What are the AD native attributes managed by the SiteMinder policy server?

Article Id: 50153

Status: Published

Updated On: 14-02-2018 07:05

Legacy Id: TEC557680

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On SOA Security Manager (SiteMinder) , CA Single Sign-On , CA Single Sign-On

Issue/Introduction:

Description:

When you integrate SiteMinder with Active Directory as user store you may be interested in the attributes managed by the Policy Server with non-enhanced and AD enhanced mode.

Solution:

The PS reads the following LDAP parameters in both non-enhanced and AD enhanced mode

userAccountControl
pwdlastSet
sAMAccountName
SM password data (blob)

The PS reads the following additional LDAP parameters in AD enhanced mode Only:

accountExpires
maxPwdAge
lockoutTime
lockoutDuration

The PS writes the following parameters in both non-enhanced and AD enhanced mode:

userAccountControl
SM password data (blob)
pwdlastSet

The PS writes the following parameters in AD enhanced mode only:

unicodePwd
lockoutTime

Note: A login failure will trigger AD to modify the following user attributes.
These attributes are not currently used by SM:
logonCount
badPasswordTime

Environment:

Release:
Component: SMPLC