search cancel

Siteminder password policies not working


Article ID: 201771


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Policy Server and when a user logs in, the Policy
Server doesn't seem to apply the Password Policy, and as such, we
don't see the account being locked and user can still browse the Web

How can we fix that ?




Policy Server 12.8SP2 build 1992 on Linux;
LDAP User Store on ODSEE;




You've configured the Password Policy that way :

  Directory : myCorporateUserStore

  Password Policy applies to part of the Directory

  | Path  | c=mycountry  |
  | Class | Search Users |
  |       |              |

When Policy Server tries to find the user applying the filter c=mycountry,
then the LDAP Server returns no entry, and as such the Policy Server
cannot apply the Password Policy and thus, it won't update the
Disabled Flag :

  [About to initialize User 'cn=myuser,o=myteam,c=mycountry' 
  in dir 'myCorporateUserStore'][][Start of call InitUser.][][]

  [Policy resolution for user: 'cn=myuser,o=myteam,c=mycountry', 
  filter: 'c=mycountry', type: 3, recursive: No][][Start of call HasRelationship.][][]

  [LDAP search of c=mycountry took 0 seconds and 1684 microseconds][][][][][][][][][][]

  [(SearchCount) Base: 'cn=myuser,o=myteam,c=mycountry', 
  Filter: 'c=mycountry'. Status: 0 entries][][Ldap SearchCount callout succeeds.][][][]



Investigate with the LDAP Administrator the reason why the LDAP
request return 0 entry :

  'cn=myuser,o=myteam,c=mycountry', Filter: 'c=mycountry'. Status: 0 entries