrong here?

            

    Thanks & Regards,

    Pankaj Negi 



  • 2.  Re: CA Directory 14.0

    Broadcom Employee
    Posted Jun 22, 2018 09:27 AM

    Hi Pankaj,

     

    From what I know , yes, this is an Expected behavior.  you either use the UI for the changes or perform manual changes.

    The CA Directory Team should give you more details on this.

     

    Regards 

    Joe 



  • 3.  Re: CA Directory 14.0

    Posted Jun 22, 2018 09:33 AM

    Hi Joe,

     

    Thank you very much for the response

    I believe changes should be allowed from the server as well but will wait for confirmation from CA Directory team.

    I am trying to configure CA Directory as Session store but not all configurations options are available in the UI (say, cache settings).

    To complete the configurations, I have to add the settings directly in the file. But, I am not sure if this will work as I cant see those in the management UI.

     

    Regards,
    Pankaj



  • 4.  Re: CA Directory 14.0

    Posted Jun 22, 2018 09:40 AM

    pn00455382 Pankaj

     

    The rule of thumb for management of CA Directory is decide which method to use to administration i.e. UI based or file based. If we opt UI based then all changes should be done via the UI. If we edit the file directly, and if and only if we edited the correct file, we could use reconcile option from the Management UI. But before reconcile, I'd also make sure by testing the functional aspect of the change that was done in the directory is working. The last thing we need is an improper change in one directory server to be reconciled to an environment.

     

    Manage Environments and Hosts - CA Directory - 14.0 - CA Technologies Documentation 
    • Reconcile environments: In some cases, due to changes made outside the Directory Management UI, the DSA configuration in the embedded directory might be different from the configuration of the counterparts of the actual hosts. In such scenarios, the reconcile environment option enables the configuration version in the embedded directory to be applied to the ones in actual hosts. 


  • 5.  Re: CA Directory 14.0

    Posted Jun 25, 2018 07:24 AM

    HubertDennis

    Hi,

    Thanks for the response.

    I tried the Reconcile option from management UI, however, I didn't achieve the expected result.

    On reconcile, changes from Managment UI are reflected in the files on the server. Which means, it gives precedence to management UI and overrides any changes which are done directly in the DSA files.

     

    However, I want to make changes directly in the file and later wants those changes on the management UI. Do you think that is doable?

     

    Thanks,

    Pankaj     



  • 6.  Re: CA Directory 14.0

    Posted Jun 29, 2018 06:26 AM

    Hello,

     

    Any suggestions, please.

     

    Thanks,

    Pankaj



  • 7.  Re: CA Directory 14.0

    Broadcom Employee
    Posted Jun 29, 2018 10:50 AM

    That has been my experience, either user CA directory management UI or administer CA directory through manual changes to configuration files. I mostly stick with manual changes to configuration files.

     

    Regards,

    Pablo.



  • 8.  Re: CA Directory 14.0

    Posted Jun 29, 2018 06:12 PM

    Hi Pablo,

     

    Thank you for sharing your experience.

     

    I feel that the product should allow users to do the changes from any source with an option to sync the configurations.  This can be useful when management UI is not working/slow etc. or so...

     

    Well, for now, I will have to settle with the manual changes then

     

    Thanks,

    Pankaj



  • 9.  Re: CA Directory 14.0
    Best Answer

    Posted Jul 05, 2018 11:06 AM

    You could raise an enhancement request to CA. 

     

    After proper analysis, CA might resolve this in further releases of CA directory.

     

    Thanks.



  • 10.  Re: CA Directory 14.0

    Broadcom Employee
    Posted Jul 05, 2018 03:41 PM

    Hi Nikunj

     

    Per CA Technologies' new policy, customers file “Ideas” (or “Enhancement Requests” as they were previously called) themselves on the CA Communities. 

    We have now given customers the ability to create Ideas themselves  and vote on the Ideas that other customers enter as well.

     

     

     

    Here are detailed instructions on how to open a new Idea:

    1. Navigate to https://communities.ca.com/ and log in with your CA credentials.
    2. Go to the “CA Security” Community: https://communities.ca.com/community/ca-security
    3. Click on the 'Actions' drop-down menu at the top right and select ‘Idea’.
    4. Enter your Idea here. Select 'CA Single Sign-On' as your category at the bottom and then 'Publish' your Idea.

     

    Creating an ?Idea? (Enhancement Request) - CA Knowledge 

     

     



  • 11.  Re: CA Directory 14.0

    Posted Jul 05, 2018 04:43 PM

    Thanks, guys.

    I will open a new idea on the same

     

    Regards,

    Pankaj



  • 12.  RE: CA Directory 14.0

    Posted Sep 13, 2019 07:36 PM
    Hello,
    Configured CA ManagementUI for CA directory 14. 
    Trying to lock down anonymous user access to respository.
    Tyring to change the min-auth parameter to 'clear-password' under settings tab in managemenUI

    It fails with error - Update DSA xyz on dxagent: DxagentException: Schema validation failed on property 'schema': [] is too short

    Please advise !
    Thanks