Install the Agent

This article describes the preparation and installation procedures of the  Agent.
cahscm101
This article describes the preparation and installation procedures of the 
CA Harvest SCM
 Agent.
2
Prepare for the Agent Installation 
To ensure that you successfully install the
CA Harvest SCM
agent, complete the following steps:
Follow these steps:
  1. If you have not already done so, read the
    Release Information
    . Do not install the agent until you have read that information and understand it.
  2. Determine the home directory (%CA_SCM_HOME%) in which you want to install the agent. The default home directory is C:\Program Files\CA\SCM.
  3. Determine the agent port number.
  4. Decide whether you want to install the agent on a network for shared use, and determine where to install the shared agent.
    The shared location must be a network or local drive that is shared and to which other users can map. You cannot use a URL.
  5. Determine whether you installed the agent as a Windows service.
Authentication
During the
CA Harvest SCM
installation, you can select to use either
internal
authentication,
OpenLDAP
authentication, or
Mixed Mode Authentication
as the method your site will use to authenticate users' names and passwords. The authentication is used, for example, when a user attempts to log in to the product.
  • Internal authentication uses the product to authenticate the user name and password.
  • OpenLDAP authentication uses an OpenLDAP authentication server for authentication.
  • Mixed Mode authentication lets the SCMAdmin create users internally even though the authentication mode may be set to External (LDAP).
    Mixed Mode authentication does not use LDAPserver for Authentication when users are created internally.
The authentication method that you select may depend on your company's IT standards and conventions, resources, environment-specific concerns, manager input, in addition to other factors.
If you select internal authentication, you do not need to perform any preparation tasks.
Prepare for the OpenLDAP Installation
Based on your planned security-related implementation, you may decide to use OpenLDAP authentication instead of internal authentication.
Follow these steps:
  1. Verify that your LDAP server is installed and configured.
    For a list of supported LDAP servers, read the Release Information.
  2. Decide whether to use Transport Level Security (TLS), Secure Socket Layer (SSL), or no security to encrypt communication between the product and your LDAP server. Specify TLS
    only
    if your LDAP server supports StartTLS.
    If you specify no encryption, user credentials and all other information exchanged between the product and the LDAP server is transmitted in clear text.
  3. If you select TLS or SSL, determine and record complete path names for the following:
    • The TLS trusted certificate (optional)
    • The TLS client certificate (optional)
    • The TLS client key (optional)
  4. If you select TLS or SSL, decide which method you will use to supply the TLS values when you are asked to supply them during the installation:
    • By entering the actual path names.
    • By entering the name of the OpenLDAP configuration file that specifies these path names.
Install the Agent
The
CA Harvest SCM
agent acts as a file server to remote computers. You can install
only
the agent, without installing the product server or client.
Follow these steps:
  1. Insert the installation media into your drive.
    The Product Explorer dialog appears.
  2. Select the product component that you want to install.
  3. To continue with the installation, follow the on-screen instructions.
  4. When prompted, enter your user name and organization name, and specify who can use the product.
  5. When prompted, specify the location to install the product. By default, the product is installed to the C:\Program Files\CA directory.
    If you change the default installation directory, the directory you specify will be the top-level directory for the product files. For example, %CA_SCM_HOME% will be defined as
    your-installation-path
    \SCM. If the directory you specify does not exist, it is created.
    Consider the following information when specifying the location to install the product:
    • When upgrading and when prompted for the installation path, do
      not
      select the %CA_SCM_HOME% location
      path
      \CCC_Harvest from a previous installation. Instead, either select the default location path (C:\Program Files\CA) or specify a new location. The installation path name is the location for CA products,
      not
      %CA_SCM_HOME%. The %CA_SCM_HOME% is located one directory level under the installation path.
    • If you specify a non-default installation path that includes an ampersand (&) in a folder name, the ampersand is included in the path name during installation. However, the ampersand does not appear in the path name in the destination folder during installation. Instead, the ampersand is removed and the next character after it is an underline. For example, if the folder name is CA&SCM, CA_SCM is displayed. However, the folder name used for the installation is CA&SCM.
