Auto-updating the user look up tables
Updated: 21 Aug 2010 | 7 comments
With the help of Symantec in this forums, I found that user defined look up tables are stored in the following directory:
/opt/Symantec/simserver/simcm/tables/
However, modifying these flat files directly doesn't actually update the SSIM itself. I think something else needs to be executed to commit the changes in the tables to the SSIM (similar to the java console). I suspect it may be some java jar? Is there a way to use the shell command line on the SSIM device to commit the updates?
Discussion Filed Under:
Comments
LDAP
User Lookup Tables definitions are stored in LDAP.
http://www.symantec.com/connect/zh-hant/forums/aut...
Thank you antilles, I am
Thank you antilles, I am going to take a stab at modifying the directory in our lab.
I was able to successfully
I was able to successfully modify the LDAP look up tables directly.
The value needs to be base 64 encoded prior to committing to the directory.
Hi Novadean, Works this
Hi Novadean,
Works this method without any problem for you ? Are you able correlate based on updated lookup table ? I have no succes with manual modification (as you can read in the previous thread), because after update, the lookup table was completely empty.
Thank you
PS: I tried ldapmodify too, and also modification to base64.
Hi DVorel, I have not tested
Hi DVorel,
I have not tested the rules against it yet, but queries work against it. I will test rules today. I used JXplorer first to modify the directory for ease of use. When that worked, I then used ldapmodify (works as well.)
I am working off SSIM 4.7. I am not certain if there are major differences in the directory structure for look up tables between 4.6 and 4.7 - but I am assuming there is not a great difference (if any at all) based on the discussion I saw in the thread.
I noticed that my lookup table would be blank if I did not get the formatting exactly right. cisProperty should be set to the exact values found in the table "
/opt/Symantec/simserver/simcm/tables/" It is dependent on carriage returns.
I am heading to the office to continue testing soon - I can provide updates and exact steps that I am taking later today.
Okay -- rules work, but in
Okay -- rules work, but in the testing of the rules it does not work. The only reason I would guess is because testing the rule does not compare it with the same directory object. I am finding out still why that is. No biggy though -- so long as the real rule works once deployed to the server. It is easily fixed to just redeploy the updated table as well if you ever need to test the rule.
Here are the commands I am using:
ldapsearch -h localhost -Z -K /etc/symantec/ses/key.kdb -b "cn=Lookup Tables,cn=Rule Engine,cn=SIM,ou=Administration,dc=<DOMAIN>,o=symc_ses" -D 'USERID=Administrator,ou=People,DC=<DOMAIN>,O=SYMC_SES' -w <PASSWORD> "dlmCaption=<TABLE_NAME>"
This is the ldif I am importing:
To get the resulting table:
EDIT: 2/18/2010
You also need to modify the LDAP attribute symcSequenceRevision with an updated timestamp. This time stamp is in Zulu time format.
If you do not update this, then the table will not be updated.
Hi, Keep in mind that using
Hi,
Keep in mind that using such method is not supported by Symantec, no one should access directly the ldap browser and modify entries in there.
I understand that updating automatically asset table would be a great feature of the product and there is an enhancement request that has been forwarded to the product management, but keep in mind that if you have issue, Support might not be able to help.
Thanks,
Would you like to reply?
Login or Register to post your comment.