If Identity Manager integrates with SiteMinder for advanced password policies, you can specify rules that determine the set of users to which a password policy applies. This allows you to have one password policy for general employees, and a stricter policy for high-level managers.
To specify a rule for a password policy
See the following table for a description of each filter type.
Note: The options for filter type that appear in the Directory Filter list box are determined by the type of user store to which the password policy applies. Some filter types are not available for relational databases and CA Directory user stores.
The following table describes the options for directory filter types, and provides examples of each filter type.
Type of Filter |
Use this filter to... |
Example |
---|---|---|
Entire Directory |
Apply a password policy to all users in a user store. |
N\A |
In a group |
Search for a specific group |
Name=Product Team |
A user |
Search for and select a single user |
User ID=jsmith |
User filter (Not available for relational databases) |
Specify a filter for users. |
Employee Type = Contractor |
User Search Expression |
Enter a search query for users Note: See the CA SiteMinder Policy Server Configuration Guide for information about the LDAP search expression. |
uid=*smith |
Group Filter (Not available for relational databases and Provisioning Server user stores) |
Specify a filter for groups |
Self Subscribing = * |
Group Search Expression (Not available Provisioning Server user stores) |
Enter a search query for groups Note: See the CA SiteMinder Policy Server Configuration Guide for information about the LDAP search expression.
|
cn=Sales* |
Organization Filter (Not available for relational databases and Provisioning Server user stores) |
Specify a filter for organizations Note: See the CA SiteMinder Policy Server Configuration Guide for information about the LDAP search expression. |
Organization name = *Marketing |
Organization Search Expression (Not available for relational databases and Provisioning Server user stores) |
Enter a search query for organizations Note: See the CA SiteMinder Policy Server Configuration Guide for information about the LDAP search expression. |
ou=Boston |
Search |
Specify a query that is not included in the other options for filter type. Note: See the CA SiteMinder Policy Server Configuration Guide for information about the LDAP search expression. |
(&(uid=*smith)(ou=Boston)) |
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |