The [APSExpire] section of the APS configuration file controls the operation of the APSExpire utility, described in the chapter entitled Daily Processing (APSExpire).
In the APS Configuration File, a site defines jobs by name. Each setting is the name of a job and the values define the criteria for the job. When APSExpire executes, a job name must be specified on its command line. The program will look for the definition of this job in this section of the configuration file.
Each job defines a user directory or subset of a user directory. The syntax is different for ODBC and LDAP directories.
Overrides are not supported in this section.
For LDAP directories, jobs are defined using this syntax:
<job name>= <LDAP directory> READ(<ip>) BASE(<base DN>) SCOPE(<scope>) FILTER(<filter>)
<job name> is an arbitrary name for the job.
<ip of LDAP directory> is the ip address, the network name, or the SiteMinder User Directory name of an LDAP directory defined to SiteMinder through the Policy Interface (it cannot contain spaces if used here). If it is an ip address, it may contain the port address as well. This must match up with the definition of a User Directory in the SiteMinder Policy Store (APSExpire will attempt to look up the directory using this value).
READ(<ip>) is an optional clause that tells APSExpire to read from a different directory than the base directory. In some cases, much higher performance can be achieved by reading from a dedicated replicant directory that either SiteMinder does not use at all or is the last directory in a failover chain. If specified, however, the alternate directory must be a replicant of the "real" directory.
BASE(<search Base>) defines the scope of the search. It is entire optional. If not specified, APSExpire will search the entire directory using the search base defined in the SiteMinder User directory entry. This is useful when an entire LDAP directory is not to be processed as a single job. Sites do this when the LDAP directory is very large and APSExpire processing is to be spread over multiple servers or jobs.
SCOPE(<scope>) is optional and is generally used with the BASE option above. <scope> can either be "base" or "sub" (without quotes). It specifies how the LDAP search should be processed.
FILTER(<extra filter>) is another optional setting that allows a site to further refine a job. This filter is ANDed with any filters that APSExpire uses for its own operations. Once again, this is intended to segregate an LDAP directory into smaller jobs for performance reasons.
When using BASE, SCOPE and FILTER, it is the responsibility of the site to make sure that every user will be processed. APSExpire does not examine the sum of all defined jobs to ensure that all users get processed.
For ODBC directories, jobs are defined using this syntax:
<job name>= <ODBC directory>
WHERE(<extra WHERE clause>)
<job name> is an arbitrary name for the job.
<ODBC directory> is the DSN name or the SiteMinder User Directory name of an ODBC user directory (neither can have embedded spaces in this context) defined to SiteMinder through the Policy Interface. This must match up with the definition of a User Directory in the SiteMinder Policy Store (APSExpire will attempt to look up the directory using this value).
WHERE(<extra WHERE clause>) is another optional setting that allows a site to further refine a job. This clause is ANDed with any WHERE clause that APSExpire uses for its own operations. This is intended to segregate an ODBC directory into smaller jobs for performance purposes.
When using WHERE, it is the responsibility of the site to make sure that every user will be processed. APSExpire does not examine the sum of all defined jobs to ensure that all users will be processed.
|
Copyright © 2014 CA.
All rights reserved.
|
|