You can specify rules that determine the set of users to which a password policy applies. This ability allows you to have one password policy for general employees, and a stricter policy for high-level managers.
Follow these steps:
See the following table for a description of each filter type.
Note: The type of user store to which the password policy applies determines the options for the Directory Filter list box. Some filter types are not available for relational databases and CA Directory user stores when CA IdentityMinder is integrated with SiteMinder.
The following table describes the options for directory filter types, and provides examples of each filter type. Attributes on the left side of the "=" in the following examples are as they are prescribed in the user directory definition area. For Create-type user tasks, password policies with directory filters configured are only applied when both of the following conditions are met:
Type of Filter |
Use this filter to... |
Example |
---|---|---|
In an Organization |
Browse and select an Organization. |
|
In a Group |
Browse and select a Group. |
|
A user |
Browse and select a single user. |
|
User filter (Not available for relational databases when integrated with SiteMinder) |
Specify a filter for users. |
Employee Type = Contractor |
User Search Expression |
Enter a search query for users.
|
uid=jsmith (for LDAP) TBLUSERS.ID = jsmith (for relational databases) |
Group Filter (Not available for relational databases when integrated with SiteMinder) |
Specify a filter for groups. |
Self Subscribing = * |
Group Search Expression |
Enter a search query for groups.
|
cn=Sales (for LDAP) TBLGROUPS.NAME=GroupA (for relational databases |
Organization Filter (Not available for relational databases when integrated with SiteMinder) |
Specify a filter for organizations.
|
Organization name = *Marketing |
Organization Search Expression
|
Enter a search query for organizations.
|
ou=Boston (for LDAP) TBLORGANIZATIONS.NAME=Boston (for relational databases) |
Search
|
Specify a query that is not included in the other options for the filter type. |
(&(uid=*smith)(ou=Boston)) |
Copyright © 2013 CA.
All rights reserved.
|
|