Password Services Considerations

Consider the following items when setting up Password Services:

Time settings on multiple Policy Servers
If you use Password Services with multiple Policy Servers, verify that the time settings on the Policy Server systems are synchronized. Synchronizing time settings prevents:
- Users accounts from being disabled inadvertently
- Premature forced password changes
Working with Directory Server password policies
Directory Servers, such as Netscape LDAP Directory Server, let you create simple password policies. Directory Server evaluates these policies before SiteMinder policies.

If the Directory Server policies are more restrictive than SiteMinder policies, the Directory Server accepts or rejects passwords without notifying SiteMinder. SiteMinder does not know that a user is attempting to log in and does not apply any of the password management features.
Active Directory Light Weight Directory Services
If the Policy Server is configured to connect to the policy using a proxy object, configure AD LDS for SSL.

Important! To use Password Policies, disable any Directory Server policies or make them less restrictive than the Password Policies.