CA SiteMinder may be configured with Advanced Password Services (APS). However there may be cases where creation or updating certain APS attributes should be disabled for users in a certain User Directory or for a SiteMinder Domain. Such would be the case of an Active Directory user store whose schema would not allow APS to create attributes and the directory schema cannot be changed as per company policy.

This generates errors as it fails to update the user profile, but it also impacts performance. 

The question arises then whether it is possible to disable creation of such attributes either at the User Directory or Domain level

Release : 12.8

Component : SITEMINDER ADVANCED PASSWORD SERVICES

With SiteMinder configured for Advanced Password Services, the Policies defined in the APS.cfg file apply to all User Directory Definitions defined for the Policy Server. There is currently no method to allow limiting APS Password Policies at the User Directory or SiteMinder Domain level.

The following steps can be used to disable Advanced Password Services for a Policy Server where such feature is configured:

1. Stop the Policy Server

2. Rename SMAPS.dll from the SiteMinder bin folder (libsmaps.so from SiteMinder lib folder in Linux )

3. Rename APS.cfg from the SiteMinder bin folder

4. Restart Policy Server