Impossible to create a password policy with AD userDir in AD namespace
search cancel

Impossible to create a password policy with AD userDir in AD namespace


Article ID: 187442


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER


We're running a Policy Server with AdminUI and we'd like to create

Password Policies in the AdminUI, when the Active Directory already
manage its own Password Policies.

To achieve this, we haven't set a User Directory attribute to handle
the Password Blob, and as such, the AdminUI reports error :

  Error: [General] The chosen "User Directory" is not configured to
  setup password policies. It should have a valid "Blob attribute".

How can we fix this ?


Policy Server all versions


At first glance, you can't mix both Password Policies when integrating

SiteMinder with Active Directory. As per the following KD :

Policy Server :: Active Directory : Password Policies

  "The directory server's own account status takes precedence over
  anything SiteMinder might configure. Therefore, if the user is
  disabled in Active Directory, no amount of SiteMinderconfiguration
  can fix that."


Set no SiteMinder Password Policy and configure the Policy Server

environment variable NETE_PWSERVICES_REDIRECT to a path for the Custom
page hold on Active Directory.