Integrating SiteMinder Policy Server with Active Directory as User Store, what are the attributes managed by the Policy Server with non-enhanced and AD-enhanced modes?
The Policy Server reads the following LDAP parameters in both non-enhanced and AD-enhanced modes:
userAccountControl
pwdlastSet
sAMAccountName
SM password data (blob)
The Policy Server reads the following additional LDAP parameters in AD-enhanced mode Only:
accountExpires
maxPwdAge
lockoutTime
lockoutDuration
The Policy Server writes the following parameters in both non-enhanced and AD-enhanced modes:
userAccountControl
SM password data (blob)
pwdlastSet
The Policy Server writes the following parameters in AD-enhanced mode only:
unicodePwd
lockoutTime
Note:
A login failure will trigger Active Directory (AD) to modify the following user attributes. These attributes are not currently used by SiteMinder:
logonCount
badPasswordTime