SiteMinder Password Policy Configuration to Exclude Specific UID
Article ID: 405469
Updated On:
Products
Issue/Introduction
How to configure a password policy to apply to entire LDAP, however, the password policy needs to exclude specific UID's within the LDAP directory.
Environment
SiteMinder: ALL
OS Platform: Any
Resolution
An example password policy search defined as:
(&(objectClass=inetOrgPerson)(!(|(uid=a*)(uid=j*))))
This means any user uid start with a or j will be excluded from this password policy.
Try to build a search expression, but make sure to choose "Manual Entry" and "Validate DN" option before saving the expression.
Here is policy server trace logs:
user uid=an-sample-user will be excluded from password policy
Search logs for password policy object id: 19-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, if you know the object id.
The call DoesPasswordPolicyApply return 0 means successful exclusion. If Password Policy Applies, then it will return 1.
[mm/dd/yyyy][08:22:46][12432][][SmDsLdapProvider.cpp:2669][CSmDsLdapProvider::SearchCount][][][][][][][][][][][][][][Ldap SearchCount callout succeeds.][5528][11:44:38.645][][][][][][][][][][][][][][][][][][][][(SearchCount) Base: 'cn=an-sample-user,ou=Administration,ou=####,c=##', Filter: '(&(objectClass=inetOrgPerson)(!(|(uid=a*)(uid=j*))))'. Status: 0 entries][][][][]
[mm/dd/yyyy][08:22:46][12432][][SmDsUser.cpp:921][CSmDsUser::ResolvePolicyObject][][][][][][][][][][][][][][Leave function CSmDsUser::ResolvePolicyObject][33644][08:22:46.037][][][][][No policy binding found][][][][][][][][][][][][][][][][][][][]
[mm/dd/yyyy][08:22:46][12432][][SmPasswordCheck.cpp:1922][CSmPasswordCheck::DoesPasswordPolicyApply][][][][][][][][][][][][][][Leave function CSmPasswordCheck::DoesPasswordPolicyApply][33644][08:22:46.037][][][][][0][][][][][][][][][][][][][][][][][][][]
Feedback