  6. When prompted, select how you want to install the agent by selecting one of the following options.
    • Complete
      Installs the agent with the most popular features.
    • Custom
      Select optional features for your agent installation.
  7. When prompted, specify the agent port number.
  8. When prompted specify if the Agent should be started as a service (Custom Install only).
  9. When prompted, specify whether to enable or disable FIPS mode.
  10. When prompted, specify the method the product will use to authenticate users' logon credentials:
    • Internal
      This method uses operating system calls. Login credentials provided to the remote agent are validated against the remote agent's operating system. If you select Internal, skip the rest of this step and continue at the next step.
    • OpenLDAP
      This method uses an external server. Login credentials provided to the remote agent are validated against the external authentication server. If you select OpenLDAP authentication, you are prompted to supply the required LDAP-related information. When you are finished specifying LDAP information, continue at the next step.
     
    When you install LDAP authentication, the OpenLDAP and OpenSSL open source libraries are installed automatically in the product folders, if they are not already installed. For information about OpenLDAP, see the OpenLDAP web site. For information about OpenSSL, see the OpenSSL web site.
  11. Continue following the on-screen instructions to complete the agent installation.
    In addition to the features you have selected, the following CA shared components are automatically installed:
    • Enterprise Communicator (PEC). If you want to uninstall this component, you must use the Windows Add/Remove control panel. You cannot uninstall PEC if the product is still installed.
    • The Public Key Infrastructure (eTPKI). This component is installed automatically through the product installation.
    Because these components are shared by other CA products, they are not removed when the product is uninstalled. They are separate components and must be removed separately.
LDAP Compliant Directory Configuration Windows
The LDAP Compliant Directory Configuration windows let you configure the LDAP settings for your
CA Harvest SCM
agent. The window uses the following fields.
The product installation program records your responses to the following prompts in the LDAP-related settings in the product configuration files HServer.arg, HBroker.arg, and HAgent.arg.
  • LDAP Server Name
    Defines one or more host names of the LDAP server to which your
    CA Harvest SCM
    computer connects, for example:
    hostname1
    You can optionally define the port number to use on each host, by entering the host name in the form
    hostname
    :
    port
    , for example:
    hostname2:389
    You can specify a list of host names separated by spaces. Each host may optionally be of the form
    hostname
    :
    port
    , for example:
    hostname1:389 hostname2 hostname3:389
    If used, the :port number specified in the LDAP Server Name field overrides the value specified in the LDAP Port Number field.
    Limits:
    255 characters
    If the host name field defines multiple host names, the product computer connects to the first available LDAP server in the list.
  • LDAP Port Number
    Specifies the port number for the LDAP server. This port number is used if the LDAP port number is not specified in the host name field.
    Default:
    If you are using SSL as the encryption mechanism, then the default is 636; otherwise, the default is 389.
    Minimum:
    1
    Maximum:
    9999
  • Base Distinguished Name
    Defines the base distinguished name (DN) used when searching in the LDAP server. For example:
    "ou=users,ou=north america,dc=abccorp,dc=com"
    Enter the quotation marks (" ") literally as shown.
    Default:
    None
    Limits:
    255 characters
  • Search Filter
    (Optional) Defines an RFC-2254-compliant search filter for locating a user. For example, when a user attempts to log in to the product, this filter is used to search for the user in the LDAP server.
    Default:
    (&(objectclass=person)(
    user-attribute-name
    =<
    placeholder
    >))
    Note:
    The complete expression for the search filter used by your LDAP server may differ from the default value, depending on how your LDAP server has been configured. For details, see your system administrator.
    (user-attribute-name=<placeholder>)
    Specifies the LDAP User attribute name and its placeholder used in the search.
    user-attribute-name
    Defines your LDAP server's attribute name for user name. This value
    must
    be the same as the value specified for your LDAP server by the LDAP User Attribute name parameter, -ldapattrusrname=
    attribute name
    .
    <placeholder>
    Identifies a literal constant placeholder for
    user-attribute-name
    . Enter exactly the same value as
    user-attribute-name
    and enclose the value with angle brackets (< >), as shown in the following examples.
