Managed Active Directory (AD) native attributes in the Policy Server

search cancel

Managed Active Directory (AD) native attributes in the Policy Server

book

Article ID: 50153

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

Integrating SiteMinder Policy Server with Active Directory as User Store, what are the attributes managed by the Policy Server with non-enhanced and AD-enhanced modes?

Resolution

The Policy Server reads the following LDAP parameters in both non-enhanced and AD-enhanced modes:

userAccountControl
pwdlastSet
sAMAccountName
SM password data (blob)

The Policy Server reads the following additional LDAP parameters in AD-enhanced mode Only:

accountExpires
maxPwdAge
lockoutTime
lockoutDuration

The Policy Server writes the following parameters in both non-enhanced and AD-enhanced modes:

userAccountControl
SM password data (blob)
pwdlastSet

The Policy Server writes the following parameters in AD-enhanced mode only:

unicodePwd
lockoutTime

Note:

A login failure will trigger Active Directory (AD) to modify the following user attributes. These attributes are not currently used by SiteMinder:

logonCount
badPasswordTime

Feedback

thumb_up Yes

thumb_down No