You can specify where global users and user groups are stored. The storage options are:
To configure storage of global users and groups
The EEM Server Configuration page appears.
Stores the global users and global groups internally.
Stores global users and groups in an external directory. If selected, global users and global groups are considered read only. The following fields appear when you select this option:
Specifies the type of external directory. Currently supported types include CA Identity Manager, Microsoft Active Directory, Novell eDirectory, Novell eDirectory-CN, and Sun One Directory, and Custom Mapped Directory.
Specifies the host of the external directory. Hostname is the IP name or address of the computer on which the external directory is installed and running. The IP name or address can be in Internet Packet version 4 (IPv4) or version 6 (IPv6) format.
Specifies the port to connect to on the external directory host. This is an LDAP port.
Specifies the LDAP DN that is used as the base. Only global users and groups discovered underneath this DN are mapped into eTrust IAM Toolkit.
Note: No spaces are allowed in the base DN.
Specifies the DN to use to attach to the external directory host.
Note: No comma is allowed in the cn of the User DN. For example, if your User DN is: cn=firstname,middlename,dc=foo,dc=com use the backslash '\' before the comma. For example, User DN: cn=firstname\,middlename,dc=foo,dc=com
Specifies the password for the User DN that is used to attach to the external directory host.
Specifies whether to use TLS when making the LDAP connection to the external directory.
Indicates the external attributes that are not mapped.
Note: Unmapped attributes can be used for search and as filters.
If selected, eTrust IAM Toolkit Server caches in memory the global users. This allows for faster lookups at the cost of scalability.
Note: Global user groups are always cached.
Specifies the time (in minutes) to update the cached groups (and optionally users).
Specifies that Exchange groups are also used as valid Global User Groups. This lets you write policies against members of distribution lists. Available only for type Microsoft Active Directory.
Specifies the status of the External directory bind and if the External directory data is loaded or not.
Means success, and is displayed if the External directory bind is successful and/or data is loaded.
Means warning, and is displayed if the External directory data is still loading.
Means error, and is displayed if the External directory bind failed.
Note: To refresh the status, without saving the changes, click Refresh status.
Stores global users and groups in the CA SiteMinder data store. If selected, users and groups are considered read only. The following fields appear when you select this option:
Defines the name of host system where CA SiteMinder is running. Hostname is the IP name or address of the computer on which the CA SiteMinder is installed and running. The IP name or address can be in Internet Packet version 4 (IPv4) or version 6 (IPv6) format.
Defines the CA SiteMinder super user who has privileges to maintain system and domain objects.
Defines the password for CA SiteMinder administrator.
Defines the agent's name. This name must match the agent name provided to the Policy Server.
Note: Agent name is not case-sensitive.
Defines the shared secret as defined in the CA SiteMinder user interface.
Note: Agent Secret is case-sensitive.
Indicates that eTrust IAM Toolkit Server caches the global users in memory. This allows for faster lookups at the cost of scalability.
Note: Global user groups are always cached.
Specifies the time (in minutes) to update the cached groups (and optionally, users).
Indicates the external attributes that are not mapped.
Note: These can also be used for search or as filters.
Specifies the type of store used by CA SiteMinder for authorization. Currently supported types include CA Identity Manager, Custom Mapped Directory, Microsoft Active Directory, Novell eDirectory, Novell eDirectory-CN, and Sun One Directory.
Specifies the authorization store against which user information is authorized.
Specifies the authentication store against which user information is authenticated.
Specifies that Microsoft Exchange groups are valid Global User Groups.
Specifies the maximum time for which CA SiteMinder will wait for a response from an external directory when searching users. CA SiteMinder will timeout the connection with an external directory after the specified time.
Default: 60 seconds.
Retrieves store information (Authorization Store Name and Authentication Store Name) based on the connection parameters.
Specifies the status of the External directory bind and if the External directory data is loaded or not.
Means success, and is displayed if the External directory bind is successful and/or data is loaded.
Means warning, and is displayed if the External directory data is still loading.
Means error, and is displayed if the External directory bind failed.
The selected storage method is implemented for global users and groups.
|
Copyright © 2013 CA.
All rights reserved.
|
|