What are the AD native attributes managed by the SiteMinder policy server?
Article ID: 50153
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
AXIOMATICS POLICY SERVER
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Description:
When you integrate SiteMinder with Active Directory as user store you may be interested in the attributes managed by the Policy Server with non-enhanced and AD enhanced mode.
Solution:
The PS reads the following LDAP parameters in both non-enhanced and AD enhanced mode
- userAccountControl
- pwdlastSet
- sAMAccountName
- SM password data (blob)
The PS reads the following additional LDAP parameters in AD enhanced mode Only:
- accountExpires
- maxPwdAge
- lockoutTime
- lockoutDuration
The PS writes the following parameters in both non-enhanced and AD enhanced mode:
- userAccountControl
- SM password data (blob)
- pwdlastSet
The PS writes the following parameters in AD enhanced mode only:
- unicodePwd
- lockoutTime
Note: A login failure will trigger AD to modify the following user attributes.
These attributes are not currently used by SM:
logonCount
badPasswordTime
Environment
Release:
Component: SMPLC
Component: SMPLC
Feedback
Yes
No
Powered by
