Installation and Upgrade Guides › Directory Configuration Guide › CA LDAP Server for z/OS › How to Upgrade a 6.x Policy Store › SiteMinder Features Not Supported by CA LDAP Server for z/OS

SiteMinder Features Not Supported by CA LDAP Server for z/OS

CA LDAP Server for z/OS does not support the following SiteMinder features:

Anonymous Binds

When configuring a CA Top Secret LDAP Server as a user store, you must provide values in the fields on the Administrator Credentials group box on the Create User Directory pane.

Characters Not Supported in User Names

The following characters are not supported in user names:

• space
• single quote
• opening parenthesis
• closing parenthesis
• comma
• backslash

Load Balancing and Failover

Load balancing and failover is not supported.

Password Services

Password Services is not supported.

User Groups and Policies

Adding a user group to a policy and attempting to authorize a user in that group fails.

CA LDAP Server r15 for z/OS (RACF) Backend Security Option

This section describes the settings that are required to configure the CA LDAP Server r15 for z/OS (RACF) as a user store with the Policy Server.

Configure Policy Server Registry Entries for RACF

The CA LDAP Server r15 for z/OS (RACF) contains a different set of objectclasses than other LDAP servers. Before configuring a user directory connection from the Policy Server to the CA LDAP Server, add the RACF objectclasses to certain Policy Server registry entries in the LDAP namespace. Substitute the replacement values for the default values of the following Policy Server registry entries:

registry_entry_home

Specifies the following registry entry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds.

default_value

Specifies the default value of the registry entry.

replacement_value

Specifies a new value containing the RACF objectclasses for the registry entry.

• registry_entry_home\ClassFilters

  class_filters_default_value:

  organization,organizationalUnit,groupOfNames,groupOfUniqueNames,group

  class_filters_replacement_value:

  class_filters_default_value,*

• registry_entry_home\GroupClassFilters

  group_class_filters_default_value:

  groupOfNames,groupOfUniqueNames,group

  group_class_filters_replacement_value:

  group_class_filters_default_value,*

• registry_entry_home\PolicyClassFilters

  policy_class_filters_default_value:

  organizationalPerson,inetOrgPerson,organization,organizationalUnit,groupOfNames,groupOfUniqueNames,group

  policy_class_filters_replacement_value:

  policy_class_filters_default_value,*

• registry_entry_home\PolicyResolution

  Add the following RACF objectclasses to this registry entry:

• registry_entry_home\Debug

  In UNIX, add the following RACF objectclass to this registry entry:

Note: The value of this registry key can be changed based on the response time of the CA LDAP Server r15 for z/OS (RACF).