Programming Guides › Programming Guide for Perl › CLI Policy Management Methods › Session Methods › CreateUserDir Method—Creates User Directory Object

CreateUserDir Method—Creates User Directory Object

The CreateUserDir method creates and configures a user directory object.

Syntax

The CreateUserDir method has the following format:

Netegrity::PolicyMgtSession‑>CreateUserDir(dirName, namespace, server[, ODBCQueryScheme][, domDesc][, searchRoot][, usrLookStart][, usrLookEnd][, username][, password][, searchResults][, searchScope][, searchTimeout][, secureConn][, requireCreds][, disabledAttr][, UIDAttr][, anonID][, pwdData][, pwdAttr][, emailAttr][, chalRespAttr])

Parameters

The CreateUserDir method accepts the following parameters:

dirName (string)

Specifies the user directory object's name.

namespace (string)

Specifies the user directory's namespace:

• LDAP
• AD
• ODBC
• WinNT
• Custom

  server (string)

Specifies one of the following directory-dependent values:

• LDAP and AD

  Specifies the IP address and port number of the LDAP server.

  Syntax: IP_address:port_number

  Note: The default port number is 389.

• ODBC

  Specifies the data source name.

• WinNT

  Specifies the domain name.

• Custom

  Specifies the name of the library that corresponds to the custom directory.

  ODBCQueryScheme (PolicyMgtODBCQueryScheme object)

(Optional) Specifies a set of queries that SiteMinder uses to query the ODBC directory.

Note: If the user directory is not an ODBC directory, this parameter's value is undef.

domDesc (string)

(Optional) Specifies the description of the user directory.

searchRoot (string)

(Optional) Specifies one of the following directory-dependent values:

• LDAP

  Specifies the location in the LDAP tree that is the starting point for the directory connection, for example, the organization (o) or organizational unit (ou). This location, called the search root, is the point where the Policy Server starts the search for a user.

  Note: For more information about this parameter, see the parameter searchScope.

• Custom

  Specifies a string of parameters to pass to the custom library.

  usrLookStart (string)

(Optional) Specifies the start value for a user DN lookup in an LDAP directory.

usrLookEnd (string)

(Optional) Specifies the end value for a user DN lookup in an LDAP directory.

Note: Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:

• DN = "uid=JSmith,ou=marketing,o=myorg.org"
• starting_point = "uid="
• endpoint = ",ou=marketing,o=myorg.org"
• login = "JSmith"

  username (string)

  (Optional) Specifies the user name needed for accessing the user directory.

  Note: When using this parameter, set requireCreds to 1.

  password (string)

  (Optional) Specifies the password required for accessing the user directory.

  Note: When using this parameter, set requireCreds to 1.

  searchResults (int)

  (Optional) Specifies the maximum number of results to return from a search of an LDAP or custom directory.

  searchScope (int)

  (Optional) Specifies how many levels SiteMinder searches when looking for users or user groups in an LDAP directory:

  • USERDIR_SCOPE_SUBTREE

    Specifies searching the root and all levels below.

  • USERDIR_SCOPE_ONELEVEL

    Specifies searching the root and one level below.

  Note: For more information, see the searchRoot parameter.

  searchTimeout (int)

  (Optional) Specifies the maximum time, in seconds, allowed for searching an LDAP or custom directory.

  secureConn (int)

  (Optional) Specifies whether an LDAP or custom user directory connection is secured by SSL:

  • value = 1

    Specifies a connection secured by SSL.

  • value = 0 (default)

    Specifies a connection that is not secure.

  Note: When this flag is enabled, SiteMinder authentication is secure and transmissions are encrypted. Enable this flag when using SSL.

  requireCreds (int)

  (Optional) Specifies whether user credentials are required for authentication:

  • value = 1

    Specifies that credentials are required.

  • value = 0 (default)

    Specifies that credentials are not required.

    disabledAttr (string)

  (Optional) Specifies the name of the user directory attribute that contains the user's disabled state.

  Note: This parameter applies to LDAP and ODBC directories and some custom directories.

  UIDAttr (string)

  (Optional) Specifies the name of the user directory's universal ID attribute.

  Note: The universal ID is different from the user's login ID and is used to look up user information. This parameter applies to LDAP, ODBC, and WinNT directories and to some custom directories.

  anonID (string)

  (Optional) Specifies the name of the user directory's anonymous user DN attribute.

  Note: The DN, which is defined in the anonymous authentication scheme, gives anonymous users access to resources protected by the anonymous authentication scheme. This parameter applies to LDAP directories and some custom directories.

  pwdData (string)

  (Optional) Specifies the name of the user directory's password data attribute.

  Note: This parameter applies to LDAP and ODBC directories and some custom directories.

  pwdAttr (string)

  (Optional) Specifies the name of the user directory's password attribute.

  Note: This parameter applies to LDAP and ODBC directories and some custom directories.

  emailAttr (string)

  Note: This optional parameter is reserved for future use.

  chalRespAttr (string)

  (Optional) Specifies the name of the user directory's challenge/response attribute.

  Example: The challenge/response can be a hint that SiteMinder sends the user when the user forgets the password.

  Note: This parameter applies to LDAP directories and some custom directories.

Return Value

The CreateUserDir method returns one of the following values:

• PolicyMgtUserDir (object)
• undef if the call is unsuccessful