Policy Server :: LDAP Group : Member Definitions

book

Article ID: 17628

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Question :

In a LDAP Group, I would like to know if a given member should be DN or can only be set as UID?

 

Environment :

SiteMinder 12.52SP1

 

Answer :

From the RFC 4519 section-2.17, it seems you need to set the DN:

2.17. 'member'

The 'member' attribute type contains the distinguished names of objects that are on a list or in a group. Each name is one value of this multi-valued attribute.
(Source: X.520 [X.520])

(2.5.4.31 NAME 'member'
SUP distinguishedName)

Examples: "cn=James Clarke,ou=Finance,o=Widget\, Inc." and "cn=John Xerri,ou=Finance,o=Widget\, Inc." may be two members of the financial team (group) at Widget,
Inc., in which case, both of these distinguished names would be present as individual values of the member attribute.

(http://tools.ietf.org/html/rfc4519#section-2.17)

Environment

Release:
Component: SMPLC