    • Examples
    These examples use the default search filter.
    If -ldapattrusrname=uid for your LDAP server, then the search filter is:
    (&(objectclass=person)(uid=<uid>))
    If -ldapattrusrname=cn for your LDAP server, then the search filter is:
    (&(objectclass=person)(cn=<cn>))
    If -ldapattrusrname=uname for your LDAP server, then the search filter is:
    (&(objectclass=person)(uname=<uname>))
    • Examples: How the Search Filter is Used
    The search filter is used to find a user name when it is required by any operation. For example, consider (&(objectclass=person)(uid=<uid>)): When a user attempts to log in to the product, <uid> is replaced dynamically with the user's user name, and the LDAP directory is searched for this user.
    These examples use the default search filter and use the setting -ldapattrusrname=uid:
    When the user amy33 attempts to log on, the search filter used to locate this user is:
    (&(objectclass=person)(uid=<amy33>))
    When the user john22 attempts to log on, the search filter used to locate this user is:
    (&(objectclass=person)(uid=<john22>))
  • LDAP Search Timeout
    (Optional) Defines the number of seconds to search for a user in the LDAP directory; for example, when a user attempts to log in to the product.
    Default:
    60
    Limits:
    20 digits.
  • Username Attribute ID
    Defines your LDAP server's LDAP user attribute name for a user's user name.
    Limits:
    255 alphanumeric characters
  • LDAP/SASL Security/Encryption Mechanism
    Specifies the security mechanism to use for authenticating product users:
    • tls
      Specifies Transport Layer Security.
      Specify TLS
      only
      if your LDAP server supports StartTLS.
    • ssl
      Specifies Secure Socket Layer.
    None
    Specifies no security mechanism.
    If you specify no encryption, user credentials and all other information exchanged between the product and the LDAP server is transmitted in clear text.
    Default:
    None.
    If you specify tls or ssl, complete the following fields; otherwise, skip them:
    Trusted Certificate Filename
    (Optional) Defines the complete path name of the TLS trusted certificate file.
    This parameter specifies the PEM-format file containing certificates for the Certificate Authorities (CAs) that the LDAP client (the product remote agent or server) will trust. The certificate for the CA that signed the LDAP server certificate must be included in these certificates. If the signing CA was not a top-level (root) CA, certificates for the entire sequence of CAs from the signing CA to the top-level CA should be present. Multiple certificates are simply appended to the file; the order is not significant.
    You can also define the TLS trusted certificate file in the OpenLDAP configuration file (for example: on UNIX, in $HOME/.ldaprc file) using the following parameter:
    TLS_CACERT 
    filename
    Limits:
    255 alphanumeric characters
    Client Certificate Filename
    (Optional) Defines the complete path name of the TLS client certificate file.
    You can also define this certificate file in the OpenLDAP configuration file (for example: on UNIX, in $HOME/.ldaprc file) using the following parameter:
    TLS_CERT 
    filename
    Limits:
    255 alphanumeric characters
    Client Key Filename
    (Optional) Defines the complete path name of the TLS private key associated with the client certificate file.
    You can also define this key in the OpenLDAP configuration file (for example: on UNIX, in the $HOME/.ldaprc file) using the following parameter:
    TLS_KEY 
    filename
    Limits:
    255 alphanumeric characters
    Private keys themselves are sensitive data and are usually password-encrypted for protection. However, the current LDAP API implementation does not support encrypted keys. Therefore, the key must not be encrypted and the file containing the key must be protected carefully.
  • LDAP Distinguished Name
    Defines the LDAP initial bind distinguished name (DN) to the LDAP Server. For all authentication operations, only the initial DN is used to bind to the LDAP directory. A sample entry is:
    "cn=john22,ou=users,ou=north america,dc=abccorp,dc=com"
    Enter the quotation marks (" ") literally as shown.
    Default:
    None
    Limits:
    255 characters
  • Password for LDAP Distinguished Name
    Defines the password for the LDAP distinguished name. Do
    not
    enter spaces. If you do not specify a password, an empty password is used.
