Implementation Guide › Performance Tuning › Application Tier Performance › Authentication Guidelines › SiteMinder Policy Objects and Performance Roadmap › User Directories and Authentication Performance

User Directories and Authentication Performance

Configuring a domain requires that you bind one or more user directory connections to the domain. The Policy Server uses the search criteria you specify in the user directory connection to verify user credentials during the authentication step.

Note: For more information about configuring user directory connections, see the Policy Server Configuration Guide.

The following factors affect user authentication performance at the directory level:

• Search expressions and queries—The more complex the LDAP expression or ODBC query, the longer it takes the Policy Server to resolve the criteria to authenticate the user.
• Password Services—You can apply password policies to SiteMinder user directories. Consider the following before implementing password policies:
  • The Policy Server reads attributes related to the password policy and may need to update them. Updating an attribute requires the Policy Server to write to the user directory.
  • If the password policy is configured to track login details, an additional user directory write is required for every authentication.
  • The Policy Server takes longer to resolve password policies that only apply to a specific group of users within the directory, instead of the entire directory.