search cancel

Can we use any other attribute as password attribute other than "UserPassword" for authentication with SunOne Directory Server?

book

Article ID: 54029

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description

In some cases instead of UserPassword, another LDAP attribute is used to store the user's password.

Is there a way to change this attribute or policy server will always use UserPassword attribute for password check in LDAP(any type of ldap)?

Solution

No it is not possible. SiteMinder does not compare the values in attributes for authentication but uses the bind call with the user credentials to bind (login) to the LDAP store. If the bind (login) is successfull then user is authenicated.

SiteMinder do not match the password with a value and therefore the attribute can not be changed as the LDAP standard defined the storage and behavior of the bind call.

It is also recommended that you would also not wish to do this as the other attributes in the store are stored in clear text.

Environment

Release:
Component: SMPLC