    Limits:
    255 alphanumeric characters
    Your password is encrypted and is stored in the \CA_SCM_HOME\hagentauth.dfo file. This file name is specified in the following entry in the hagent.arg file:
    ldapbindpwfile= hagentauth.dfo
You can optionally specify multiple base distinguished names when searching for user names in the LDAP server. To set up this capability, replace the existing description of the ldapbasedn=
base distinguished name
parameter with the following:
ldapbasedn="
name1[;name2[;name 3]…]
"
Defines one or more base distinguished names (DN) used when searching in the LDAP server.
To specify one base distinguished name, use the format shown in the following example:
ldapbasedn="ou=america,dc=abccorp,dc=com"
To specify two base distinguished names, use the format shown in the following example:
ldapbasedn="ou=america,dc=abccorp,dc=com;ou=europe,dc=abccorp,dc=com"
When specifying multiple base distinguished names, separate them with a semicolon (;), as shown in the previous example.
Default: None
Limits: 255 characters
OpenLDAP Authentication (Agent Installation) Configuration
(Valid
only
if you installed OpenLDAP authentication.) Before you can use OpenLDAP authentication, you must configure the
CA Harvest SCM
components to use it.
The external authentication server should always have at least one user who is in the Administrator user group in
CA Harvest SCM
.
The initial product user created during the installation is identified by the record in the HARUSER table whose USROBJID field has a value of
1
. This user is always an administrator and always exists in the product, even if this user does not exist in the external authentication server. However, when you use external authentication, this user (like all other product users) must exist in the external authentication server to log in to the product.
Install the Agent on a Network
Use the Network installation option to run the agent from a network location. This setup uses minimal file space on the local client computer and executes the product from a shared location on the network.
Follow these steps:
  1. Set up the shared agent in the network location.
  2. Install the agent to local computers from this network location.
You must have Windows Administrator rights to use the Network installation option. In addition, if you installed the agent on a network, you cannot run the agent as a Windows service.
Set Up the Shared Agent
This step should be completed by your
CA Harvest SCM
Administrator.
Follow these steps:
  1. Open a command prompt and navigate to the location of the agent installation files. For example:
    cd 
    DVD-drive
    :\bin\win32_agent
  2. At the command prompt, enter the following command:
    setup.exe /a
    In this command, the /a option specifies an administrative installation. The installation wizard starts and prompts you for an installation path.
  3. Manually enter the network location to which a server image of the product will be created, or click Change to navigate to a different location.
    This location must be a network or a local drive that is shared and to which other users can map. You
    cannot
    use a URL. If you already have a shared network client, you must use the same network location for the agent.
  4. Continue following the on-screen instructions to set up the shared agent.
  5. Verify that the shared directory and sub-directories permit read-only access for the network users to perform the network agent installation.
  6. Communicate the location of the network installation to all users who will be installing the agent from this network location.
Install the Agent from the Network
Complete this step on each end-user computer. The network agent installation requires that the shared directory be created.
Follow these steps:
  1. On the end-user computer, map to the shared network location. For example, if the share is \\hostname\apps, map the local share N: to \\hostname\apps.
  2. On the end-user computer, use Windows Explorer to browse to the share and double-click the file named
    CA Harvest SCM
    Agent.msi.
    The drive mapping applies only to the current user who is installing the product. If, at a later time, a different user logs into the same computer, they must map to the shared directory to use the product.
  3. Install the agent using the Custom installation option and select the agent to run from the network.
  4. When the installation is finished, optionally restart the computer if prompted.
    If you select all features to run from the network, the Destination Folder will be created but will be empty. Do
    not
    delete this folder.
Install the Agent Silently
You can perform an agent installation using the command line instead of the installation wizard. You can use the command line for first-time installations
only
, not upgrades. Use the following syntax to perform an unattended installation of the agent from the command line:
DVD-drive
:\bin\win32_agent\setup.exe /s /v"/q
option
 [
property1
=\"
value
\" 
property2
=\"
value
\" 
property3
=\"
value
\"...]"
  • /s
    Specifies a silent installation, requiring no response after the installation is started. If you do not specify the /s parameter, dialogs appear during the installation, requiring user response.
