Release NotesPolicy Server Release NotesDefects Fixed in SiteMinder ReleasesDefects Fixed for 6.0 SP4 › Policy Server Enhancement for Active Directory-based User Stores (44721)

Previous Topic: Option Pack Variables Display Correctly in Policy Server User Interface (44395)

Next Topic: Active Directory User Store Invalid Password Issue Fixed (44956)
Policy Server Enhancement for Active Directory-based User Stores (44721)

The Policy Server has been enhanced to improve its interaction with Active Directory-based user stores. When authenticating against an AD namespace, the Policy Server binds to Active Directory using SASL. If a user's common name (CN) is different from the user's Windows logon name, the user can still authenticate even if the EnableSaslBind registry setting exists on the Policy Server machine.

The EnableSaslBind setting is a DWORD registry key that you can set to 0 or 1:

HKLM\Software\Netegrity\SiteMinder\CurrentVersion\Ds\LDAPProvider\EnableSaslBind

This setting disables or enables the SASL protocol while authenticating users. For example, if EnableSaslBind does not exist and you configure this setting to 1, the bind occurs with SASL. If EnableSaslBind exists and you configure this setting to 0, the bind occurs with Simple Authentication mechanism.