Previous Topic: How to Configure the Directory Sever as a User StoreNext Topic: Configure SSL for a Policy Store

Installation and Upgrade GuidesDirectory Configuration GuideOpenLDAP ServerHow to Configure the Directory Sever as a User StoreConfigure a Connection from the Policy Server to an OpenLDAP User Store

Configure a Connection from the Policy Server to an OpenLDAP User Store

To configure a connection from the Policy Server to an OpenLDAP user store, create a new User Directory object.

To configure a connection from the Policy Server to an OpenLDAP user store

  1. Click Infrastructure, Directory.
  2. Click User Directory, Create User Directory.

    The Create User Directory pane opens.

    Note: You can specify user directory properties on this pane. For more information on the fields, settings, and options, click Help.

  3. Type the name and a description of the new User Directory object in the fields on the General group box.
  4. Verify that LDAP is selected from the Namespace list, and type the IP address and port number in the Server field on the Directory Setup group box.

    Note: When the Policy Server is operating in FIPs mode and the User Directory connection is a secure SSL connection, the certificates used by the Policy Server and the user store must be FIPs compliant.

  5. Select the Require Credentials check box, and type the full DN and password of the administrator in the fields on the Administrator Credentials group box.
  6. Type the root node and search parameters in the fields on the LDAP Search group box.
  7. Type a beginning text string and an ending text string in the fields on the LDAP User DN Lookup group box.

    Note: The beginning text string, username, and ending text string are combined to create a string that is used for searching the User Directory tree.

  8. (Optional) Complete the fields on the User Attributes group box.
    1. Type the Universal ID in the Universal ID field.

      Attribute type: string

    2. Type the flag that tracks disabled users in the Disabled Flag field.

      Attribute type: string

    3. Type the location of user passwords in the Password field.

      Attribute type: binary

    4. Type the location of user password history in the Password Data field.

      Attribute type: binary

      Note: This attribute is required by Password Services.

    5. Type the user's anonymous ID in the Anonymous ID field.

      Attribute type: string

    6. Leave the Email field blank.

      Note: The email feature is not implemented in the current version of SiteMinder.

    7. Type a response in the Challenge/Response field.

      Attribute type: string

      Note: This string is sent to the user after each challenge.

  9. (Optional) Click Create on the Attribute Mapping List group box.

    The Create Attribute Mapping pane opens.

    Note: For more information about user attribute mapping, see the Policy Server Configuration Guide.

  10. Click Submit.

    The Create User Directory task is submitted for processing.

More information:

How to Configure an LDAP User Directory Connection over SSL