  • /v
    Passes command line switches and values of public properties through to msiexec.exe. Any quotation marks inside the value for the /v parameter must be preceded by a backward slash \ (\").
  • /q
    option
    Specifies the options for setting what kind of user interface (UI) appears during installation, as follows:
    • q, qn
      No UI.
    • Qb
      Basic UI. Use qb! to hide the Cancel button.
    • Qr
      Reduced UI with no modal dialog displayed at the end of the installation.
    • Qf
      Full UI with any authored FatalError, UserExit, or Exit modal dialogs at the end.
    • qn+
      No UI except for a modal dialog displayed at the end.
    • qb+
      Basic UI with a modal dialog displayed at the end. The modal dialog does appear if the user cancels the installation. Use qb+! to hide the Cancel button.
    • qb-
      Basic UI with no modal dialogs; qb+- is not a supported UI level. Use qb-! to hide the Cancel button.
    • qb+!, qb-!
      Basic UI with or without the modal dialog displayed at the end. Hides the Cancel button. These options can also be entered qb!+ and qb!-.
      The ! option is available with Windows Installer version 2.0 and works only with basic UI. It is not valid with the full UI.
    • property1=\"value\" property2=\"value\" property3=\"value\"...
      Specifies one or more of the installation public properties. If there are spaces within the value, enclose the value in quotation marks, which must be preceded by the backslash character, as shown in this statement. For example, INSTALLDIR=\"C:\program files\CA\" specifies a path name with spaces, and COMPANYNAME=\"Jones Consulting Firm\" specifies a company name with spaces.
      To clear a public property using the command line, set its value to an empty string.
    • INSTALLDIR=\"
      directory
      \"
      Specifies the target installation directory for the agent.
    • SCMAGENTPORT=\"
      port_number
      \"
      Specifies the agent port number.
    • CREATEAGENTSERVICE=\"
      value
      \"
      The default is to create a Windows service. Specify No to not create a Windows service for this agent.
    • USERNAME=\"
      name
      \"
      Specifies the name of the user who will be using the agent.
    • COMPANYNAME=\"
      name
      \"
      Specifies the name of the company for which the user works.
    • ALLUSERS=
      value
      If this installation is for the current user
      only
      , do
      not
      set this property from the command line or set its value to an empty string.
      1
      makes the agent available to all users who use this computer.
      2
      makes the agent available to the current user only if the current user does not have admin rights; otherwise, install to all users.
    • ADDLOCAL=\"value\"
      Specifies a list of features that are delimited by commas that must be installed locally.
      The following lists the available features. Items that are marked with an asterisk (*) are always installed if ADDLOCAL or ADDSOURCE is not specified. However, if ADDLOCAL or ADDSOURCE is specified, you specify each feature individually that you want to install from the following lists. The feature names are case-sensitive. Use only a comma (no space) to separate the features.
      • For the client installation
        -- Administrator*, Workbench*, Documentation*, CommandLine*, Windows Shell Extensions (HarWin).
      • For Workbench only installation
        -- Workbench*, Documentation*, CommandLine*, Windows Shell Extensions (HarWin).
      Use the feature name as Client64 instead of Workbench, for 64-bit client installation and workbench installations
      only
      .
    • ADDSOURCE=Agent
      Specifies that the agent should be run from the source location, typically used for a network installation.
Authentication Options
Use the following property=\"value\" statements to specify the type of authentication to use for validating users' logon credentials, as follows:
  • To use internal authentication, specify only the AUTHMODE=internal parameter and do not specify the remaining LDAP authentication parameters in this section.
  • To use LDAP authentication, specify the following parameters. Enter the back slashes (\) and quotation marks (" ") literally as shown.
    • AUTHMODE=\"openldap\"
    • UPDATELDAPSETTING=\"Yes\"
    • All applicable LDAP authentication parameters in this section
To use LDAP authentication, you must specify both the AUTHMODE=\"openldap\" and the UPDATELDAPSETTING=\"Yes\" properties; otherwise, the remote agent uses the default value, internal authentication, instead of LDAP authentication.
For more information about LDAP authentication, see Install the Agent.
