ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Policy Server :: HouseKeeping Thread LDAP Request : xpsCategory

book

Article ID: 35690

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Question :

Running Policy Server, the CA Directory Policy Store reports searches like :

  ! [7] 20151103.000204.436 #103.15596 TIME : SEARCH 0
  msecs dn="ou=XPS,ou=policysvr4,ou=siteminder,
  ou=netegrity,cn=siteminder" scope=one-level eis=all
  filter=(&(objectClass=xpsObject)(|(xpsCategory=2)
  (xpsCategory=3))(|(modifyTimestamp>=20151102101428.060Z)
  (createTimestamp>=20151102101428.060Z)))

What is the meaning of xpsCategory values ?

Answer :

  xpsCategory=1 is data dictionary object

  The Data Dictionary is the Data Classes and their attributes.

    Object Class="CA.SM::Domain"

    The Class "CA.SM::Domain" has the following attributes

    DLPExcludedClassificationList
    Desc
    IsAffiliate
    IsDLP
    Mode
    Name
    UserDirectoriesLink

    and the following links :

    1 - CA.SM::UserPolicy.DomainLink
    2 - CA.SM::ResponseAttr.DomainLink
    3 - CA.FED::SAML1xPartnershipBase.DomainLink
    4 - CA.SM::Rule.DomainLink
    5 - CA.SM::STSWebService.DomainLink
    6 - CA.SM::PolicyLink.DomainLink
    7 - CA.SM::Admin.DomainsLink
    8 - CA.FED::WSFEDPartnershipBase.DomainLink
    9 - CA.FED::PartnershipBase.DomainLink

  xpsCategory=2 is regular object

  All the objects as Domain, Realm, Policy, Rules, etc. like

  <Object Class="CA.SM::Domain"
   Xid="CA.SM::[email protected]"
   CreatedDateTime="2015-12-09T10:50:19" UpdatedBy="siteminder"
   UpdateMethod="GUI" ExportType="Replace">
   <Property Name="CA.SM::Domain.IsDLP">
    <BooleanValue>false</BooleanValue>
   </Property>
   <Property Name="CA.SM::Domain.IsAffiliate">
    <BooleanValue>true</BooleanValue>
   </Property>
   <Property Name="CA.SM::Domain.Name">
    <StringValue>Federation Sample Partners</StringValue>
   </Property>
   <Property Name="CA.SM::Domain.Desc">
    <StringValue>Domain for sp.demo</StringValue>
   </Property>
   <Property Name="CA.SM::Domain.Mode">
    <NumberValue>2</NumberValue>
   </Property>

   etc.

  xpsCategory=3 is security object

  Security Objects are the Administrators and all the related
  data as Workspace, etc. like

  <Object Class="CA.SM::Admin"
   Xid="CA.SM::[email protected]"
   CreatedDateTime="2015-12-09T08:50:32" UpdatedBy="SMSTUB"
   UpdateMethod="Internal" ExportType="Replace">
     <Property Name="CA.SM::Admin.DirectoryAuth">
      <BooleanValue>false</BooleanValue>
     </Property>
     <Property Name="CA.SM::Admin.Rights">
      <NumberValue>47</NumberValue>
     </Property>
     <Property Name="CA.SM::Admin.Password" Sensitive="Yes">
      <StringValue>password</StringValue>
     </Property>
     <Property Name="CA.SM::Admin.Name">
      <StringValue>siteminder</StringValue>
     </Property>
   </Object>

So during housekeeping process, the Policy Server uses filter

   (&(objectClass=xpsObject)(|(xpsCategory=2)(xpsCategory=3))

It's looking for Policy objects or Security objects that have changed.

Environment

Release:
Component: SMPLC
Powered by Wolken Software