Directory Attributes Overview

Policy Server Guides › Policy Server Configuration Guide › User Directories › Directory Attributes Overview

Directory Attributes Overview

Some features require read or write access to seven SiteMinder attributes. The attribute values are in the user directories that are connected to the Policy Server. You map the directory user attributes the SiteMinder attributes in the User Attributes section. You can also use attribute mapping to define your own common names. You can map each name to user attribute names in multiple user directories.

Each SiteMinder attribute is associated with a data type and one or more directory types that are described in the following table. (R) indicates that the attribute requires read access. (RW) indicates that the attribute requires read/write access.

Attribute Name	Data Type	Directory Types	Description
Universal ID (R)	string	LDAP Database WinNT	Specifies the universal ID or user identifier that SiteMinder passes to protected applications to maintain a user’s identity. This feature is a bridge between SiteMinder and legacy applications, which often use attributes to identify a user. The universal ID is also used in configuring Directory mapping.
Disabled Flag (RW)	string	LDAP Database	Specifies the user’s account status. More information exists in the Policy Server Administration Guide.
Password Attribute (RW)	binary	LDAP Database	Specifies the user’s password.
Password Data (RW)	binary	LDAP Database	Is used to track password policy information.
Anonymous ID (RW)	string	LDAP Database	Stores the DN of users who are authenticated using an anonymous authentication scheme.
Email (R)	string	LDAP Database	This attribute is not currently used by a SiteMinder feature.
Challenge/Response (RW)	string	LDAP	Specifies the question and answer pair that is used by the Forgotten Password feature in Password Services and DMS. The Challenge string is the password hint that is passed to the user.

Attribute Name

Data Type

Directory Types

Description

Universal ID (R)

string

LDAP

Database

WinNT

Specifies the universal ID or user identifier that SiteMinder passes to protected applications to maintain a user’s identity. This feature is a bridge between SiteMinder and legacy applications, which often use attributes to identify a user.

The universal ID is also used in configuring Directory mapping.

Disabled Flag (RW)

string

LDAP

Database

Specifies the user’s account status. More information exists in the Policy Server Administration Guide.

Password Attribute (RW)

binary

LDAP

Database

Specifies the user’s password.

Password Data (RW)

binary

LDAP

Database

Is used to track password policy information.

Anonymous ID (RW)

string

LDAP

Database

Stores the DN of users who are authenticated using an anonymous authentication scheme.

Email (R)

string

LDAP

Database

This attribute is not currently used by a SiteMinder feature.

Challenge/Response (RW)

string

LDAP

Specifies the question and answer pair that is used by the Forgotten Password feature in Password Services and DMS. The Challenge string is the password hint that is passed to the user.

Note: You can specify the administrator credentials that the Policy Server uses to access the directory. These credentials have the same read and write access as the corresponding user attributes in the table.

More information:

User Attribute Mapping

Ping the User Store System

Be sure to ping your user store system before configuring to verify that a network connection exists between the Policy Server and the user directory or database.

Note: Some user store systems may require the Policy Server to present credentials.