Per the official guide link listed below, the User Class should work as follows (1).
Specifies a string that is a directory-specific class filter. This value is optional and overrides the global setting in the UserClassFilters registry.
So one would think to include the Directory specific object class in my case "TestUserClass" in the "User Class" field, applied changes, went to "view Contents" and searched for cn=user1 (which belongs to "TestUserClass" )
The expectation is that the custom user class would be visible in the search filter. Instead, the Policy Server log shows:
The custom "TestUserClass" object class is not seen in the above filter.
Same for Auth and Az scenarios flow, the filter is not present.
When updating the Registry as indicated (2), then the "View Contents" search will show the Object class.
Policy Server 12.8SP03
Upgrade Policy Server and AdminUI to 12.8SP5 to benefit from the fix DE437901 (3).
User Directory Dialog
How to utilize an LDAP User Directory with a custom ObjecClass in a Single Sign On (fka SiteMinder) environment.
Defects Fixed in 12.8.05
20093300 DE437901 Administrative UI fails to display users in the User Directory dialog when User Class is defined in the LDAP search criteria.