Question :
Running Policy Server, the CA Directory Policy Store reports searches like :
! [7] 20151103.000204.436 #103.15596 TIME : SEARCH 0
msecs dn="ou=XPS,ou=policysvr4,ou=siteminder,
ou=netegrity,cn=siteminder" scope=one-level eis=all
filter=(&(objectClass=xpsObject)(|(xpsCategory=2)
(xpsCategory=3))(|(modifyTimestamp>=20151102101428.060Z)
(createTimestamp>=20151102101428.060Z)))
What is the meaning of xpsCategory values ?
Answer :
xpsCategory=1 is data dictionary object
The Data Dictionary is the Data Classes and their attributes.
Object Class="CA.SM::Domain"
The Class "CA.SM::Domain" has the following attributes
DLPExcludedClassificationList
Desc
IsAffiliate
IsDLP
Mode
Name
UserDirectoriesLink
and the following links :
1 - CA.SM::UserPolicy.DomainLink
2 - CA.SM::ResponseAttr.DomainLink
3 - CA.FED::SAML1xPartnershipBase.DomainLink
4 - CA.SM::Rule.DomainLink
5 - CA.SM::STSWebService.DomainLink
6 - CA.SM::PolicyLink.DomainLink
7 - CA.SM::Admin.DomainsLink
8 - CA.FED::WSFEDPartnershipBase.DomainLink
9 - CA.FED::PartnershipBase.DomainLink
xpsCategory=2 is regular object
All the objects as Domain, Realm, Policy, Rules, etc. like
<Object Class="CA.SM::Domain"
Xid="CA.SM::[email protected]"
CreatedDateTime="2015-12-09T10:50:19" UpdatedBy="siteminder"
UpdateMethod="GUI" ExportType="Replace">
<Property Name="CA.SM::Domain.IsDLP">
<BooleanValue>false</BooleanValue>
</Property>
<Property Name="CA.SM::Domain.IsAffiliate">
<BooleanValue>true</BooleanValue>
</Property>
<Property Name="CA.SM::Domain.Name">
<StringValue>Federation Sample Partners</StringValue>
</Property>
<Property Name="CA.SM::Domain.Desc">
<StringValue>Domain for sp.demo</StringValue>
</Property>
<Property Name="CA.SM::Domain.Mode">
<NumberValue>2</NumberValue>
</Property>
etc.
xpsCategory=3 is security object
Security Objects are the Administrators and all the related
data as Workspace, etc. like
<Object Class="CA.SM::Admin"
Xid="CA.SM::[email protected]"
CreatedDateTime="2015-12-09T08:50:32" UpdatedBy="SMSTUB"
UpdateMethod="Internal" ExportType="Replace">
<Property Name="CA.SM::Admin.DirectoryAuth">
<BooleanValue>false</BooleanValue>
</Property>
<Property Name="CA.SM::Admin.Rights">
<NumberValue>47</NumberValue>
</Property>
<Property Name="CA.SM::Admin.Password" Sensitive="Yes">
<StringValue>password</StringValue>
</Property>
<Property Name="CA.SM::Admin.Name">
<StringValue>siteminder</StringValue>
</Property>
</Object>
So during housekeeping process, the Policy Server uses filter
(&(objectClass=xpsObject)(|(xpsCategory=2)(xpsCategory=3))
It's looking for Policy objects or Security objects that have changed.