Per the official guide link listed below, the User Class should work as follows (1).

  User Class

    Specifies a string that is a directory-specific class filter. This value is optional and overrides the global setting in the UserClassFilters registry.

  Default: NULL  

So one would think to include the Directory specific object class in my case "TestUserClass" in the "User Class" field, applied changes, went to "view Contents" and searched for cn=user1  (which belongs to "TestUserClass" )

The expectation is that the custom user class would be visible in the search filter. Instead, the Policy Server log shows:

• [SmDsLdapProvider.cpp:2361][CSmDsLdapProvider::Search][(Search) Base: 'dc=joeuserstore,dc=com', Filter: '(&(|(objectclass=organizationalPerson)(objectclass=inetOrgPerson)(objectclass=organization)(objectclass=organizationalUnit)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=group))(cn=user1))'. Status: 1 entries.][][][][][Ldap Search callout succeeds.][][][][][][][][][]

The custom "TestUserClass" object class is not seen in the above filter.

Same for Auth and Az scenarios flow, the filter is not present.

When updating the Registry as indicated (2), then the "View Contents" search will show the Object class.

AdminUI 12.8SP03
Policy Server 12.8SP03

Upgrade Policy Server and AdminUI to 12.8SP5 to benefit from the fix DE437901 (3).

(1)

    User Directory Dialog
    

(2)

    How to utilize an LDAP User Directory with a custom ObjecClass in a Single Sign On (fka SiteMinder) environment.

    
(3)

    Defects Fixed in 12.8.05

       20093300 DE437901 Administrative UI fails to display users in the User Directory dialog when User Class is defined in the LDAP search criteria.