  • AUTHMODE=\"internal|openldap\"
    Specifies what type of authentication to use:
    • internal
      Uses operating system calls. Login credentials provided to the remote agent are validated against the remote agent's operating system If you specify internal, skip the remaining LDAP option entries.
    • openldap
      Specifies OpenLDAP authentication. Login credentials provided to the remote agent are validated against the external authentication server.
    If you specify openldap, specify the remaining LDAP entries.
  • UPDATELDAPSETTING=\"Yes\"
    To use OpenLDAP authentication, you must specify
    both
    the AUTHMODE=\"openldap\" and UPDATELDAPSETTING=\"Yes\" settings.
  • LDAPSERVER=\"hostname[:portnumber]\"
    Defines one or more host names of the LDAP server to which this agent connects, for example:
  • LDAPSERVER=\"hostname1\"
    You can optionally define the port number to use on each host, by entering the host name in the form
    hostname
    :
    port
    , for example:
  • LDAPSERVER=\"hostname2:389\"
    Note:
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    You can specify a list of host names-separated by spaces and enclosed in quotation marks. Each host may optionally be of the form
    hostname
    :
    port
    , for example:
  • LDAPSERVER=\"hostname1:389 hostname2 hostname3:389”\"
    If used, the :port option overrides the port number provided in the LDAPPORT=\"portnumber\" parameter.
    Limits:
    255
    characters
    If the host name field defines multiple host names, the server or agent connects to the first available LDAP server in the list.
  • LDAPPORT=\"portnumber\"
    Specifies the port number for the LDAP server computer. This port number is used if the LDAP port number is not specified in the LDAPSERVER=\"
    hostname
    [:
    portnumber
    ]\" parameter.
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    Default:
    If the security mechanism is ssl, then the default is 636; otherwise, the default is 389.
    Minimum:
    1
    Maximum:
    9999
  • LDAPSEARCHTIMEOUT=\"seconds\"
    (Optional) Defines the number of seconds to search for a user in the LDAP directory; for example, when a user attempts to log in to the product.
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    Default:
    60
    Limits:
    20 digits.
  • LDAPBINDDN=\"distinguished-name\"
    Defines the LDAP initial bind distinguished name (DN) to the LDAP server. For all authentication operations, only the initial DN is used to bind to the LDAP directory. A sample entry is:
    "cn=john22,ou=users,ou=north america,dc=abccorp,c=com"
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    Default:
    None
    Limits:
    255 characters
  • LDAPBINDPW=\"password\"
    Defines the password for the LDAP distinguished name. Do
    not
    enter spaces. If you do not specify a password, an empty password is used.
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    Your password is encrypted and is stored in the \CA_SCM_HOME\hagentauth.dfo file. This file name is specified in the following entry in the hagent.arg file:
    ldapbindpwfile= hagentauth.dfo
    Limits:
    255 alphanumeric characters
  • LDAPBASEDN=\"base-distinguished-name\"
    Defines the base distinguished name (DN) used when searching in the LDAP server. For example:
    "ou=users,ou=north america,dc=abccorp,dc=com"
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    Default:
    None
    Limits:
    255 characters
  • LDAPMODE=\"{none|tls|ssl}\"
    Specifies the security mechanism to use for authenticating product users:
    tls
    Specifies Transport Layer Security. Specify TLS
    only
    if your LDAP server supports StartTLS.
    ssl
    Specifies Secure Socket Layer.
    None
    Specifies no security mechanism.
    If you specify
    tls
    or
    ssl
    , specify the following parameters: TLSTRCERTFILE=, TLSCERTFILE=, and TLSKEYFILE=. For complete details about these TLS values, including how to specify them during the installation using either a file name or an LDAP configuration file, see the descriptions of the TLS fields in LDAP Compliant Directory Configuration Window.
  • TLSTRCERTFILE=\"
    filename
    \"
    (Optional) Defines the complete path name of the TLS trusted certificate file.
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    Limits:
    255 alphanumeric characters
  • TLSCERTFILE=\"
    filename
    \"
    (Optional) Defines the complete path name of the TLS client certificate file.
