Release Notes › Policy Server Release Notes › Defects Fixed in SiteMinder Releases › Defects Fixed in r12.0 SP3 › Policy Server Processes Authentication Request for Disabled User (111627)

Policy Server Processes Authentication Request for Disabled User (111627)

Symptom:

If a user is present in multiple LDAP user stores with the same password, and is disabled in one of the user stores, the Policy Server continues to query the remaining user stores to determine if the user is authenticate. Querying all user stores is the default Policy Server behavior.

Only if the user is disabled in all user stores, does the Policy Server determine that the user is not authenticated.

Solution:

You can create a registry key to prevent the default Policy Server behavior. The ReturnOnDisabledUser registry key stops the Policy Server from querying subsequent user stores after determining that a user is disabled in one of the stores.

To create the registry key

1. Access the Policy Server host system and do one of the following:
   • (Windows) Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE\Software\Netegrity\SiteMinder\CurrentVersion\PolicyServer.
   • (UNIX) Open the sm.registry file. The default location of this file is siteminder_home/registry.

     siteminder_home

     Specifies the Policy Server installation path.

2. Create ReturnOnDisabledUser with a registry value type of DWORD.

   Value: 1 or 0

   1

   Enables the registry key.

   0

   Disables the registry key.

   If the registry value is 0 or does not exist, the Policy Server is configured with the default behavior

3. Do one of the following:
   • (Windows) Exit the Registry Editor.
   • (UNIX) Save the sm.registry file.
4. Restart the Policy Server.