Previous Topic: Configure the Policy Engine Registry ValuesNext Topic: Set Up SecureMail Integration

Platform Deployment GuidePolicy EnginesConfigure Policy EnginesConfigure the Policy Engine Registry ValuesPolicy Engine Registry Values

Policy Engine Registry Values

Within the specified registry key, the registry values that you may need to add are:

LookupLDAPServers

Type: REG_MULTI_SZ

Data: Specifies a list of servers hosting an LDAP directory. Specifying multiple host servers provides fault-tolerance and load-sharing to ensure that the policy engine processes events as quickly as possible.

If the policy engine is running in a domain, you can leave this registry value unspecified. By default, the policy engine will automatically detect an Active Directory server.

Server names can be ‘plain’ or include a domain suffix (UNI-EXCH or UNI-EXCH.UNIPRAXIS.COM). If the LDAP port number is not 389, you can add it after the server name; prefix the port number with a colon (UNI-EXCH:319). You can also prefix the server name with the account credentials used to access the LDAP database. The syntax is:

<username>:<password>@<server name>

Note: When connecting to a non-Microsoft LDAP server (for example Domino), the username must be the distinguished name of a user with read access to the relevant parts of the directory. For example:

cn=Spencer Rimmel:MyPassword@unipraxis

Where the user name is Spencer Rimmel, the password is MyPassword, and the server name is unipraxis.

Note: Although anonymous access (not supplying a username and/or password) may allow some LDAP attributes to be accessed, other LDAP attributes may be restricted. That is, your policy engines may only able to access some LDAP attributes if you provide user credentials.

LookupSearchFilter

Type: REG_SZ

Data: If necessary, you can specify that lookup operations are filtered against specific LDAP containers or nodes. Policy engines can automatically detect Active Directory; in this case, the value defaults to:

(|(objectCategory=group)(objectCategory=person))

For other LDAP directories, it defaults to:

(objectClass=*)

If you override the default filter, ensure that the new filter conforms to RFC 2254.

LookupDirectoryType

Type: REG_SZ

Data: Specifies the type of LDAP directory. Policy engines can automatically detect Active Directory; in this case, the value defaults to GC. For other LDAP directories (including Lotus Domino), it defaults to LDAP.

If necessary, you can override these defaults. For example, set this value to NDS for NetWare NDS or NWCOMPAT for NetWare 3.x.

LookupDirectoryBase

Type: REG_SZ

Data: Specifies the LDAP server’s base DN or domain. This value defaults to empty, indicating that the policy engine searches the whole directory for objects. However, you can set this value to a specific base DN, for example, to speed up lookup operations or because the account used to access the LDAP directory only has permission to search a specific subset of the directory.

For Domino, set this registry value to the root domain of your organization, for example:

"o=unipraxis"