|
|
|
A single user can be stored in more than one user directory or database associated with a policy domain. This user has the same password in each user store. During authentication, if the Policy Server finds that the user is disabled in one user store, then by default, it continues searching for the user in all stores associated with the policy domain. The user fails authentication only if the Policy Server finds the user disabled in all associated user stores. The user is authenticated if it is enabled in any associated user store.
This default Policy Server behavior is configurable. To configure the Policy Server to stop searching when it first finds the user disabled in a user store, add the following registry key and set its value to one: ReturnOnDisabledUser.
To limit Policy Server search to one user store during authentication
Windows
Add the registry key ReturnOnDisabledUser to the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion \PolicyServer
Solaris
Add the following lines to the sm.registry file:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion \PolicyServer ReturnOnDisabledUser=0x1; REG_DWORD
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |