Previous Topic: Deleting Multiple Roles (72207)Next Topic: Creating a SiteMinder Administrator in CriticalPath IDS 4.2.5 Fails (84995)

Release NotesPolicy Server Release NotesKnown IssuesUnsupported FeaturesEnterprise Policy Management (EPM) Limitations

Enterprise Policy Management (EPM) Limitations

An EPM application has the following limitations:

  1. Each application can have multiple resources associated with it. However, each resource can have only one response associated with it.
  2. Responses and response groups, once associated with an application, cannot be removed from that application.
Password Change Behavior with Active Directory (AD) User Stores (82607)

Setting the password change flag for a particular user in an Active Directory (AD) user store invalidates the user’s old password. When the password change flag is set, entering any password on the login dialog redirects the user to the password change dialog. To create the new password, however, the user must match the old password in the field on the password change dialog.

This behavior results from password policies that are part of the AD user store and not from SiteMinder password policies and cannot be changed. Because the policies are integral to the AD user store, changing the namespace from AD to LDAP has no effect on this behavior.

Policy Analysis Reports Return No Results (82275)

Valid for Active Directory user directory connections configured over the LDAP namespace.

Symptom:

My Policy analysis reports are not returning user records.

Solution:

Use the Administrative UI to define an alias mapping between the inetOrgPerson attribute and the respective attribute in Active Directory.

Example: If the respective attribute is “user”, create an alias attribute mapping named inetOrgPerson and define the alias as “user”.

Note: For more information on attribute mapping, see User Attribute Mapping in the Policy Server Configuration Guide.