In APS.cfg, APSExpire Job can be defined.

However, the Job does not accept Siteminder User Directory Name, but works when using actual  LDAP directory server names, or ip address.

[APSExpire]

This works:   JOBNAME_EXAMPLE= LDAP_directory_server_Name:389 BASE(ou=######,dc=example,dc=com) 

This doesn't: JOBNAME_EXAMPLE=Siteminder_User_Directory_Name_example BASE(ou=######,dc=example,dc=com) 

"Siteminder_User_Directory_Name_example" is referred to the User Directory object name when defined in admin ui.

When fails:  apsexpire JOBNAME_EXAMPLE -v

[APS Version 12.8.0700.2758 - APSExpire Rev 12.8.0700.2758]

mm dd, yyyy at 10:12:31 AM EDT-T-APS: Requesting Enhanced Referral Handling

mm dd, yyyy at 10:12:31 AM EDT-T-APSExpire: ENTRY

mm/dd/yy, 10:12 AM-E-[SM-APS-07331] Unable to locate Directory Object for host "Siteminder_User_Directory_Name_example"

mm/dd/yy, 10:12 AM-E-[SM-APS-07332] This host does not match any User Directories defined in the Policy Store

mm/dd/yy, 10:12 AM-E-[SM-APS-05503] Unable to initialize directory "Siteminder_User_Directory_Name_example"

mm dd, yyyy at 10:12:37 AM EDT-T-APSExpire: Directory(Siteminder_User_Directory_Name_example) not found, EXIT

Policy server: 12.8 SP7

ALL supported OS: Windows 2019 or Linux

APS enabled

This is working as designed.

The design is :

APSExpire must use directory server name/IP address in JOBNAME but not the User Directory name that is created in Policy Server.

  - For LDAP directories, one should give IP address/hostname of directory server with port number.

  - For ODBC directories, one should give DSN name that is given during creation of directory.