Policy Server GuidesPolicy Design GuidePoliciesConfigure a Policy › Add LDAP Expressions to Policies

Previous Topic: Enhance Policy Server’s LDAP Authorization Performance

Next Topic: Add Roles to a Policy
Add LDAP Expressions to Policies

If you create a policy in a policy domain that contains connections to an LDAP user directory, you can use the Policy Server User Interface’s Expression Editor to bind an LDAP search expression to a policy. Search expressions can bind users to a policy based on attributes that appear in user, group, and organization profiles.

To add an LDAP expression using the Expression Editor

  1. Open the Policy Dialog.
  2. From the Users tab on the Policy Dialog, select the tab associated with the LDAP directory and click the Add/Remove button.

    The Policy Users/Groups Dialog opens.

  3. In the Policy Users/Groups Dialog, click the Create New Expression button.

    The Expression Editor dialog opens.

  4. Build an LDAP expression that binds a particular user, group, or organization attribute to your policy.
  5. Click OK to save your expression and close the Expression Editor.

    Your expression appears in the Current Members list of the SiteMinder Policy Users/Groups dialog. The expression also appears in the Manual Entry field.

    You can use the expression in the manual entry field as a template for creating an additional LDAP expression.

    The following sections describe other features available in the Expression Editor dialog that allow you to create extensive LDAP expression that can be added to your policies.

More information:

Policy Dialog

Expression Editor