Previous Topic: Policy Binding Establishment

Next Topic: Bind Policies to Users with the Manual Entry Field

Policy Bindings for LDAP Directories

When SiteMinder authenticates a user, it establishes a user context. Subsequently, access control policy decisions are based on the user context matching one of the criteria shown in the table below.

User Namespace

Description

User

The user's Distinguished Name (DN) must match the DN specified in the policy.

User Attribute

The search expression specifying conditions related to user attributes must be true.

User Group

The user's DN must be a member of the user group specified in the policy.

Group Attribute

The search expression specifying conditions related to the group attribute must be true.

Organizational Role

The user must occupy the organizational role specified in the policy.

Organization Unit

The user must be a member of the organizational unit specified in the policy. The Organizational Unit must be a part of a user's DN, group, or role (group and role are not used by default).

Organization

The user must be a member of the organization specified in the policy. The Organization must be a part of a user's DN, group, or role (group and role are not used by default).

Organization Attribute

The search expression specifying conditions related to the organization attribute must be true.

Custom Object Classes

SiteMinder can be configured to associate Policies with custom directory objects.

Generally, you bind users or user attributes to policies on the SiteMinder Policy pane by selecting an entry from the list of available directory entries. Individual users are not visible in the list of available directory entries. However, you can search for specific users within a directory and add the users directly to the policy.

More information:

Add Users to a Policy


Copyright © 2010 CA. All rights reserved. Email CA about this topic