The Policy Server supports LDAP referrals for LDAP user directory connections. An LDAP referral in one directory points to a location in another LDAP directory. There are two types of LDAP referrals: write referrals and read referrals. In addition, the Policy Server supports enhanced referral processing.
Note: In order for LDAP referrals to work correctly in a multiple policy store environment, the SiteMinder LDAP policy store schema must be applied to all replicas. For more information see the section describing LDAP policy store installation in the Policy Server Installation Guide.
Write Referrals
In a directory deployment that includes master and slave LDAP directories, LDAP write referrals allow updates to a master directory that can then be replicated to slave directories. In a SiteMinder deployment, you can specify a connection to a slave LDAP directory. If you use any of SiteMinder's features that require data to be written to the LDAP directory, SiteMinder automatically detects referrals that point to a master LDAP directory. The information that SiteMinder writes to the LDAP directory will be stored in the master LDAP directory and replicated to the slave LDAP directory according to the replication scheme of your network resources.
Read Referrals
In a large LDAP directory deployment, information may be divided among several LDAP directories. For example, one directory may contain enough user information to authenticate a user, while another directory may contain other important user attributes. The authentication directory can be configured to point to the directory containing user attributes. This process is called a read referral. If a directory connection exists for an LDAP directory that contains read referrals, SiteMinder is able to use the read referrals to retrieve information from the associated directories.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |