This section contains the following topics:
LanMan Directory Connection Prerequisites
Configure a LanMan Directory Connection
Failover for Windows User Directories
LanMan User Directory Search Criteria
In a Windows environment, the Policy Server enumerates and manages the resources in a directory service through the Microsoft Active Directory Service Interface (ADSI) layer. This layer abstracts the capabilities of directory services from different network providers in a distributed computing environment. However, the current version of ADSI has its own limitations which can adversely affect the performance of the Policy Server.
With ADSI, every Windows directory request must always pass through the Primary Domain Controller (PDC) first. This compounds the network traffic that the PDC must handle. A custom solution to this dilemma is for the Policy Server to channel Windows directory requests to Backup Domain Controllers (BDCs) while bypassing the PDC. The Policy Server handles this sort of custom solution by using LanMan directory connections.
The LanMan user directory connection option allows you to specify a failover list of BDCs used for each user directory lookup in the Windows Registry. Using a LanMan directory connection, the Policy Server sends Windows directory requests to the first active BDC in the Registry list, rather than forcing requests to pass through the PDC.
The following conditions must be met before the Policy Server can use a LanMan directory connection to access user data in a Windows directory:
installation_directory\netegrity\siteminder\bin\
You can configure a LanMan user directory. The following process lists the steps for creating a user directory connection to the Policy Server.
The first procedure in configuring a LanMan directory connection is configuring the appropriate registry keys.
Follow these steps:
The Run dialog opens.
The Registry Editor opens.
"LDAP:,ODBC:,OCI:,WinNT:,Custom:,AD:"
\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\Ds\Lanman_DC
\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\Ds\Lanman_DC\<NT_domain_name>
For example:
\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\Ds\Lanman_DC\MyDomain
You can configure a user directory connection that lets the Policy Server communicate with a LanMan Directory user store.
Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.
To configure a LanMan user directory connection
The User Directories page appears.
The Create User Directory page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
LanMan settings open.
The Create User Directory task is submitted for processing.
The list of registry keys you create for the LanMan user directory connection determines failover order.
LanMan directory connections are a type of Windows user directory connection. A LanMan directory connection functions similarly to a regular Windows connection, with the exception of which actual Domain Controller handles requests. This does not affect the procedure for executing a user directory search.
Copyright © 2013 CA.
All rights reserved.
|
|