Symantec Access Management

  • Private Community

  • 1.  ca directory access via jexplorer

    Posted Nov 16, 2018 07:04 PM

    Experts not able to connect to the ca directory stories via tools like apache directory studio / jexplorer.



  • 2.  Re: ca directory access via jexplorer

    Broadcom Employee
    Posted Nov 19, 2018 03:38 PM

    Not sure what "stories" is in reference to but if you can provide screenshots (of JXplorer) along with errors you get that can help for anyone to comment further here.



  • 3.  Re: ca directory access via jexplorer

    Posted Nov 19, 2018 04:35 PM

    Thanks for response.

    My bad, i meant directory store (not stories). So below is one of the store i am trying to connect to via apache directory studio tool. Not sure what userid/password i have to enter in the second screenshot. what is the default userID for ca directory ?

     

     



  • 4.  Re: ca directory access via jexplorer

    Broadcom Employee
    Posted Nov 20, 2018 07:25 AM

    There is no default user ID in CA (Broadcom) Directory DSA. When you create one, it is blank. One has to connect to it as 'anonymous' for the first time to create a user and password (or one can import it from an LDIF file, if such a file exist). Once that is done, you can specify the bind user DN and it's password in any LDAP browser to connect to the DSA.



  • 5.  Re: ca directory access via jexplorer

    Posted Nov 21, 2018 04:56 PM

    Thanks for the inputs Hitesh !

    Q) how can i make this account a SUPER / ROOT user ?  If there is any config updates need to be done on this instance, i would like to use this userID.

    Q) how come I do not see the same entry in the DIT when i am trying to access it thru directory managent gui interface.

     

    Any inputs appreciated !

     

     



  • 6.  Re: ca directory access via jexplorer

    Broadcom Employee
    Posted Nov 26, 2018 08:08 AM

    SaiRao,

     

    A1) For that, you would want to look into setting up CA Directory Access Control rules to make a user a 'super user'. There is an entire chapter on the topic in our online (docops) documentation.

     

    A quick reference would be DXHOME/config/access/access.help file to review.

    Here are few links from docops for a quick reference as well:

     

    Set Up Access Controls - CA Directory - 14.0 - CA Technologies Documentation 

    Access Control Rules - CA Directory - 14.0 - CA Technologies Documentation 

    Configure Access Controls - CA Directory - 14.0 - CA Technologies Documentation 

    Example Access Control Policy - CA Directory - 14.0 - CA Technologies Documentation 

     

    A2) That is not possible via Directory Manager UI. The purpose of the UI is to created, deploy and manage your DSAs. When it comes to view the actual content, one should be any LDAP browser of their preference.

     

    -Hitesh



  • 7.  Re: ca directory access via jexplorer

    Posted Jan 08, 2019 06:03 PM

    Experts,

    I am trying to enable MW Replication among ODSEE and CA Dir 14.0. I am half way configuring it, below is the URL that i am following.

    Phased Migration - CA Directory - 14.0 - CA Technologies Documentation 

    I am kinda struck at the "Validate Replication" section within the above document. 

     

    odsee instance, ca dir instance both on same box -- running as different instances.

     

    1) enabled replication as mentioned in the above url.

    2) Created an entry in CA Dir 14.0 and expecting it to reflect in Odsee. -- entry not seen yet in odsee

    3) trying to run DXconsole and 'get dsp'. Not sure, how i can trigger it. -- inputs appreciated !