Previous Topic: User Directory Connections OverviewNext Topic: How to Configure a CA Directory User Directory Connection


Directory Attributes Overview

Some CA SiteMinder® features require read or read/write access to seven CA SiteMinder® attributes whose values are stored in the user directories connected to the Policy Server. When you configure a connection from the Policy Server to a user directory, you must specify the names of the user attributes in that user directory that correspond to the seven CA SiteMinder® attributes. This is done in the fields on the User Attributes group box.

For example, the name of the Universal ID might be Student ID in one user directory, while in another directory, the name of the Universal ID might be Account Number. Once the directory connections are configured, CA SiteMinder® can access the correct user attribute in the selected user directory each time that it encounters the Universal ID.

You can extend this capability of CA SiteMinder® through user attribute mapping. User attribute mapping allows you to define your own common names, mapping each one to user attribute names in multiple user directories with different underlying schema.

Each CA SiteMinder® attribute is associated with a data type and one or more directory types and is described in the following table. (R) indicates that the attribute requires read access. (RW) indicates that the attribute requires read/write access.

Attribute Name

 

Data Type

 

Directory Types

 

Description

 

Universal ID (R)

string

LDAP

Database

WinNT

Specifies the universal ID or user identifier that CA SiteMinder® passes to protected applications to maintain a user’s identity. This feature is a bridge between CA SiteMinder® and legacy applications, which often use attributes to identify a user.

The universal ID is also used in configuring Directory mapping.

 

Disabled Flag (RW)

string

LDAP

Database

 

Specifies the user’s account status. More information exists in the Policy Server Administration Guide.

Password Attribute (RW)

binary

LDAP

Database

 

Specifies the user’s password.

Password Data (RW)

binary

LDAP

Database

 

Is used to track password policy information.

Anonymous ID (RW)

string

LDAP

Database

 

Stores the DN of users who are authenticated using an anonymous authentication scheme.

 

Email (R)

 

string

 

LDAP

Database

 

This attribute is not currently used by a CA SiteMinder® feature.

 

Challenge/Response (RW)

string

LDAP

 

Specifies the question and answer pair that is used by the Forgotten Password feature in Password Services and DMS. The Challenge string is the password hint that is passed to the user.

 

Note: When configuring a user directory connection, you can specify the administrator credentials that the Policy Server uses to access the directory. These credentials must have the same read/write access as the corresponding user attributes in the table.

More information:

Universal IDs

Password Policies

Anonymous Authentication Schemes

User Attribute Mapping