You can enhance the Policy Server’s authorization performance for users stored in LDAP user directories by limiting the role-based authorization to a specific user record rather than the user’s role, as follows:
To enhance the policy server’s performance
The User Directories pane opens and contains the group boxes that correspond to the user directories associated with the policy domain.
The Users/Groups pane opens and lists the users and groups in the selected user directory.
Specifies a user attribute name and value pair.
Specifies a SiteMinder expression.
A list of directories appears.
The Users/Groups pane closes and the User Directories pane appears. The directory you selected appears in the group box.
The User Directory Search Expression Editor appears.
The User Directory Search Expression Editor closes. The Policy Server’s LDAP search is done within the context of the current user and not in the LDAP server’s base DN. This optimization decreases the load on the LDAP server and Policy Server, which allows quicker authorization responses.
Copyright © 2012 CA.
All rights reserved.
|
|