000021461 - How to install schema files on ADAM in RSA ClearTrust 5.5

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021461
Applies ToRSA ClearTrust 5.5
Microsoft Windows Server 2003
IssueHow to install schema files on ADAM in RSA ClearTrust 5.5
When completing the following instructions as listed in RSA ClearTrust Ready implementation for directory server products guide on page 5,

ldifde -i -f adschema.ldif -s localhost:50000 -k -j . -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext

the resulting error message is displayed:

C:\WINDOWS\ADAM>ldifde -i -f adschema.ldif -s localhost:50000 -k -j . -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext
Connecting to "localhost:50000"
Logging in as current user using SSPI
Importing directory from file "adschema.ldif"
Loading entries.................................................................
Add error on line 1864: No Such Attribute
The server side error is: 0x57 The parameter is incorrect.
The extended server error is:
00000057: LdapErr: DSID-0C090AB7, comment: Error in attribute conversion operation, data 0, vece
1 entry modified successfully.
An error has occurred in the program

CauseDN value may be set incorrectly within the adschema.ldif file
The environment the ADAM is being set up on is not part of a domain; thus, there is no valid DN value to utilize
ResolutionEnsure that within this file your DN is set to the correct domain value of your environment. To install the schema files on ADAM when there is no domain DN, perform the following steps:

1. Log into the machine running ADAM as Administrator

2. Open the ADAM-adsiedit utility and create a cn=Users container in your application context

3. Create a cn=Administrator account in the Users container with a valid password. This account will be used to bootstrap the RSA ClearTrust servers. This user should also be made a member of the Administrators role in order to have the appropriate permissions on the ADAM server.

4. Copy the Active Directory schema files from D:\RSA\ClearTrust 5.5\data_adapters/ldap/activedirectory to the ADAM installation directory C\WINDOWS\ADAM:

* adschema.ldif
* install-activedirectory.ldif
* mod-entry1.ldif
* mod-entry2.ldif

5. Edit adschema.ldif and remove ",dc=rsasecurity,dc=com" from all DNs

6. Click Start, point to All Programs, point to ADAM, and then click ADAM Tools Command Prompt

7. At the command prompt, type the following, and then press ENTER:

    ldifde -i -f adschema.ldif -s localhost:389 -v -k -j . -c "CN=Schema,CN=Configuration" #schemaNamingContext

8. Open the install-activedirectory.ldif file and ensure that the entries all have the same base DN as the application context created during the ADAM installation DC=rsasecurity,DC=com. Perform this same step for the mod-entry1.ldif and mod-entry2.ldif files. NOTE: If a different user than "Administriator" is used as the ClearTrust administrative user, then modify the last line of the install-activedirectory.ldif file with the correct name.

9. At the ADAM command prompt, type the following command, and then press ENTER:

    ldifde -i -f install-activedirectory.ldif -s localhost:389 -k -j .

10. Repeat step 9 for the mod-entry1.ldif and mod-entry2.ldif files:

    ldifde -i -f mod-entry1.ldif -s localhost:389 -k -j .

    ldifde -i -f mod-entry2.ldif -s localhost:389 -k -j .

NOTE: The instructions are modified from the original to exclude any references to a particular DN value.
Legacy Article IDa23046