search cancel

Policy Server :: LDAP Group : Member Definitions


Article ID: 17628


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


Question :

In a LDAP Group, I would like to know if a given member should be DN or can only be set as UID?


Environment :

SiteMinder 12.52SP1


Answer :

From the RFC 4519 section-2.17, it seems you need to set the DN:

2.17. 'member'

The 'member' attribute type contains the distinguished names of objects that are on a list or in a group. Each name is one value of this multi-valued attribute.
(Source: X.520 [X.520])

( NAME 'member'
SUP distinguishedName)

Examples: "cn=James Clarke,ou=Finance,o=Widget\, Inc." and "cn=John Xerri,ou=Finance,o=Widget\, Inc." may be two members of the financial team (group) at Widget,
Inc., in which case, both of these distinguished names would be present as individual values of the member attribute.



Component: SMPLC