When running Policy Server, when enabling LDAP search filter as
'(&(uid= user_name ) ( !( regStatus=DEREGISTERED*)))'
XPSCounter will still count users which have regStatus set to
As per documentation shouldn't XPSCounter count users from the LDAP
(CA Directory) store which are not meeting this criteria ?
At first glance, the XPSCounter isn't based on successful login, but
rather on the amount of users in the User Store as per documentation
So the search isn't about the LDAP filter and attributes defined by in
the User Directory LDAP User DN Lookup, but rather about the
objectclasses of the users from the User Directory. As per the same
page above, it counts the objects that have the objectclass
inetOrgPerson. As Active Directory doesn't have that class, that's the
reason why you need to do a mapping of the objectclass to count users
from Active Directory (2).
The LDAP Search box has a Root parameter should used. This one
delimits the border of the User Store. Users that are within that Root
will be counted and the ones that are not, won't be counted.
So the search isn't about the LDAP filter and attributes you defined
in the lookup dn by in the User Directory, but rather about the
objectclasses of the users from the User Directory, which is delimited
by the Root parameter from the LDAP Search box.
To illustrate :
Having that LDAP User Directory configuration :
| LDAP Search | |
| Root | dc=training,dc=com |
| LDAP User DN Lookup | |
| Start | (cn= |
| End | ) |
| Effective Lookup | (cn=ID-From-Login) |
XPSCount will count all the users which are within the
"dc=training,dc=com", even if some have no "cn" attribute defined.
To comply with the terms of your SiteMinder license, you can count
the number of users in your SiteMinder environment.
Determine the Number of Users Associated with SiteMinder Policies
To comply with the SiteMinder licensing terms, you can determine how
many users in your organization are associated with SiteMinder
Map the Active Directory inetOrgPerson Object Class
If your SiteMinder user stores are on Microsoft Active Directory
servers, map the inetOrgPerson in each server before counting the