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    Limits:
    255 alphanumeric characters
  • TLSKEYFILE=\"
    filename
    \"
    (Optional) Defines the complete path name of the TLS private key associated with the client certificate file.
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    Limits:
    255 alphanumeric characters
    Private keys themselves are sensitive data and are usually password-encrypted for protection. However, the current LDAP API implementation does not support encrypted keys. Therefore, the key must not be encrypted and the file containing the key must be protected carefully.
FIPSMODE
=
value
Enables or disables FIPS 140-2, which is an encryption standard that protects data from unauthorized programs and users. This option enforces compliance to FIPS 140-2, which has a specific set of standards for cryptographic modules. Use the following values to disable or enable the FIPS mode:
  • 0
    disables the FIPS mode.
  • 1
    enables the FIPS mode.
Default:
0
Limits:
1 character
LDAP User Search Filter
You can use an RFC-2254-compliant search filter for locating a user.
  • LDAPFILTER=\"
    search-filter
    \"
    (Optional) Defines an RFC-2254-compliant search filter for locating a user. For example, when a user attempts to log in to the product, this filter is used to search for the user in the LDAP server.
    Enter the back slashes (\) and quotation marks (" ") literally as shown.
    Default:
    (&(objectclass=person)(
    user-attribute-name
    =<
    placeholder
    >))
    Note:
    The complete expression for the search filter used by your LDAP server may differ from the default value, depending on how your LDAP server has been configured. For details, see your system administrator.
    (user-attribute-name=<placeholder>)
    Specifies the LDAP User attribute name and its placeholder used in the search.
    user-attribute-name
    Defines your LDAP server's attribute name for user name. This value
    must
    be the same as the value specified for your LDAP server by the LDAP User Attribute name parameter, -ldapattrusrname=
    attribute name
    .
    <placeholder>
    Identifies a literal constant placeholder for
    user-attribute-name
    . Enter exactly the same value as
    user-attribute-name
    and enclose the value with angle brackets (< >), as shown in the following examples.
    Examples
    These examples use the default search filter.
    If -ldapattrusrname=uid for your LDAP server, then the search filter is:
    (&(objectclass=person)(uid=<uid>))
    If -ldapattrusrname=cn for your LDAP server, then the search filter is:
    (&(objectclass=person)(cn=<cn>))
    If -ldapattrusrname=uname for your LDAP server, then the search filter is:
    (&(objectclass=person)(uname=<uname>))
    Examples: How the Search Filter is Used
    The search filter is used to find a user name when it is required by any operation. For example, consider (&(objectclass=person)(uid=<uid>)): When a user attempts to log in to the product, <uid> is replaced dynamically with the user's user name, and the LDAP directory is searched for this user.
    These examples use the default search filter and use the setting -ldapattrusrname=uid:
    When the user amy33 attempts to log on, the search filter used to locate this user is:
    (&(objectclass=person)(uid=<amy33>))
    When the user john22 attempts to log on, the search filter used to locate this user is:
    (&(objectclass=person)(uid=<john22>))
Install the Agent as a Windows Service
Skip this procedure if either of the following applies:
  • You
    already
    installed the
    CA Harvest SCM
    agent as a Windows service during the agent installation. In this case, you do
    not
    need to perform these steps.
  • You installed the agent on the
    network.
    You
    cannot
    run the agent as a Windows service when the agent is installed on the network.
If neither applies, consider the following information and follow these steps to install the agent as a service.
  • You must have Windows Administrator rights to install the agent.
  • After you install the agent as a service, the service does not
    start
    until you restart your computer or manually start the service.
Follow these steps:
  1. Enter the following from a command prompt:
    agntd.exe -install
  2. Start the Control Panel (Administrative Tools, Services).
  3. Start the service named
    CA Harvest SCM
    Agent Service.
Verify the Agent Service Status
Follow these steps:
  1. Start the Control Panel (Administrative Tools, Services).
  2. Check the Services list to confirm that the
    CA Harvest SCM
    Agent Service is listed. Confirm that the Status setting is Started and the Startup setting is Automatic.
  3. Close the Settings window and the Control Panel.