Policy Server Guides › Policy Design Guide › User Directory and Search Dialog Reference › User Directory Dialog › User Directory Dialog—AD Namespace › User Directory Dialog—AD Namespace—Directory Setup Tab › LDAP Search Group Box

LDAP Search Group Box

Root field

Active Directory root that the Policy Server uses as the starting point for the directory connection.

For Active Directory, the Root will typically have the following format:

dc=<server>,dc=<domain>,dc=<extension>

For example, dc=server,dc=myorg,dc=org

Scope drop down list

Specifies how far down the directory tree the Policy Server searches for users:

One Level

Indicates one level below the root

Subtree

Specifies all levels below the root

Max Time field

Time in seconds after which the Policy Server will stop searching the user directory for results.

After the specified amount of time, the Policy Server stops searching the directory and returns matching records or an error.

Default: 30

Note: The timeout can also be configured through the user interface of your Active Directory. If the timeout periods are different, the shorter timeout takes precedence. A zero (0) value is not supported. A zero value can lead to threads hanging indefinitely in the Policy Sever. Consider your system response time when setting a maximum value.

Max Results field

Maximum number of records that can be returned for a single search of the LDAP user directory.

The default value for this field is 0, which indicates there is no maximum limit on the number of records that can be returned for a single search of the LDAP user directory.