Previous Topic: Enhance Policy Server’s LDAP Authorization PerformanceNext Topic: Enable and Disable Policies


Add an LDAP Expression to a Policy

If you create a policy in a policy domain that contains connections to an LDAP user directory, you can use the User Directory Search Expression Editor to bind an LDAP search expression to a policy. Search expressions can bind users to a policy based on attributes that appear in user, group, and organization profiles.

To add an LDAP expression to a policy

  1. Click the Policies tab, and then click Domains, Modify Policy.

    The search window appears.

  2. (Optional) Fill out the search form to narrow your search criteria.
  3. Click Search.

    A list of policies appears.

  4. Click the radio button on the left of the policy you want, and then click Select.

    The Modify Policy: Name pane appears.

  5. Click the Users tab.

    The user directories associated with the domain appear in the User Directories group box.

  6. Click Add Entry for the user directory on which the LDAP search expression is to apply.

    The User Directory Search Expression Editor appears.

  7. Build an LDAP expression that binds a particular user, group, or organization attribute to your policy.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  8. Click OK.

    The expression appears in the user directory table.