Policy Server Guides › Policy Design Guide › User Directories › Configure User Directory Connections › Connect the Policy Server to an Active Directory Global Catalog
Connect the Policy Server to an Active Directory Global Catalog
The Policy Server’s user store supports the Global Catalog Support feature in Active Directory. However, since Global Catalog does not support writes to Active Directory, SiteMinder features that require writing to AD, such as Password Services, are not supported.
Note: When you create or modify a Policy Server object in the Policy Server User Interface, use ASCII characters. Object creation or modification with non-ASCII characters is not supported.
To connect the Policy Server to an Active Directory Global Catalog user store
- In the Policy Server User Interface, select Edit, System Configuration, Create User Directory from the menu bar.
- In the Directory Setup tab of the SiteMinder User Directory dialog, do the following:
- In the Name field, enter the name of the user directory. This example uses adgc_user_dir.
- Make sure LDAP is selected from the Namespace drop-down menu.
- In the Server field, enter the IP Address and port number of the Active Directory Global Catalog. This example uses 172.25.135.180:3269.
- In the Root field, enter the search base that covers all the domains in the global catalog. This example uses dc=com.
- In the Start field, enter the starting LDAP user DN search criteria. This example uses (&(cn=. Do not enter the period.
- In the End field, enter the ending LDAP user DN search criteria. This example uses )(objectclass=*)). Do not enter the period.
- Click the Credentials and Connections tab.
- In the Credentials and Connections tab, do the following:
- Check Require Credentials.
- In the Username field, enter the full DN of the Active Directory Global Catalog administrator. This example uses cn=user1,cn=users,dc=universal,dc=com.
- Enter and reconfirm the password.
- Check Secure Connection if you are using an SSL connection and go to the next section.
