You can configure a directory mapping to authenticate users against one directory and authorize users against another directory.
To configure a directory mapping
The Create Directory Mapping pane opens.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Important! The directory mapping is successful only if the Universal ID points to a single entry in the authorization directory.
The Create Directory Mapping task is submitted for processing.
You assign a directory mapping to a realm so the Policy Server may authenticate a user in one directory and authorize a user in another directory. The Policy Server uses the authorization directory specified in the realm to authorize users.
To assign a directory mapping to a realm
The Default value indicates that there is no directory mapping; the authentication directory will be used as the authorization directory when a user attempts to access a resource in the realm. The list only contains user directories that have been configured as authorization directories in an existing directory mapping.
Important! You can map only one authorization directory per realm.
The Policy Server saves the directory mapping. Users that access the realm authenticate normally and authorize against the directory specified in the realm.
AuthValidate Directory Mapping is an extension of Authentication and Authorization Directory Mapping. Both types of directory mapping allow users to authenticate against one user directory and authorize against another user directory. In both cases, the directory mapping type can be further specified as Identical DN or Universal ID.
AuthValidate directory mapping extends Authentication and Authorization directory mapping in three ways:
Copyright © 2012 CA.
All rights reserved.
|
|