How is the LDAP search query for the SM_USERGROUPS formed ?
search cancel

How is the LDAP search query for the SM_USERGROUPS formed ?

book

Article ID: 45283

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 

How is the LDAP search query for the SM_USERGROUPS formed ?

 

Environment

 

Policy Server : r12.5 and above
User Store : LDAP ANY

 

Resolution

 

Following two registry defines the LDAP query for SM_USERGROUPS:

  HKEY_LOCAL_MACHINE\software\wow6432node\netegrity\SiteMinder\CurrentVersion\Ds\GroupClassFilters
  HKEY_LOCAL_MACHINE\software\wow6432node\netegrity\SiteMinder\CurrentVersion\Ds\LdapMatchUserDN

And, the query format is like :

  (|
  (&(objectclass = <GroupClassFilter1_From_GroupsClassFilters>) (<Attribute_Name_From_LdapMatchUserDN_Corresponding_To_GroupClassFilter1>=<USERDN>))
  (&(objectclass = <GroupName_From_GroupClassFilter_2>) (<Attribute_Name_From_LdapMatchUserDN_Corresponding_To_GroupClassFilter2>=<USERDN>))
  (&(objectclass = <GroupName_From_GroupClassFilter_3>) (<Attribute_Name_From_LdapMatchUserDN_Corresponding_To_GroupClassFilter3>=<USERDN>))
  and so on..
  )

For e.g.:

  (|
  (&(objectclass=groupOfNames)(member=uid=user1,ou=Users,dc=ca,dc=com))
  (&(objectclass=groupOfUniqueNames)(uniqueMember=uid=user1,ou=Users,dc=ca,dc=com))
  (&(objectclass=group)(member=uid=user1,ou=Users,dc=ca,dc=com))

See attached screenshots for both Registry key sample.

 

Attachments

1558708292696000045283_sktwi1f5rjvs16r14.png get_app
1558708290747000045283_sktwi1f5rjvs16r13.png get_app
Powered by Wolken Software