Configure Authentication and Validation Directory Mapping

Policy Server Guides › Policy Design Guide › Directory Mapping › Configure Authentication and Validation Directory Mapping

Configure Authentication and Validation Directory Mapping

Before you can configure an AuthValidate directory mapping, you must configure connections from the Policy Server to the authentication and validation user directories in the Policy Server User Interface. When you configure the AuthValidate directory mapping, you must satisfy the following conditions:

The authentication and validation user directories must each be associated with a different policy store. When the two user directories are associated with the same policy store, AuthValidate mapping fails.
The authentication and validation user directories must have different names. When they have the same name, AuthValidate mapping fails.
The policy store associated with the validation user directory must not contain any user directory with the same name as the authentication user directory. If the authentication user directory's name is the same as any user directory in the policy store associated with the validation user directory, AuthValidate mapping fails.

In the following table, you can see the supported directory mapping types and methods:


	Validation Directory
Authentication Directory	LDAP	Relational Database	WinNT
LDAP	Identical DN Universal ID	Universal ID	N/A
AD	Identical DN Universal ID	Universal ID	N/A
Relational Database	Universal ID	Identical DN Universal ID	N/A
WinNT	Universal ID	Universal ID	Identical DN

To configure a directory mapping

From the menu bar of the SiteMinder Administration window, select Advanced, AuthValidate Dir Mapping.
The AuthValidate Directory Mappings dialog opens.
Click Add.
The Add AuthValidate Directory Mapping dialog opens.
Enter the directory against which users are authenticated in the Authentication Directory field.
Select the directory against which users are validated from the Validation Directory drop-down list.
In the Mapped DNs group box, select one of the following option buttons:

Identical DN

Maps the user's distinguished name (DN) exactly from the authentication directory to the validation directory. For example, if a user is located in an LDAP authentication directory and has a DN of uid=jsmith, ou=people, o=security.com, the exact string is used to locate the user in the validation directory. Therefore, the authorization directory must contain the DN: uid=jsmith, ou=people, o=security.com.

Universal ID

Matches the value of the Universal ID attribute from the authentication directory with the value of the Universal ID field from the validation directory to identify the user.
Click OK.
The Policy Server saves your changes and closes the Add AuthValidate Directory Mapping dialog. The new directory mapping appears in the AuthValidate Directory Mappings dialog.
Click OK
The AuthValidate Directory Mappings dialog closes and your mapping is saved.

Email CA Technologies about this topic