Policy Server GuidesPolicy Design GuidePoliciesConfigure a Policy › Enhance Policy Server’s LDAP Authorization Performance

Previous Topic: Add Users by Manual Entry

Next Topic: Add LDAP Expressions to Policies
Enhance Policy Server’s LDAP Authorization Performance

You can enhance the Policy Server’s authorization performance for users stored in LDAP user directories by limiting the role-based authorization to a specific user record and not the user’s role by doing the following.

Note: When you create or modify a Policy Server object in the Policy Server User Interface, use ASCII characters. Object creation or modification with non-ASCII characters is not supported.

To enhance the policy server’s performance

  1. On the Domains tab of the Policy Server User Interface, select the properties of a policy.
  2. In the SiteMinder Policy Dialog, click the Users tab.
  3. Click the Add/Remove button.
  4. In the Entry field of the Users/Groups dialog, enter the attribute/value pair required for authorization.
  5. Set the Action field to Validate DN.
  6. Click Add Current Members. The search filter now appears in the Available Members list as a user attribute.

After making this change, the Policy Server’s LDAP search is done within the context of the current user and not in the LDAP server’s base DN. This optimization decreases the load on the LDAP server and Policy Server, which allows quicker authorization responses.