Policy Server Guides › Policy Server Configuration Guide › LanMan User Directories

LanMan User Directories

This section contains the following topics:

LanMan Directory Connection Prerequisites

About LanMan User Directories

In a Windows environment, the Policy Server enumerates and manages the resources in a directory service through the Microsoft Active Directory Service Interface (ADSI) layer. This layer abstracts the capabilities of directory services from different network providers in a distributed computing environment. However, the current version of ADSI has its own limitations which can adversely affect the performance of the Policy Server.

With ADSI, every Windows directory request must always pass through the Primary Domain Controller (PDC) first. This compounds the network traffic that the PDC must handle. A custom solution to this dilemma is for the Policy Server to channel Windows directory requests to Backup Domain Controllers (BDCs) while bypassing the PDC. The Policy Server handles this sort of custom solution by using LanMan directory connections.

The LanMan user directory connection option allows you to specify a failover list of BDCs used for each user directory lookup in the Windows Registry. Using a LanMan directory connection, the Policy Server sends Windows directory requests to the first active BDC in the Registry list, rather than forcing requests to pass through the PDC.

LanMan Directory Connection Prerequisites

The following conditions must be met before the Policy Server can use a LanMan directory connection to access user data in a Windows directory:

The file SmDsLanman.dll must reside in the Policy Server installation directory. The default location is:
installation_directory\netegrity\siteminder\bin\
You must configure a connection to the LanMan directory.

More information:

Configure a LanMan Directory Connection

You can configure a LanMan user directory. The following process lists the steps for creating a user directory connection to the Policy Server.

Configure Registry Keys for a LanMan Directory Connection

The first procedure in configuring a LanMan directory connection is configuring the appropriate registry keys.

Follow these steps:

Select Run from the Windows Start menu.
The Run dialog opens.
Enter regedit, and click OK.
The Registry Editor opens.
Modify the following registry key:
- In HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\Siteminder\CurrentVersion\Ds, the NameSpaces key is set to the following string value:
  "LDAP:,ODBC:,OCI:,WinNT:,Custom:,AD:"
- Add the following string to the value data for the NameSpaces registry key: Lanman.
Create the following registry key:
\HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\Lanman_DC
Create a registry key of the NT Domain Name under the Lanman_DC key:
\HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\Lanman_DC\<NT_domain_name>

For example:

\HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\Lanman_DC\MyDomain
Create a registry value named NumUserDir of type DWORD under the newly created NT Domain key. For the value data, enter the actual number of separate sets of user directories (maximum 16) in this NT domain.
Create String registry values of UserDir0, UserDir1, …, UserDirN, in sequential order starting from 0, for each failover list of BDCs.
Enter comma delimited strings for each failover list. SmDsLanman will read the lists and will find the first active BDC in each failover list to look up NT users and groups.
Repeat steps 5 through 7 for other NT domains.
Restart the Policy Server services.
Note: For more information about starting and stopping the Policy Server, see the Policy Server Administration Guide.