|
|
|
Some SiteMinder features require read or read/write access to directory attributes. This information must be stored in a user directory to which SiteMinder has access. As you configure user directory connections, you must provide the names of certain user profile attributes in the directories. You enter these attributes in the User Attributes tab of the User Directory Dialog.
The attributes you specify must have specific data types. Password Attribute and Password Data require binary attributes, and all others require string attributes.
The following figure lists the user directory profile attributes you must supply for certain SiteMinder features, specifies the types of user directories for which the attributes apply, and describes the SiteMinder features that require the attributes.
Note: The letter(s) in parentheses after the field name indicate whether the specified attribute requires read access (R) or read/write (RW) access.
|
SiteMinder Attribute Field |
Directory Types |
Description |
|---|---|---|
|
Universal ID (R) |
LDAP Database WinNT |
Specifies the attribute that SiteMinder uses as the universal ID. The universal ID is a user identifier that can be passed to applications protected by SiteMinder to maintain a user’s identity. This feature is used as a bridge between SiteMinder and legacy applications, which often use other attributes, to identify a user. The universal ID is also used in configuring Directory mapping. |
|
Disabled Flag (RW) |
LDAP Database |
Specifies the attribute that SiteMinder uses to keep track of a user’s account status. (See the Policy Server Management Guide.) |
|
Password Attribute (RW) |
LDAP Database |
Specifies the attribute that contains the user’s password. The attribute that you specify must correspond to the attribute in the directory that stores users’ passwords. |
|
Password Data (RW) |
LDAP Database |
Specifies the attribute that SiteMinder uses to track password policy information. |
|
Anonymous ID (RW) |
LDAP Database |
Specifies the attribute that maintains the anonymous ID. For SiteMinder sites that allow anonymous login, users may access resources by authenticating with an anonymous authentication scheme. When a user logs in using the anonymous scheme, SiteMinder stores the specified DN in the attribute specified in the Anonymous ID field. |
|
Email (R) |
LDAP Database |
This attribute is not currently used by a SiteMinder feature. |
|
Challenge/Response (RW) |
LDAP
|
Specifies the attribute that contains a question and answer pair, which is used by the Forgotten Password feature in Password Services. If a user forgets her password, SiteMinder uses the attribute specified in this field to determine the password hint that should be returned to the user. |
Note: When configuring a user directory connection, you have the option to enter credentials that the Policy Server uses to access a directory. Make sure the credentials you enter have the same read/write access described in the previous table, otherwise the Policy Server will not be able to use the associated features.
For considerations when specifying user attributes according to the type of user store, see one of the following:
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |